& cplSiteName &

Guarded Optimism Over AI for Automation of Telco Security

Danny Dicks
Heavy Lifting Analyst Notes
Danny Dicks

Artificial intelligence (AI) techniques such as neural networks and machine learning have been used for many years to improve the detection of malicious code and other threats within telecom traffic. The ability of such approaches to establish what normal patterns of traffic look like -- so as to flag abnormalities that might indicate an attack, or to characterize the behavior of systems after they have become infected with malware, so that it is possible to diagnose similar problems in other systems -- is undoubtedly a useful weapon in the fight against hackers and other malicious actors.

And AI has the potential to go further in support of telecom security. For instance, flagging that a denial of service or distributed denial of service (DoS/DDoS) attack has begun is one thing; automatically taking appropriate remediation actions based on the AI system's reasoning of what "appropriate" means is something different.

Vendors of DDoS prevention and mitigation solutions aren’t all sure that removing the human security analyst from this chain of events is a good thing: The consequences of a "false positive" identification of an attack, resulting in incorrect blocking or diverting traffic from certain sources, or of a certain type, can have serious consequences for a telco -- not least in terms of revenue. AI systems that can immediately present a human security analyst with the right type of data on which to base a decision, and perhaps a recommendation for three actions that could be taken, based on a machine learning model, seem a useful approach.

But other security management activities could be even more automated with the help of AI. To understand why in some cases the speed and accuracy of AI is appropriate, it is helpful to think about the threat and vulnerability context in which telcos find themselves at any given time.

Source: Heavy Reading
Source: Heavy Reading

The telecom industry has evolved from one where technologies and networks were largely proprietary and partners were trusted, to one that is much more open. This increases both the vulnerability of telco systems and exposes them to more threats. By putting in place new security-hardened networks, and deploying security products and functions, operators can reduce their vulnerability, but their control over threats is more limited.

The ability of AI to carry out complex analysis on high volumes of data very quickly, and to come to decisions about what is a threat, is something that is continually developing as traffic and the nature of threats change. One recent hot area of activity is in baselining of the behavior of devices connected to the Internet of Things (IoT). Here many established vendors and AI startups are developing solutions that will help operators to manage IoT devices and services more securely, making use of automatic profiling of those devices. More widely, application-level anomaly detection using local models of behavior on devices themselves, periodically updated from a central, cloud-based AI system, will help more rapid action in response to threats.

Heavy Reading’s Telecom Security Market Tracker, published in PowerPoint format, analyzes and forecasts the global market for cybersecurity solutions sold to communications service providers (CSPs). It maps available security solutions onto CSP domains, and profiles leading vendors of security solutions sold to CSPs -- both to protect their own networks and to enable them to provide managed security services to their customers.

— Danny Dicks, Contributing Analyst, Heavy Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
More Blogs from Heavy Lifting Analyst Notes
The BT executive shares his views on NFV, automation, in-house development, what he wants from his team and more.
Zen Internet, an alternative ISP in the UK, has ambitious growth plans and is looking to a refresh of its back office software, including the introduction of SDN capabilities, to help achieve its goals.
Almost 70% of service providers in this month's Thought Leadership Council (TLC) survey say they either already have or will move compute and application execution to the edge by 2020.
For CenturyLink, transformation is about enhancing its business in terms of effectiveness, cost efficiency and customer experience. So how is it trying to achieve that?
Open source MANO (management and orchestration) developments are providing network operators with something of a conundrum.
Featured Video
Flash Poll
Upcoming Live Events
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 6, 2018, London, United Kingdom
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
March 12-14, 2019, Denver, Colorado
April 2, 2019, New York, New York
May 6-8, 2019, Denver, Colorado
All Upcoming Live Events
Partner Perspectives - content from our sponsors
One Size Doesn't Fit All – Another Look at Automation for 5G
By Stawan Kadepurkar, Business Head & EVP, Hi-Tech, L&T Technology Services
Prepare Now for the 5G Monetization Opportunity
By Yathish Nagavalli, Chief Enterprise Architect, Huawei Software
Huawei Mobile Money: Improving Lives and Accelerating Economic Growth
By Ian Martin Ravenscroft, Vice President of BSS Solutions, Huawei
Dealer Agent Cloud – Empower Your Dealer & Agent to Excel
By Natalie Dorothy Scopelitis, Director of Digital Transformation, Huawei Software
All Partner Perspectives