 | Issue: | Asia-Pacific I 2014 |
| Article no.: | 1 | |
| Topic: | Security is only as good as the big network analytics behind it | |
| Author: | Cassidy Shield | |
| Title: | CMO | |
| Organisation: | Alcatel-Lucent | |
| PDF size: | 449KB |
About author
Cassidy Shield is Chief Marketing Officer of Alcatel-Lucent. Mr Shield leads global marketing for Alcatel-Lucent’s software business which is focused on delivering innovative solutions that help customers capitalize on the growth of mobile broadband in both existing and new markets. Mr Shield’s focus is on the intersection of IT and Telecommunications as it relates to cloud computing as a unifier of IT and Telecom, effective and secure use of network intelligence for a better customer experience, evolution of unified communications in a mobile centric world, and strategies for optimizing and monetizing the growth of mobile data.
Mr Shield has held a variety of leadership roles at Alcatel-Lucent including building and leading the Mobile Content Services business for Alcatel-Lucent and the IPTV business for Lucent Technologies. He has also held leadership roles in business development, product management, R&D, supply chain, and service delivery.
Prior to Alcatel-Lucent, Mr Shield worked as a management consultant with a focus on building expertise in Corporate Strategy, Supply Chain Design and large scale IT deployments.
Cassidy Shield holds a MBA from Northwestern’s Kellogg School of Management, a MEM from Northwestern’s McCormick School of Engineering and a BS from the University of Iowa.
Article abstract
Investment in security is rising in the Asia Pacific region, with its rapid growth of mobile devices as well as the highest number of cyber-attacks, corporate espionage and viral infections. ‘Big Network Analytics’ combines network and subscribers information with knowledge of apps and devices. It offers operators deep insight into traffic patterns in order to select appropriate security measures. It can spot malicious and unusual device and network activity before subscribers even know that their devices have been hijacked by malware. Such real-time analysis helps to identify network abnormalities as they occur, and pinpoint the attacked devices, thus it is an essential security too of the future.
Full Article
In today’s always connected, ultra-broadband world – where subscribers can seamlessly move between fixed and mobile broadband and access the cloud — the challenge of securing devices, networks and data is growing increasingly complex.
Mobile broadband subscribers will exceed three billion by 2016 with more than 2.5 billion smartphone connections. Meanwhile, the home has become an extension of the broadband network, with an average of six or more fixed line devices providing Internet connectivity, television, gaming and more. In addition, over 1,000 types of devices exist today on multiple operating systems, with more than 1 billion applications in the marketplace to run on them.
The move toward virtualization has enterprises putting mission critical applications and proprietary data into the cloud. Consumers are increasingly comfortable with accessing and storing confidential and personal information on their devices and in the cloud. Despite technology’s growing complexity, users expect simplicity in the form of access and expect the same customer experience across all of their devices.
These factors and more make security a daunting challenge for operators. It’s one that requires the addition of big network analytics to client and network based security solutions. Security without big network analytics is akin to locking the front door of your home without the knowledge that most neighbourhood break-ins come through windows or a connected garage.
Big network analytics combines the intelligence derived from the operator’s network – data on subscribers; devices; applications; network; signalling, and IP flows – with other data sources such as OSS/BSS, which provide a view of the customer profile, billing info, service plans, and more. As a whole, this data can be an extremely powerful tool for managing an operators business strategy, including security. Experienced network forensic experts who know what to extract and how, can help operators use big network analytics to gain a comprehensive view of trends, abnormalities and vulnerabilities.
Security enhanced by big network analytics works seamlessly with wired and wireless security applications to offer a security environment that can accommodate everyone who interacts with your business, across a host of different operating systems, devices and networks. Analytics captured by this end-to-end view alert operators in real time when a security breach occurs – pinpointing where the attack is coming from, what form it is taking, and who is affected. The operator can take immediate action to eliminate the threat on both the network and subscriber devices. Thus, big network analytics ensures operators can avoid collateral damage from device, network and service attacks, which create customer dissatisfaction and churn.
Asia Pacific technology adoption driving network security enhancement
Information communications technologies (ICT) such as smartphones, IP networking, ultra-broadband and cloud open up an array of business opportunities for Asia Pacific operators and service providers. On one hand, in markets such as India and Bangladesh, mobile technology is connecting more people to the health care, education and financial resources they need. On the other hand, in developed countries such as Japan and South Korea, smartphones are instrumental in improving people’s quality of life through mobile banking, remote learning and remote health care. The exponential growth of smartphone usage and data also catalyze the growing trend of cloud and virtualization adoption, thus driving enterprise data centre expansion in the cities of Singapore, Hong Kong, Tokyo and Sydney.
Yet, the surging number of mobile devices, combined with the increased speed and traffic of LTE networks and data centres, places tremendous security pressures on Asia Pacific’s networks. Consumers are worried that personal data residing on smartphones – contacts, bank account numbers, emails, etc. – will fall into the wrong hands. It’s a legitimate concern, given the region has a higher mobile device infection rate than other parts of the globe.
The security risks to Asian corporations are even higher as mobile devices are used by employees in office environments to access sensitive company information, customer records and valuable intellectual property. Smartphones can become a cyber-espionage backdoor when malware is injected into Android applications. From a remote web based command centre the attacker can: track the phone’s location, download contact lists and personal information, intercept and send messages, record conversations, and take pictures.
These are but a few reasons why security spending in the Asia Pacific region continues to rise. Although security solutions have in the past primarily focused protection on the network’s endpoints, a more comprehensive, end-to-end solution integrating network analytics is now required by Asian operators to support today’s ever more complex ICT security issues.
Fighting back against sophisticated malware attacks
Network data collected globally shows that malware threats to fixed and mobile broadband networks are on the rise too. This type of malicious activity is used by hackers to gain access to devices for corporate espionage, spying on individuals and theft of personal information. Other collateral damage can include generating massive quantities of spam, denial of service attacks on business and governments and causing millions in fraudulent banking and advertising scams.
While mobile and fixed devices are frequently the targets of malware, few subscribers install an anti-virus on mobile devices. Even when they do, a malicious app can easily evade detection by device-based anti-virus. As a result, more than ten percent of home networks and over 0.5 percent of mobile devices are infected with malicious software, with Google Android devices in particular increasingly targeted. Meanwhile mobile spyware is the fastest growing threat to the BYOD trend in workplaces.
Anti-virus software on devices is not enough to catch malware, which is continually evolving and becoming more sophisticated. Also needed is a network-based security approach complimented by big data analytics that enables an operator to spot malicious and unusual device and network activity before a subscriber knows their device has become infected. Operators can immediately send an alert to subscribers via email, SMS, push notification or in browser notification to inform them of the threat and to provide instruction on how to remove it. Operators can provide this added level of security to subscribers as a freemium or value-add service. By looking out for health and security of subscriber devices, operators create customer loyalty, while also reducing the number of incoming service calls to reduce operational expense.
Distributed Denial of Service (DDoS) attacks can also target the operator’s core infrastructure directly. They can originate from third party applications and roaming partners, as well as devices, to make a network, data centre or application unavailable to users. These attacks have evolved from trying to exhaust a central processing unit (CPU) on targeted services, to volumetric attacks leveraging botnets to target and knock out network infrastructure, such as routers and firewalls, to more complex application-level attacks. These attacks enter an operator’s network, consuming network bandwidth and resources and crippling applications and services to cause outages. They can travel over an operator’s network to also impact virtualized applications, cloud services and enterprise data centres.
It’s yet another reason to employ big network analytics with a network security solution. Analytics will enable operators to see network abnormalities as they are happening, pinpoint the malware and see who is infected. This real time data can detect the existence of even minor anomalies and congestion that can impact network efficiency. For instance, big network analytics can see a spike in signalling behaviour and correlate it to a specific piece of malware, device, network or application. Adopting this big network analytics approach has enabled operators to regain as much as 20 percent of their signalling capacity.
Another example is using analytics to identify an operator’s top bandwidth users and evaluating their usage. This is not to suggest that all high bandwidth usage is due to malware, but heavy Internet users are at increased risk of getting infected. In some cases operators have been shocked to learn that despite having a network infection rate of one to two percent, some top bandwidth users had over a 60 percent infection rate.
Big Network Analytics: Good defence strategy, good customer experience strategy
By virtualizing network functions, telecom vendors are doing the heavy lifting for operators to create a path to the cloud. As operators increasingly move from a purpose-built hardware- to software-based shared cloud infrastructure, security plays a crucial role. New technologies like Network Functions Virtualization (NFV) and Software Defined Networking (SDN) promise to bring operators the benefits of the cloud to their own telecom networks, data centres and business operations while also enabling them to provide instantaneous cloud service connectivity with the security, reliability and quality enterprises and consumers expect. Providing users with secure and private pieces of the cloud for their own consumption is crucial to success.
Authentication and policy management are keys to secure cloud connectivity by regulating who can and can’t gain access virtually placed applications, confidential and proprietary information, datacentres and VPNs. Meanwhile the distributed nature of the carrier cloud can deliver services closer to end users for optimal performance when subscriber profiles, devices and Service Level Agreements (SLAs) can be accessed in real time. In both cases, big network analytics is the vital link to securely making instantaneous connectivity and data permission decisions.
By improving security on client devices, in the network and for the cloud, big data analytics helps operators achieve their ultimate goal of customer satisfaction. Big network analytics can boost customer engagement and build brand loyalty beyond security. For instance, it can provide real-time awareness of network congestion to help an operator optimize video delivery without buffering for premium subscribers. Additionally, big network analytics provides a clear picture of the types of services subscribers use and might be interested in to identify new business opportunities. An example is an operator seeking to roll out 4G LTE, who can use the data to understand where bandwidth demand is greatest and which markets would be the most lucrative. Another example is using analytics to offer new types of shared data plans to best meet the personal usage habits of subscribers and allows them to monitor their data consumption.
The rapid evolution of the ultra-broadband network and how subscribers use it — from simple traffic (such as voice) to delivering rich content (such as data/ voice/ video/location) to accessing cloud services —introduces a wide array of security challenges to operators. Traditional security services are insufficient to address these. Operators need big network analytics to gain the deep insight into the traffic traversing their networks to enhance the security measures they take. Additionally, the extracted intelligence can be used to enhance operations efficiency, improve customer satisfaction and tailor new service offerings.
