One of the advantages of virtualizing networks is that scaling applications becomes easier, and for AT&T part of the impetus to virtualize sooner rather than later was the desire to be able to rapidly scale security, specifically, in the face of increasing network usage. (See AT&T Unveils Powerful New Security Platform.)
That need will remain acute, with the growth in traffic from increasingly popular mobile services, cloud services and the Internet of Things (IoT), and with the number and severity of cyber threats increasing apace, Jason Porter, AT&T vice president of security, tells Light Reading in an interview. Six months ago, AT&T was carrying 117 petabytes of traffic a day; now it's running 130 PB.
Now the response to cyber attacks needs to be refined and accelerated to machine speed from human speed, and it is, Porter explains.
The company is relying on big data techniques to help identify activity on the network that fits profiles of previous attacks. Once identified, the security platform that AT&T built is becoming increasingly more able to automatically respond with policy changes designed to thwart illicit activity.
Oddly, the challenge that virtualization poses for security led to some security benefits. Once you virtualize, the network perimeter becomes porous, and once adversaries are inside the gates, they can pillage the entire town, Porter says. But when you containerize applications -- make them standalone functional blocks -- they can be protected.
"We can build unique security defenses around a neighborhood, a street, a house -- more specifically, an application," Porter says, offering an example. "Say you have an application within your perimeter that doesn't need HTTP to be open. You know HTTP has to be open at the perimeter, but I can build a new defense, another layer of defense, where I am shutting down HTTP" -- shutting it down for those containerized applications that don't need HTTP.
"That was one of the early advantages we saw with this model. But there are more advantages -- time became an advantage," Porter continues. "Now instead of the adversary being able to get into the assets and crawl across them to find assets, now they're presented with new security controls within the perimeter, and now they have to do more probing and testing. That's a frustration for them, and a deterrent, but now that also gives us more time for our security platform to identify that the adversary is in our environment and is starting to probe our security infrastructure and give us time to get them out."
Another advantage is that virtualized security backed by big data analysis improves efficiency. Once AT&T's security platform identified a threat signature (whether in its own network or in a data center -- its own or a customer's), "we can push a policy without going to an analyst," he says.
When the system can respond to the identifiable attacks, that frees AT&T's human cyber threat analysts to detect novel threats and devise appropriate countermeasures.
Cyber attacks keep escalating in frequency and severity. Porter says AT&T has developed models to project what the increases might be so that it can spin up enough security in advance, and of course it keeps monitoring existing activity. For example, he says AT&T has detected a 3,000% increase in IoT vulnerability scans. That's in the context of an attacker that harnessed unprotected IoT devices (mostly cameras) to unleash a devastating distributed denial of service (DDoS) attack on Dyn late last year that famously took down several corners of the Internet.
Porter says he expects the scale of the threat to just keep increasing. Not just the number of attacks, he said, but with the number of things that have to be protected.
To hear more of Porter's views on cyber security, check out his recent Upskill U session on "IoT: Tackling the Security Challenge." That session can be reviewed here.
(Curtis Franklin contributed to this article. Franklin recently joined Light Reading to cover security issues.)
— Brian Santo, Senior Editor, Components, T&M, Light Reading