ABI Research explores how AI and 5G are transforming telco security operations
Over the last few years, telco operators have been undergoing a slow but sure metamorphosis from simple connectivity providers to digital technology enablers. In part fueled by 5G network rollouts and the growing importance of core digital services, and also driven by increasing cloud adoption and Internet of Things (IoT) connectivity by the enterprise sector, telco operators are changing to adapt to these new demands.
The role of security operations centers in the telecoms industry: What is the state of play?
This transition applies to the security space as well. Traditionally focused on fraud prevention, telcos are now pivoting toward business enablement through security, expanding their role beyond that of a secure network provider to one that is an intrinsic enabler of trust in business applications and services.
This means that security is expanding from under the traditional purview of Network Operations Centers (NOCs) and emerging as a solution in its own right through dedicated telco Security Operations Centers (SOCs). Not only has the threat landscape evolved, particularly with 5G rollouts and greater effort needs to be invested in securing the infrastructure that mission-critical services rely on, but security can further provide value-add to new business use cases, such as creating trusted Ultra-Reliable Low Latency Communication (URLLC) and Massive Machine-Type Communication (mMTC) applications, optimizing network slices, providing visibility of network function Application Programming Interfaces (APIs), etc.
SOCs are consequently emerging to offer a high level of security that can underpin a telco pivot toward business enablement. Not only can SOCs drive telco competitiveness forward by positioning them as trusted technology service providers, they’re also an effective instrument for reinforcing regulatory compliance in data protection and security assurance.
Today’s challenges for security analysts
And yet telcos face a number of challenges in setting up dedicated SOCs. One of the main obstacles is the telco-specific landscape within which their SOCs must run. While there is a mature Information Technology (IT) SOC industry and associated technologies, this is not the case for the telco space. Many telco SOCs have to cover the full spectrum of cellular technologies, from older legacy generations like 2G all the way to 5G Standalone (SA) and the hybrid complications that these entail.
Another major challenge is staffing SOCs. The cybersecurity market generally has been experiencing a shortage of specialized skills for some time; finding dedicated SOC analysts that understand the telco space is rarer yet. Telcos have to offer compelling remuneration to attract existing talent or invest in training their own engineers or NOC analysts to fit the SOC role. Both routes are expensive and don’t necessarily guarantee permanent staffing. Â
The ever-expanding threat landscape is putting increasing pressure on telcos to respond quickly and accurately; a difficult feat to achieve when there is already a shortage of skilled analysts that know how to do the job in a telco SOC.
Some of these growing pains for telco SOCs can be addressed through the augmentation of analyst capabilities with Extended Detection and Response (XDR) technologies. Expanding the scope of traditional Endpoint Detection and Response (EDR) by integrating networks into endpoints in threat detection and response, XDR leverages orchestration, automation and Machine Learning (ML) to provide a more holistic and coherent solution for protecting large infrastructure. XDR is a good fit for the telco space, but it can still be relatively complex to manage and requires fully-skilled telco analysts to run.
Exposing generative artificial intelligence as an XDR feature — What are the advantages?
This is where advances in Generative Artificial Intelligence (Gen AI) can really make a difference. Large Language Models (LLMs), in particular, can help alleviate many of the challenges faced by telco SOCs, easing the burden placed on analysts. LLMs are excellent at rapid data ingestion and enhanced contextualization, able to derive meaning beyond the capabilities of traditional ML. Consequently, an LLM-augmented XDR can significantly reduce the number of false positives, better prioritize alerts, harmonize outputs from different tools, enhance threat hunting and provide tailored playbook responses for each security incident.
Addressing telco pain points by augmenting analyst capabilities with Nokia XDR
When LLM-based XDRs are leveraged within a specific context, such as a telco, they can provide significant aid to SOC operations. Cellular networks like 5G are an excellent fit for LLMs, which need a large number of parameters (in the billions) to really be effective. Further, the skill set shortage of telco-grade SOC analysts (and especially level 3 analysts) can be plugged, in part, by LLMs, with their ability to recognize intent (and therefore, really understand whether an action is malicious or not). Beyond that, LLMs can suggest appropriate next steps and execute them autonomously if desired.
Nokia’s NetGuard Cybersecurity Dome is built on such a premise, leveraging XDR components that integrate Microsoft Azure’s OpenAI to provide much needed assistance to telco SOC analysts. Nokia specialized the LLM corpus training specifically on telco network architecture, telco incidents, 3GPP specifications and telco-specific threat intelligence. Nokia’s XDR, therefore, offers a range of capabilities for telco SOCs: from a vast catalog of available telco security use case integration across radio, transport and core, to plug-and-play cyber playbooks for security automation and orchestration, all within a 5G-specific context. This demonstrates the firepower that Gen AI LLMs can bring to SOCs by integrating real-time threat intelligence with XDR capabilities, and providing guided threat hunting and response, in a telco-centric environment.
Call to action: The strategic benefits of implementing NetGuard Cybersecurity Dome
Nokia’s NetGuard Cybersecurity Dome offers a unique platform for telcos to build 5G-ready SOCs, alleviating the industry constraints of staffing and telco-awareness. Moreover, its Software-as-a-Service (SaaS) model is a highly modular and flexible solution, perfect for those telcos looking for agility and scalability, key advantages for building technology-focused infrastructure. Most importantly, Nokia offers a comprehensive toolset that provides not just top-of-the-line threat detection and incident response, but also enables data control and privacy protection, critical elements for enterprise adoption. The Nokia NetGuard Cybersecurity Dome can be a key asset to operating pioneering telco-grade SOCs that can augment telcos’ 5G network offerings.