The focus on security for Communications Service Providers (CSPs) has changed over the past few years. 5G technology has enabled and mandated new business-, mission-, and security-critical revenue-generating services. However, with the high-speed communications benefits of 5G come a corresponding increase in the range of threats to mobile networks.
Distributed Denial of Service (DDoS) attacks are not new, but they are growing in complexity, disrupting key systems and causing significant business losses. And recently, entry barriers for attackers have been eliminated. DDoS services for rent now allow users to test basic DDoS attacks before purchasing.
The range of “services” offered by these nefarious platforms span the network, transport and application layers and target everything from specific apps and games to methods of circumventing standard anti-DDoS measures. Cybersecurity standards for CSPs are naturally increasing, and as a CSP, the enterprise and mobile edge segments of your network require special attention.
Securing your business segment
The enterprise part of the mobile network enables communication with internal servers and services or external applications on the Internet, using client IP to server IP communication. This is where your servers are associated with a specific service offering and where your subscribers connect to the internet to access any externally hosted applications.
In this part of your network, detection and protection is necessary to secure the servers on which applications run, as well as to protect your entire network against DDoS attacks – which could be initiated by subscribers connected to the mobile network or from the Internet. When considering the security of this part of your network, you will want access to network forensics and forensics from the core of the business.
Security within the enterprise portion of a CSP network should cover all communications – all applications and services hosted on your network or hosted externally on the Internet. Additionally, you’ll want protection at the perimeter of your corporate network to detect threats or volumetric DDoS attacks initiated by your subscribers or from the Internet to your network.
Since network traffic doesn’t sleep, your defense can’t sleep either. Your security solutions should always be enabled, continuously monitor your control and user plane traffic, identify the services being used, and not only provide delivery assurance for those services, but also enable their security with early detection of threats for rapid mitigation.
Your solution should provide full network visibility to both your network operations and security operations teams. Security tools that use a common source of network-derived data will allow these teams to collaborate more effectively. Security and assurance tools that integrate with your existing security ecosystem will accelerate your return on investment (ROI). For example, can the network information collected by your tool be exported to your existing SIEM or SOAR platforms to increase your risk visualization? Can the tool be deployed in any type of network environment – on-premises, cloud or hybrid? If you don’t already have all three environments, you most likely will in the future, and your network security tools should be able to grow with your network.
The mobile edge of your network
Since the ever-expanding and increasingly important Mobile Access Edge Computing Centers (MECs) in your network also communicate with the Internet – in much the same way as your IP enterprise segment does – they are therefore open to external threats and also require continuous monitoring for security and assurance. . DDoS attacks are a major risk to service availability, and it’s the area of your network that generates service revenue, so you need to know exactly What is happening here. Accurate threat detection and full or partial mitigation at the edge is a more agile strategy than collecting massive amounts of traffic across your entire network and forwarding it to a “cleaning center”. In addition, the attenuation load can be spread over many devices.
So what are some of the things you want to look for in edge protection tools?
A stateless inline security appliance deployed at the network perimeter can automatically detect and shut down inbound threats and outbound communications from compromised internal hosts, essentially acting as the first and last line of defense for organizations. Stateless packet processing technology can stop TCP state exhaustion attacks that target and affect stateful devices such as next-generation firewalls (NGFWs). If your device receives a continuous update from the threat intelligence feed, it will be immediately ready for any new threats on the horizon. Can your edge protection work in conjunction with a cleanup center if it detects a large-scale DDoS attack requiring additional mitigation? This type of hybrid DDoS protection is an industry best practice. You’ll want to make sure that any edge protection tool you’re considering can integrate with your existing security stack and processes.
If your network is very large and you have an experienced DDoS attack mitigation team, you might consider a tool that can activate a self-defense network by seeing a threat, analyzing it, and then issuing instructions to the rest of the network on how to deal with the attack. An attack would then be mitigated in multiple layers across the entire network. As mitigation is distributed across the network, comprehensive reporting becomes increasingly granular and important.
Additionally, a solution that provides network peering analysis can help determine what traffic can be shifted from expensive transit links to free peering or even generate revenue as a new customer. Again, this is an important consideration for ROI.
You may also consider a virtual solution that will allow you to take advantage of the agility and cost savings of software-defined networking (SDN) and network functions virtualization (NFV) from your DDoS protection tools.
Finally, consider whether you want to create a DDoS service offering for your customers to generate additional revenue and ROI. Offering DDoS service to your customers can help them ensure the availability of their networks and applications. Look for a tool that can extend protection to your customer network and make your investment profitable.
The core and edge of your corporate network require special attention, and your solutions for their security must be:
- Always on
- Leverage smart data for end-to-end visibility
- Detect and mitigate threats at the edge
- Flexible and scalable, able to adapt to your current security ecosystem and grow with your network
- Offer a real return on investment
We can help you with everything this side.
Find out more about the tools for securing your mobile network:
Copyright © 2022 IDG Communications, Inc.