& cplSiteName &

Guarded Optimism Over AI for Automation of Telco Security

Danny Dicks
Heavy Lifting Analyst Notes
Danny Dicks
1/3/2018
50%
50%

Artificial intelligence (AI) techniques such as neural networks and machine learning have been used for many years to improve the detection of malicious code and other threats within telecom traffic. The ability of such approaches to establish what normal patterns of traffic look like -- so as to flag abnormalities that might indicate an attack, or to characterize the behavior of systems after they have become infected with malware, so that it is possible to diagnose similar problems in other systems -- is undoubtedly a useful weapon in the fight against hackers and other malicious actors.

And AI has the potential to go further in support of telecom security. For instance, flagging that a denial of service or distributed denial of service (DoS/DDoS) attack has begun is one thing; automatically taking appropriate remediation actions based on the AI system's reasoning of what "appropriate" means is something different.

Vendors of DDoS prevention and mitigation solutions aren’t all sure that removing the human security analyst from this chain of events is a good thing: The consequences of a "false positive" identification of an attack, resulting in incorrect blocking or diverting traffic from certain sources, or of a certain type, can have serious consequences for a telco -- not least in terms of revenue. AI systems that can immediately present a human security analyst with the right type of data on which to base a decision, and perhaps a recommendation for three actions that could be taken, based on a machine learning model, seem a useful approach.

But other security management activities could be even more automated with the help of AI. To understand why in some cases the speed and accuracy of AI is appropriate, it is helpful to think about the threat and vulnerability context in which telcos find themselves at any given time.

Source: Heavy Reading
Source: Heavy Reading

The telecom industry has evolved from one where technologies and networks were largely proprietary and partners were trusted, to one that is much more open. This increases both the vulnerability of telco systems and exposes them to more threats. By putting in place new security-hardened networks, and deploying security products and functions, operators can reduce their vulnerability, but their control over threats is more limited.

The ability of AI to carry out complex analysis on high volumes of data very quickly, and to come to decisions about what is a threat, is something that is continually developing as traffic and the nature of threats change. One recent hot area of activity is in baselining of the behavior of devices connected to the Internet of Things (IoT). Here many established vendors and AI startups are developing solutions that will help operators to manage IoT devices and services more securely, making use of automatic profiling of those devices. More widely, application-level anomaly detection using local models of behavior on devices themselves, periodically updated from a central, cloud-based AI system, will help more rapid action in response to threats.

Heavy Reading’s Telecom Security Market Tracker, published in PowerPoint format, analyzes and forecasts the global market for cybersecurity solutions sold to communications service providers (CSPs). It maps available security solutions onto CSP domains, and profiles leading vendors of security solutions sold to CSPs -- both to protect their own networks and to enable them to provide managed security services to their customers.

— Danny Dicks, Contributing Analyst, Heavy Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
More Blogs from Heavy Lifting Analyst Notes
Heavy Reading recently managed a request for information (RFI) process for a network operator – here's what happened...
The term 'telco cloud' is used often, but it can mean different things to different people.
In a half-day conference at IBC in Amsterdam next week, Intel and partners will show off the visual cloud and demonstrate how it can deliver rich, immersive, interactive video experiences and graphics-based workloads.
Edge computing brings high-performance storage, compute and network resources closer to users and devices than ever before.
Enterprises and other organizations want to operate private mobile networks, but what are their options for getting the needed spectrum?
Featured Video
Upcoming Live Events
September 17-19, 2019, Dallas, Texas
October 1-2, 2019, New Orleans, Louisiana
October 10, 2019, New York, New York
October 22, 2019, Los Angeles, CA
November 5, 2019, London, England
November 7, 2019, London, UK
November 14, 2019, Maritim Hotel, Berlin
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events