As high-profile network security breaches continue to make the news, with the most recent breach of the federal Office of Personnel Management, network security firms with defense pedigrees are looking to target the service provider markets – including mobile network operators – both for their own protection and for security-as-a-service offerings to enterprise.
Mike Wall, director of the cyber operations group for EdgeWave, said he sees components of military-level security being implemented by service providers. Wall joined EdgeWave after serving as a commanding officer at the Navy Information Operations Command in Norfolk, Va., leading cyber-fighting objectives and directing the assessment of infrastructure readiness. EdgeWave has partnered with companies like Huawei for network security, releasing a solution recently that combined its analytics with a Huawei firewall.
“I think the industry is starting to understand that it’s not really good enough to put technology on the network and let it run and forget about it,” said Wall. “There has to be a level of human interaction. That’s a different way of trying to wrap your head around the problem – it involves people, that’s critical. There has to be that interaction between people and technology.”
Wall said that comes in the form of human review of information from security technology – which happens now, he said, but “in limited contexts.”
Verizon Communications’ 2015 Data Breach Investigations Report found a number of interesting trends in security incident types and frequency. The report estimated that there were $400 million in losses from compromised data. While miscellaneous human errors were the most likely to generate security incidents that put data as risk, actual breaches were typically point-of-sale breaches, followed by “crimeware” (most often generated by organized crime) and cyber-espionage. The top four industries affected by data breaches are the public sector, information services, financial services and manufacturing. Cyber-espionage attacks like the OPM incident – which China is suspected to be behind – were state-affiliated 97% of the time and accounted for less than 1% of overall incidents, but 18% of confirmed data breaches.
“The IP infrastructure is already highly exploited by threat actors and the extension into new ICTs will be a boon for malicious cyberagents,” said Michela Menting, director for ABI Research’s digital security practice, in an e-mail exchange with RCR Wireless News. “There are security issues with the transition to all-IP networks for the various access technologies (including 4G). IP convergence means that this common platform, with all its vulnerabilities and weaknesses, will increasingly permeate all communication infrastructures, extending the scope of attack far and wide.
“Most organizations and ISPs make use of general-purpose operating systems to run external name servers because they are less costly than purpose-built solutions,” Menting added. “But securing them is more complex, and it leaves many vulnerabilities open that can be easily targeted with cache-poisoning, hijacking, or amplification attacks.”
Wall said that with the number of wireless subscribers, it’s only a matter of time before mobile networks become more frequent targets for attackers.
“These guys may not take down a network, but they may need it to get to customers,” Wall said. “There is a lot of appeal to a carrier as a target because of the number of people who are using their services.”
Wall added that security risks are something that, in a competitive wireless market, carriers can ill-afford.
“It doesn’t take much … to send somebody to another company that’s not been breached,” he noted.
There have been a number of interesting mergers and acquisitions in recent months that illustrate the rapidly shifting network security ecosystem, including:
- Singtel, the largest telecom operator in Singapore by revenue, is in the process of purchasing U.S.-based cybersecurity firm Trustwave for $810 million in its largest purchase outside the direct telecom space.
- As part of its $2.6 billion purchase from Danaher, network monitoring company NetScout also bought network security company Arbor Networks. Check out Arbor’s interactive Attack Map of global DDOS attacks here.
- Menting noted in recent research that Israeli defense contractor Elbit bought Nice Systems’ cyber unit for up to $158 billion, and Raytheon and Vista Equity Partners formed a new joint venture in cybersecurity. In a statement at the time of the JV announcements, David Wajsgras, president of Raytheon’s intelligence, information and services business, noted that “commercial companies are evolving their infrastructure with cloud computing, mobility and the ‘Internet of Things’ to stay competitive and, as a result, they have become more vulnerable than ever.”
JDSU’s Network Instruments found in its annual state of the network report this year that IT groups are spending significantly more of their time on security-related issues.
“Large-scale and high-profile security breaches have become more common as company data establishes itself as a valuable commodity on the black market,” NI concluded. “As such, enterprises are now dedicating more IT resources than ever before to protect data integrity. … As threats continue to escalate, one quarter of network operations professionals now spend more than 10 hours per week on security issues and are becoming increasingly accountable for securing data.”
Meanwhile, Gartner has predicted that due to the driving forces of, and interactions among, mobility, cloud and social connections, the worldwide spending on information security will reach nearly $77 billion this year. Gartner also expects that by 2018, 40% of large enterprises will have formal plans in place to address cyber attacks aimed at business disruption – up from 0% this year. One of the factors impacting that swing is the fact that the IoT “has expanded the attack surface,” as well as the resources that need to go into information security, according to Gartner.
“The expectation that digital business will be a successful consumer business model relies on IoT devices being ‘always available.’ An interruption at any point during the end-to-end transaction process means that business transactions may not be completed, thereby negatively affecting customer allegiance and the revenue stream expected from the digital business offering,” Gartner noted.
Gartner also added that “mobile security will be a higher priority for consumers from 2017 onward,” as the mindset that a PC needs to be protected but a mobile device does not, slowly shifts. Mobile, to date, has not been a significant source of network vulnerabilities – although there is plenty of awareness that it could become one.
Verizon, in its DBIR, said that “data breaches involving mobile devices should not be in any top-whatever list,” while noting that “mobile devices have clearly demonstrated their ability to be vulnerable.”
“Threat actors are already using a variety of other methods to break into our systems, and we should prioritize our resources to focus on the methods that they’re using now,” the report authors said. “When it comes to mobile devices on your network, the best advice we have is to strive first for visibility and second for control. Visibility enables awareness, which will come in handy when the current landscape starts to shift. Control should put you into a position to react quickly.”
So what does this mean for a mobile network operator?
“Operators need to implement smarter security for networks – and especially cellular such as LTE, including access restrictions, authentication and passwords,” said Menting of ABI Research. “At the small-cell level, this could include installing trusted execution environments on small cells in order to detect and prevent loading of tampered appliances.”
Menting added that IP security is heavily influenced by network planning, with factors ranging from whether the X2 interface is adopted, to whether security is deployed in a centralized or distributed fashion and even in how quality of service is implemented and identified during traffic encryption. More IPsec tunnels can mean higher operational costs and demands on system processing resources, she noted, but operators also must consider the potential costs and risks of deploying an unsecured network.
“The general sentiment is that basic ICT infrastructure is lacking in terms of protective or defensive technology mechanisms. This means there is an opportunity for market offerings in higher-grade security (could be military). I see it really as a matter of cost; the provision of IPsec tunnels, or SSL/TLS can be offered at premium costs and can add significantly to a security posture,” Menting said. “I certainly think that for some channels/verticals, there will be demand for it. Think about some of the high-value verticals that are constantly under attack, even if it’s just for IP theft: tech, pharma, energy, finance, and in time I see that extending to retail, and other organizations with international operations. How do you capture all of these industries: possibly the easiest is for defense contractors to offer their secure network services as [over-the-top] to MNOs, ISPs and other telcos. Then it becomes a package offering for that service provider to their client base: ‘Are you a high-value client? Then we have an offering for military-grade security.’ It’s a competitive advantage, a value differentiator. I can certainly see it happening.”
Editor’s Note: This story has been corrected from the original version. The state of the network report is conducted by JDSU’s Network Instruments, not National Instruments.