Sign In Register
2G/3G/4G
5G & Beyond
6G
AI/Automation
Broadband
Fixed Wireless Access FTTX Wi-Fi
Cable Tech
10G DOCSIS CCAP Cable Business Services The Bauminator
Climate Change
Digital Divide
Digital Infrastructure
Any Haul/X-Haul DCI
IoT
Open RAN
Optical/IP
Routing/Switching
OSS/BSS/CX
Private Networks
Regulatory/Politics
Satellite
SD-WAN
Security
Semiconductors/Network platforms
Service Provider Cloud
Services
Test & Measurement
The Core
The Edge
Video/Media
Regions
Asia Africa Europe India Middle East
Industry Show News
MWC Insider Guide Big 5G Event
Events
5G Orchestration & Service Assurance Digital SymposiumCable Next-Gen Europe Digital SymposiumOpenRAN North America
Events Archives
Digital Event Archives Big 5G Event The Programmable Telco Digital Symposium APAC Digital Symposium
Microsites
White Papers
Leaders In:
Leaders In Edge Leaders In Pluggable Optics Leaders In Cloud Leaders In 5G Orchestration
Heavy Reading Analysts
Market Leader Programs
5G Transport - A 2023 Heavy Reading Survey 2023 Open RAN Operator Survey Coherent Optics at 100G, 400G, and Beyond Open RAN Platforms and Architectures Operator Survey Cloud Native 5G Core Operator Survey Bridging the Digital Divide 5G Network Slicing Operator Survey Open, Automated & Programmable Transport The Journey to Cloud Native
Webinars
Upcoming Webinars Archived Webinars 5G Webinars Live Learning Webinars
Light Reading Video
Telecom Innovators Showcase
Light Reading Audio
Light Reading Podcast Executive Spotlight Q&A
Communities
The 5G Exchange LR Asia Broadband World News Connecting Africa Telecoms.com Women In Comms
News & Views Events Leading Lights Awards About Us Advertise With Us Newsletter Signup
x
Newsletter Signup Sign In Register
Security Strategies

Broad Threats Require Network-Based Security

News Analysis

As last week's news clearly shows, there are constantly new threats to the telecom network and the technology on which it's built. The most serious of those seems to be the compromise of Juniper Networks' ScreenOS, but even as that was happening, there was also a massive cyberattack on a core part of the Internet infrastructure, its domain name servers (DNS).

In both cases, the vendor community reported the problem. Juniper Networks Inc. (NYSE: JNPR) alerted its customers and provided a patch, which it urgently requested its customers apply. Because ScreenOS is used to deliver secure VPNs, that particular hack is being investigated by multiple federal agencies and is suspected to be the work of a foreign government. (See FBI Investigating Juniper VPN Hack.)

The DNS attack's existence was made public by Nominum Inc. , which specializes in protection of Domain Name Servers. The vendor reported a 500% increase in the number of what are called random subdomain DNS attack queries, essentially designed to overwhelm critical servers by making them work harder, says Bruce VanNice, product manager. In making the attack public, the company also was able to highlight the fact that its ISP customers weren't being impacted because Nominum has automated the process of identifying the problem and shutting down the bad traffic without also blocking the legitimate traffic headed for the same servers.

The DNS attack could be the work of almost anyone and could be intended to disrupt Internet commerce at a peak moment, VanNice noted.

Network as protector
Both of these attacks only underscore what telecom service providers already know -- they are facing a growing and increasingly sophisticated set of threats from global players with varying motives that drive their remarkable innovation. That reality is driving an approach to security that is more comprehensive -- or as AT&T Inc. (NYSE: T)'s Chief Security Officer Ed Amoroso said last month, it's really all about architecture. (See Accedian Lands Global Deal at Telefónica .)

In his keynote at Light Reading's Carrier Network Security Strategies event, Amoroso said the fundamental architecture of network security has to change if network operators will be able to address the reality of today's threats. He also acknowledged the fact that "architecture" isn't sexy enough to attract venture capitalists and thus isn't on the road map of many security vendors. (See AT&T's Amoroso: Build Botnets of Security and AT&T's Amoroso: Taking Security to the Cloud.)

As Heavy Reading Chief Analyst Patrick Donegan notes, Amoroso's focus on architecture fits in nicely with his other emphasis on virtualization and distribution of the security features, so they are not all huddled behind a point-based solution or allegedly secured perimeter. Instead security is distributed along with content or other features that need to be secured. (See In Defense of the Security Team.)

What has emerged within telecom is a network-based approach that builds on analytics and other tools, including automation, as well as virtualization, to deliver the kind of security service enterprises are seeking, that is protection for threats before they hit the enterprise and the ability to anticipate problems, as well as react to them.

"We are seeing this pop up in some places, like Japan, where network operators are asking, 'How can I operate a safer network in general?'" says Sam Curry, chief technology and security officer of Arbor Networks "They are changing the notion of what telcos do for the wider community, in the sense of how to provide a safer network in general."

As a result, he says, network operators are looking for greater insight into their own network traffic, so they can become the primary point at which traffic is collected for examination and threat insights are detailed.

In some cases, they are using automated tools such as Nominum's, which responds to the DNS attacks by identifying the bad traffic and protecting the good traffic to mitigate the impact of the massive spikes, says VanNice.

But they are also going beyond individual tools. Verizon Communications Inc. (NYSE: VZ) has noted its growing customer expectations and one of its responses is to be more aggressive in going after the bad guys, says Dave Ostertag, chief investigations manager. "They are telling us very clearly that we expect you to do more outside our perimeter to protect us," he says. "We are having to invest heavily, we are having to expand those groups within Verizon that look to identify the criminal infrastructure, and we have people hunting for the bad guys -- working with federal law enforcement in a lot of different countries under the appropriate court orders to be able to go after that infrastructure and even be able to follow the net flow, the metadata on the net flow, to identify the different points."

Next page: Virtualization's Role

1 of 2
Next Page

EDUCATIONAL RESOURCES
sponsor supplied content
The Challenge Of Securing And Managing Today’s Complex Network Environments
Fortinet Security Fabric and the Threat Landscape
Scale and Segment the Cloud
IoT Security & Indicators of Compromise (IOC): An Evolving Approach to Network-Based Security
Service Chaining Interoperability Evaluation - Live NFV Interoperability Demo Whitepaper
Educational Resources Archive
FEATURED VIDEO
UPCOMING LIVE EVENTS
5G Orchestration & Service Assurance Digital Symposium
June 6-8, 2023, Digital Symposium
Cable Next-Gen Europe Digital Symposium
June 21, 2023, Digital Symposium
OpenRAN North America
December 6-7, 2023, New York City
All Upcoming Live Events
UPCOMING WEBINARS
June 6, 2023 5G Orchestration & Service Assurance Digital Symposium - Day 1
June 8, 2023 5G Orchestration & Service Assurance Digital Symposium - Day 2
June 13, 2023 Enhance Subscriber Growth with a Modern Approach to Network Planning
June 14, 2023 How do We Capture the 6G Experience?
June 14, 2023 The Power of Wholesale Order Automation: How New Advancements in Intercarrier Commerce Can Transform Your Business.
June 15, 2023 SCTE® LiveLearning for Professionals Webinar™ Series: Cranking Up the Upstream
June 20, 2023 5G standalone for breakout growth and efficiency
June 20, 2023 Optimizing Network Experience: Best Practices in IP Network Security
June 21, 2023 Cable Next-Gen Europe Digital Symposium
June 22, 2023 Next-Gen PON Digital Symposium
Webinar Archive
PARTNER PERSPECTIVES - content from our sponsors
Victor Zhou from Huawei: T.U.R.B.O All-Optical Target Network Helps Operators Achieve New Business Growth in the Cloud Era By Huawei
China Mobile Completes China's First 5GC Resource-Pool Switchover with Huawei's Core Network O&M Solution By Huawei
ZTE reaffirms its commitment to ITU's Partner2Connect Digital Coalition By ZTE
Is The Traditional PayTV Provider Being Squeezed Out? By Terry Doyle for Enghouse Networks
5G New Calling Opens Vast Service Opportunities for Carriers By Huawei
All Partner Perspectives
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE