With telcos possessing valuable assets as well as being the spine of national communications they are under increasing threat from cybercriminals, Nokia offers them a range of solutions to ensure their security. Moiz Baig, Security Solutions at Nokia MEA, discusses with Intelligent CIO in detail how telcos can protect their networks and subscribers from potential security threats.
With telcos possessing vast amounts of Personal Identifiable Information (PII) and as the telco networks are the spine of national communications, they are an increasingly attractive target for cybercriminals. In fact, the most attractive assets a telco possesses include user devices, network elements and high-value data.
The traditional threat mitigation approach is largely based on manual processes with a fragmented security management system. What is needed is an expanded telco specific security management solution with security orchestration, analytics and response (SOAR) which would support workflow management, automation and reporting. This would enable security operations teams to move towards automation, help with prioritisation and better business decision making.
Leverage behavioural analytics and Machine Learning for security and user privacy
For an end-user to develop a high degree of trust with the operator, it is imperative for the operators to put in all necessary measures to safeguard not just the user’s devices, but also their data that is stored or moved through the operator’s network.
Moiz says: “For the network operators, this is no longer a ‘nice to have’ but with regulations in Europe such as GDPR, it is a must and if not complied it can cost operators millions in fines, lost revenue and negative branding.” In August 2017, the UK Information Commissioner’s Office fined TalkTalk £100,000 for security failings that enabled an IT contractor to access the personal data of 21,000 customers. The mobile operator could have faced as much as a crippling £59 million fine if the EU’s General Data Protection Regulation (GDPR) had been in place. So, it’s vital for telecom operators to leverage behavioural analytics and Machine Learning for their network security and subscribers’ data privacy.
Constantly measure your security posture and risk levels with the right balance of proactive and reactive security
Telco security strategy needs the right balance of proactive and reactive approaches. With the dynamic evolution that operators’ networks are undergoing with virtualisation of network functions, cloud uptake, Internet of Things (IoT) and 5G, a holistic review of end-to-end security architecture is needed covering three areas of people, process and tools. Similarly, what is important is that a blue print must be created for next generation security operations – an area where Nokia is supporting some of the leading telecom operators globally.
As an example, GDPR specifies that organisations must protect personal data by design and by default. This means telcos need to govern who and what – employees, third parties, applications, processes, unmanaged devices – has ‘privileged’ access to the personal data handled.
Moiz states that there are three steps for ensuring GDPR compliance that are covered by Nokia’s NetGuard Security Suite:
1. Protect personal data with effective identity access management
You need a strong identity access management (IAM) strategy backed by effective solutions to comply with article 25. An IAM solution that can isolate, monitor and record all privileged sessions will help you and your partners meet GDPR accountability, notification and reporting requirements.
2. Use automated anomaly detection to respond to breaches quickly
A solution that automates anomaly detection and access blocking can help you respond to cyberthreats proactively. This type of solution uses real-time network analytics and traffic profiling to assess environmental risks and identify abnormal user and entity behaviour.
3. Demonstrate continuous compliance through auditing and compliance management
Auditing and compliance management solutions can enable you to identify exactly who and what accessed personal data. Solutions that support tamper-resistant audit logs and session recordings enhance overall security and provide the detailed data you need to demonstrate GDPR compliance.
In the context of all the new regulations, compliance has moved on from a unregular ‘check-box’ exercise to a tool-supported continuous service.
5G requires new, dynamic and flexible security architectures
With 5G technology expected to increase the number of applications in IoT and Smart City areas, telecom operators expect increased security threats. 5G will enable a range of new use cases with a variety of specific requirements. These use cases include support for an enormous density of mobile devices and the need for ultra-low latency communications, they place a high demand on the dependability of the network. Human safety and even human lives depend on the availability and integrity of the network service.
“To support each use case in an optimal way, security capabilities will need to be more flexible. For example, security mechanisms used for ultra-low latency, mission-critical applications may not be suitable for massive IoT deployments where mobile devices are inexpensive sensors that have a very limited energy budget and transmit data only occasionally,” Moiz observes.
Another driver for 5G security is the changing ecosystem. LTE networks are dominated by large monolithic deployments – each controlled by a single network operator that owns the network infrastructure while also providing all network services. In contrast, 5G networks may be deployed by a number of specialised stakeholders providing end-user 5G network services.
According to Moiz, the new 5G architecture itself introduces new types of security threats and an increased attack surface. The potential for dynamic configurations in 5G requires new, dynamic and flexible security architectures. 5G network slices must be appropriately secured for different use cases, and as a result, telcos must focus on measurable security management and assurance.
“Network security solutions must adapt to this new 5G architecture. To support the dynamic network requirements of 5G for example firewalls must not only be virtualised. They must also be cloud-native continuously orchestrated to meet the performance demands of virtual networks and to support other requirements, such as elastic scaling. A holistic view of the entire mobile transport network and client nodes is necessary so that network operators can apply sufficient security measures, with optimal network placement and design,” he recommends.
Modernise to mitigate with security analytics, Machine Learning and automation
Moiz advises that telcos need to replace today’s manually-intensive approaches with security management systems built on three pillars – security analytics, Machine Learning and automation – as reflected in Nokia’s NetGuard security solution.
Security analytics correlates data from across the network, devices and cloud layers to spot suspicious anomalies and provide insight into the nature of the threat, the associated business risk and recommended response. In an example of a device functioning correctly but leaking data, security analytics could spot trouble by detecting CPU activity spikes or unusual levels of keep-alive signaling. With Machine Learning, the effectiveness to identify communication patterns of viruses and threats would increase continuously.
“Telcos will need to take advantage of multi-dimensional security analytics for rapid detection of threats. A new, dynamic, massively scalable, distributed security paradigm is required to ensure integrity across and through each layer of the network, ensuring that the people, process and tools are aligned with the telco’s security strategy and network architecture evolution. Nokia has a wide range of services that can help operators achieve these goals,” he stresses.
Telcos are now moving into the 5G era. As telcos around the globe get ready for 5G (more phones, more bandwidth and more b2b use-cases), modern security tools are a must to help protect their networks and their customers, as the traditional security models are simply not enough to deal with the increased threat landscape and challenges 5G will bring to security.