jepbjr 12/5/2012 | 5:07:12 PM
re: Verizon: Hackers Still Using Old Tricks

Managed security services are a great idea for carrier service offerings, but the carrier networks themselves are generally shockingly unprotected.  Default passwords left open on network nodes, no centralized logging of NE command interaction, and no centralized administration of user privileges, password aging, or contractor access are not the exception -- they're the rule. 

DCITDave 12/5/2012 | 5:07:07 PM
re: Verizon: Hackers Still Using Old Tricks

The survey results raise a question: If hacker moves haven't changed in five years, why invest in more sophisticated security/protection systems?

paolo.franzoi 12/5/2012 | 5:06:57 PM
re: Verizon: Hackers Still Using Old Tricks


So, the reason that the hackers are not morphing?  Their current attacks work great!

What we are seeing in the Spam business anyway is steady state on the spam but a huge rise in Phishing and Malware campaigns.  These are the much more sophisticated attacks.  I am surprised that Verizon did not note the rise in drive by malware attacks (attacks that can happen even if you don't click the link).

The issue with the more sophisticated security systems is really time to response.  Does your vendor have a way of stopping a specific attack soon after it starts?

As to the managed security business (since I am in it), the best way to look at it is IT outsourcing.  Instead of having your IT folks have to have deep knowledge in all kinds of equipment are there vendors out there willing to manage equipment so that your IT folks don't have to.




DCITDave 12/5/2012 | 5:06:57 PM
re: Verizon: Hackers Still Using Old Tricks

Do you think the expertise in IT security outsourcing should break down around network expertise or equipment expertise?

If a business were choosing between Verizon and, say, a security management specialist, what would be the biggest argument for the specialist?

paolo.franzoi 12/5/2012 | 5:06:56 PM
re: Verizon: Hackers Still Using Old Tricks


Well, I can't imagine Verizon being an expert more than an IT department.  We recommend us as the experts on our product. :)

The "cloud" model with security is often what is being discussed in this area.  Carriers sometimes resell 3rd party services (well that is what our carrier customers often do).  They can offer them directly as well.

It's funny the network expertise I see is really minimal.  The network stuff from our standpoint is guys who know a lot about routers and firewalls.  Customers often know very little about them and have difficulty dealing with them.  The classic network expertise means very little.  Its an Internet connection or its an Internet connection or its an Internet connection.  The things carriers care about in building networks are basically of little to no value to guys who just want an Ethernet Jack with an Internet Pipe attached to it. 

What I have not seen is a carrier wanting to take over and manage my internal network with its VPNs (and yes there are multiple of them).  Now THAT would be a service people would pay for.  Bring the network to the desktop and toss out basically the network staff in the IT department.



desiEngineer 12/5/2012 | 5:06:56 PM
re: Verizon: Hackers Still Using Old Tricks


I don't think providers have that quality of staff.  I think that security is inherently a much harder problem than network connectivity.  Network connectivity can be taught from a book for dummies, a trade school, etc.

Network security should only be managed by a paranoiac.  If service providers want to sell managed network security, they need to hire people like that.

And there aren't enough paranoid networkers to go around, so managed network security could really take off, provided SPs think along those lines.


paolo.franzoi 12/5/2012 | 5:06:54 PM
re: Verizon: Hackers Still Using Old Tricks


I am not trying to say what SPs staff can and can't do.  I know we have SPs that resell our security services to customers.  So, they can at least do that.  As to outsourcing the Geek Squad stuff, at least that makes some sense to bring across the networking expertise.



Sign In