The focus on security for communications service providers (CSPs) has been changing over the last few years. 5G technology has enabled and mandated new business-critical, mission-critical, and security-critical revenue-generating services. However, the benefits of 5G’s higher-speed communications come with corresponding increases in the range of threats to mobile networks. Distributed denial-of-service (DDoS) attacks are nothing new, but they are increasing in complexity, disrupting key systems, and causing major business losses. And recently, the barriers to entry for attackers have been eliminated. DDoS-for-hire services now allow users to test basic DDoS attacks before purchasing.
The range of “services” offered by these nefarious platforms span network, transport, and application layers and target everything from specific applications and games to methods for bypassing standard anti-DDoS measures. Cybersecurity standards for CSPs are naturally increasing, and as a CSP, the enterprise and mobile edge segments of your network require special attention.
Securing Your Enterprise Segment
The enterprise part of the mobile network enables communication with internal servers and services or external applications over the internet, using client-IP to server-IP communication. This is where your servers are associated with a specific service offering and where your subscribers connect to the internet to access any externally hosted applications.
In this part of your network, detection and protection are required to secure the servers where the applications are running as well as to protect your entire network from DDoS attacks, which could be initiated by subscribers connected to the mobile network or from the internet. When considering security for this part of your network, you’ll want to have access to network forensics and investigation from within the enterprise core.
Security within the enterprise part of a CSP network must cover all communication—all applications and services hosted within your network or hosted externally on the internet. In addition, you’ll want protection at the perimeter of your enterprise network to detect threats or volumetric DDoS attacks initiated from your subscribers or from the internet to your network.
Because network traffic doesn’t sleep, your defense can’t sleep either. Your security solutions should always be on, continuously monitoring traffic from your control and user planes, identifying the services in use, and not only providing delivery assurance for those services but also enabling their security with early-warning threat detection for fast mitigation.
Your solution should provide total network visibility to both your network operations and security operations teams. Security tools that use a common source of network-derived data will allow these teams to collaborate most efficiently. Security and assurance tools that integrate into your existing security ecosystem will speed your return on investment (ROI). For example, can the network information your tool gathers be exported to your existing SIEM or SOAR platforms to augment your risk visualization? Can the tool be deployed in any type of network environment—on-premises, cloud, or hybrid? If you don’t already have all three environments, you most certainly will in the future, and your network security tools should be able to grow with your network.
The Mobile Edge of Your Network
Because the ever-expanding and increasingly significant mobile access edge computing (MEC) centers of your network also communicate with the internet—similar to the way your IP enterprise segment does—they are correspondingly open to external threats and also require continuous security and assurance monitoring. DDoS attacks are a major risk to service availability, and this is the area of your network that drives service revenue, so you need to know exactly what’s going on there. Accurate threat detection and complete or partial mitigation at the edge is a more agile strategy than gathering huge amounts of traffic from all over your network and forwarding it to a “scrubbing center.” Additionally, the mitigation load can be spread across many devices.
So, what are some of the things you want to look for in edge protection tools?
A stateless, inline security appliance deployed at the network perimeter can automatically detect and stop both inbound threats and outbound communication from internal compromised hosts—essentially acting as the first and last line of defense for organizations. Stateless packet processing technology can stop TCP-state exhaustion attacks that target and impact stateful devices such as next-generation firewalls (NGFWs). If your device receives a continuous threat intelligence feed update, it will immediately be ready for any new threats on the horizon. Can your edge protection work in conjunction with a scrubbing center if it detects a large-scale DDoS attack that requires additional mitigation? This sort of hybrid DDoS protection is an industry best practice. You will want to be sure any edge protection tool you consider can integrate with your existing security stack and process.
If your network is very large and you have an experienced DDoS attack mitigation team, you may want to consider a tool that can enable a self-defending network by seeing a threat, analyzing it, and then issuing instructions to the rest of the network on how to deal with the attack. An attack would then be mitigated in multiple layers across the entire network. As mitigation is spread across the network, comprehensive reporting becomes increasingly granular and important.
Additionally, a solution that provides network peering analysis can help determine what traffic can transfer off expensive transit links to free peering or even become revenue-generating as a new customer. Again, that’s an important ROI consideration.
You may also want to consider a virtual solution that will let you take advantage of the agility and cost savings of software-defined network (SDN) and network functions virtualization (NFV) from your DDoS protection tools.
Finally, consider whether you want to build a DDoS service offering for your customers for additional revenue and ROI. Offering a DDoS service to your customers can help them ensure the availability of their networks and applications. Look for a tool that can extend protection to your network of customers and monetize your investment.
Your mobile network’s enterprise core and edge need specific consideration, and your solutions for their security should be:
- Always on
- Leveraging smart data for end-through-end visibility
- Detecting and mitigating threats at the edge
- Flexible and scalable—able to fit in your current security ecosystem and grow with your network
- Providing real ROI
We can help you with all of that.
Learn more about tools for securing your mobile network:
- Omnis Cyber Intelligence
- Arbor Edge Defense
- Arbor Sightline
- Arbor Sightline With Sentinel
- Arbor Threat Mitigation System