Nokia seeks to solve telcos' network security issues
Telecommunication networks attractive targets for cybercriminals, state threat actors
America’s T-Mobile reported a few months ago that it was the victim of cybercrime, with personal data of up to two million customers exposed.
T-Mobile was just the latest example of telecommunication service providers being targeted by cybercriminals all over the world. TalkTalk in the UK, Swisscom in Switzerland and True Corp in Thailand have all admitted to hacking this year alone.
And those are just the ones we know of.
Telcos are attractive targets for cyber threats because they possess valuable personally identifiable information (PII). They also appeal to politically motivated attackers and nation-state hacking, observed Moiz Baig, head of security solutions, Nokia MEA. They are also increasingly being used as entry points for malicious actors to launch secondary attacks, he added.
“The most attractive telcos’ targets include user equipment, access networks, high-value data as well as mobile core and IP networks. Advance persistent threat (APT) is another growing attack methodology, which is focused on either data exfiltration or impacting the network service,” Moiz explained.
“With the onset of 5G and with the uptake of technologies such as virtualisation and cloud, telcos have to revisit securing all aspects of services being offered to customers -- not just limited to traditional users but endpoints including machines and devices,” Moiz added.
The recent increase in sophisticated, targeted security threats such as advanced persistent threats (APTs) and ransomware by both insiders and external attackers has raised the awareness and urged communication service providers for comprehensive security strategies and framework.
To combat such advance threats, network security framework should be able to help security operation teams to streamline and accelerate business processes, reduce costs, and proactively prevent, pinpoint, and address security threats before they result in breaches.
To stay ahead of these threats, the right balance between proactive and reactive security best practices are required, warned Moiz.
Network security is very much a collaborative effort. Various stakeholders, including service providers, equipment manufacturers, suppliers and third-party service providers need to work together to ensure holistic network security, said Moiz. “All relevant stakeholders are required to work in tandem to have robust security controls at various layers for building an in-depth network security methodology,” he added.
Service providers can play a front-end role towards subscribers, regulators and shareholders while vendors with advanced technologies like Nokia can feed-in with best-in-class security solutions to service providers to have comprehensive future-proof security architecture coupled with security solutions for endpoints, network elements, applications, and other.
“In view of today’s growing trend of advanced threats, vendors are expected to work as trusted partners to help service providers for improving network security continuously to keep network secure and compliant all the time,” said Moiz.
Nokia NetGuard ACTIVE security helps security teams identify and limit cybersecurity risks, detect more attacks and respond faster. “As an example, Nokia ACTIVE security framework is exhaustive and scalable which covers complete cycle of many security incidents starting from detection, prioritisation, responding and predicting malicious events in an end-to-end network. It also touches areas of organisational security policies and enables service providers to assess and measure security KPIs all the time,” Moiz explained.
The traditional mitigation approach is largely based on manual processes without a centralised management system. This is still a reasonable approach for some organisations, but the increasing sophistication of attacks and growing regulatory complexity mean this will not be a tenable approach in the medium term, Moiz warned.
What is required is an expanded security management solution with security orchestration, analytics, and response (SOAR) with support workflow management, automation and reporting. This would enable security operations teams to automate and prioritise activities and report data to inform better business decision making.
“Replacing today’s manually-intensive approaches with security management systems built on three pillars -- security analytics, machine learning and automation, as reflected in Nokia’s security solution – is vital to mitigate the threats,” Moiz said.
Security analytics correlates data from across the network, devices and cloud layers to spot suspicious anomalies and provides insight into the nature of the threat, the associated business risk and the recommended response. In a device functioning correctly but leaking data, security analytics could spot trouble by detecting CPU activity spikes or unusual levels of keep-alive signalling.
With machine learning, on the other hand, the effectiveness to identify communication patterns of viruses and threats would increase continuously.
Tying everything together is a set of best practices that should be in every security manager’s toolkit. “Good governance is needed by telecom operators to educate their employees on security risks and ensure they are compliant and self-aware, as not even the best tools, processes and systems can avoid security breaches caused by human errors and oversights,” Moiz concluded.