Moving to the Cable Edge with DAA

Cable/MSOs need deeper visibility to assure and secure the cloudified edge.

Magnified cables showing packet numbers inside

A major evolution to the cable/multiple system operators (MSO) infrastructure is underway with the deployment of fiber to the home and business premises (FTTX/FTTH) and the migration of intelligence to the network edge with distributed access architecture (DAA). The venerable cable modem termination system (CMTS) is being disaggregated and virtualized in this move to the edge. As a result of this disaggregated architecture, there are more network vendor equipment pieces to interoperate as well as open source components—both of which expand the cyberattack surface and create more security exposure. Traffic that was all north/south is moving to east/west among various compute resources, all with the increased over-the-top (OTT) traffic and network peering.

Informa’s recent Cable Next-Gen Technologies & Strategies event in Denver on March 14 and 15 held a panel “Taking DAA to the Edge” that highlighted the challenges for cable/MSOs moving to this new architecture. As Dr. Vikram Saksena from NETSCOUT explained, the cables “are in a great position to take advantage of edge computing with DAA, as they have the infrastructure all the way to home or business premises. Moving intelligence to the edge along with low latency enables a myriad of new services to help the cables grow the top line in their business. One example is sensors that require near real-time response and processing for mission-critical and safety services. Offering and enforcing service level agreements (SLAs) for these services is part of that opportunity.”

Visibility Without Borders

To handle this network transformation, IT network operations and security operations teams must have visibility to the network, services, and applications. They need that visibility to secure and assure both the network and the service layer for services and applications enabled by the move to the network edge, which may include hyperscalers for services such as gaming, augmented/virtualized reality (AR/VR), and Internet of Things (IoT) devices and related services. With this visibility, cable/MSOs can assure that network performance over new fiber and edge infrastructure meets and exceeds existing service levels for throughput and latency as well as securing the network from intrusion and cyberattacks.

The main business of cable networks is to provide internet and communications services and content (video) to their subscribers, both residential and business. Making the network always available, with accessibility to services, and assuring SLAs are the most essential aspects of their business.

From a security perspective, all service provider networks are susceptible to distributed denial-of-service (DDoS) attacks, which can cause the most damage to the availability of their business. Therefore, having full visibility into the network traffic for detection and mitigation of DDoS attacks becomes extremely crucial.

With the DAA, where the cable networks are being decentralized by moving select functions to the edge, closer to the consumption of services by subscribers and businesses, the need for this deeper network visibility and security is even more critical.
Disaggregating traditional cable network and service elements creates a wider surface that is susceptible and more sensitive to newer types of attacks—including east to west, or subscriber to subscriber. Visibility and mitigation of these vulnerable attack patterns and vectors is key to ensuring service availably and customer experience.

Assuring Networks and Services with NETSCOUT

NETSCOUT’s scalable Arbor Sightline and Threat Mitigation System solutions offer full end-to-end security visibility for all traffic. Together they provide comprehensive detection and mitigation capabilities that leverage the network infrastructure along with sophisticated scrubbing technology to keep the network up and services available while the network operator is deploying new architecture and models. Likewise, NETSCOUT’s nGenius Service Assurance solution provides the same level of end-through-end visibility for assuring the network, services, applications, and devices with advanced analytics informed by network domain knowledge and offers proactive monitoring with rapid service triage.

Learn more about NETSCOUT’s DAA solution.