The ever-changing technology and business architectures, third-party involvement in network management and the high cost of implementation and upgradation have made telecom network security extremely challenging for operators. Moreover, the network structure has become extremely complex as several network elements are sourced from different vendors. Therefore, an operator does not have an end-to-end control over all the applications, operating systems and protocols deployed by it.
In such a scenario, operators and network providers turn to a host of emerging security solutions designed for fraud detection, end-point detection and response (EDR) and data recovery for securing parts of networks.
Fraud detection
Operators need to safeguard their networks from signalling frauds, which focus on signalling system 7 (SS7) (2G/3G) and diameter (4G) level vulnerabilities that are either inherent or configuration based. These typically expose operators to frauds through erroneous signalling control commands, particularly in interconnected networks. Further, since an operator’s SS7 infrastructure is accessible by other operators across the world, either directly or indirectly, through a certain number of loops, the risk of signalling frauds is very high.
Such a fraud creates very specific, abnormal traffic patterns as it moves across networks. It leads to artificial inflation of network traffic due to application-to-person or person-to-application SMSs, spamming, refiling, profile modification, unlawful tracking, among other anomalies that are found to have a 100 per cent infection rate.
To curb such an attack, a firewall approach at the signalling level is adopted to detect fraudulent traffic patterns or anomalous messages. This is particularly effective in dealing with roaming-specific fraud types. Further, operators are looking at new and dynamic anti-fraud tools, which, apart from detecting these frauds, can take real-time preventive action against them. However, operators need to reconfigure their SS7-based networks to allow the latest tools to work efficiently.
EDR
EDR helps reduce the need for continuous monitoring of networks against advanced threats. End points are network devices, such as servers, desktops, laptops, smartphones, and points of sale, connected remotely to an enterprise server, making them vulnerable. These can be entry points for potential cyberthreats.
The use of EDR technology is important as many existing antivirus systems on end points are incapable of detecting malware. Moreover, many advanced threats hide their true nature and are detected only when they enter the network and create abnormal activity within the network.
Software systems having EDR capabilities are usually installed on host systems. Further, EDR-hybrid tools are now available in the market that offer EDR technology along with data encryption, application control, device control and encryption, privileged user control, application control, network access control, and a variety of other capabilities.
EDR tools that are currently available in the market are highly differentiated. Some perform analysis on the end point agent while others perform data analysis on the back end through a management console. These tools also vary in their ability to integrate with threat intelligence providing solutions.
Data recovery
Data recovery solutions restore normal access to important files and databases. They offer a variety of storage management and data protection features. They provide advanced options for network attached storage and storage area network.
Security solutions for open networks
The migration from traditional networks to software-defined networks (SDN) offers service providers several benefits including openness, remote programmability and agility. However, it also brings in higher security risks as such networks are highly vulnerable.
The SDN and network function virtualisation infrastructure needs to be protected from advanced persistent threats, malware, remote access threats and specific attacks on virtual machines. To guard against such vulnerabilities, service providers are replacing existing proprietary technologies with open source platforms and software like openStack, open vSwitch, kernel-based virtual machines and others, which are inherently more secure due to their indistinctness.
The way forward
Given the increasing number of connected devices and the growing network reach, networks are getting exposed to more and more threats. Telecom operators need to standardise the checklist for technology platforms and network components procured from third-party vendors. This standardisation along with collective cooperation among operators can help weed out potential security threats. Further, operators need to make significant investments in deploying technology solutions to create robust and secure networks.
