SlideShare a Scribd company logo

Cybersecurity Goes Mainstream

Rob Marson
Rob Marson
1 of 6
Download to read offline
Back to the Future I recently read an article online entitled: “Virtualization is Going Mainstream”. The dateline was January 1, 2006. It’s a good reminder that while the service provider industry working on deploying virtualized networks, the concepts and technologies themselves are not new. Cybersecurity, specifically securing access to physical and virtual networks and resources, is another key area. A recently released study by Kasperksky Labs concludes that when a security incident involves virtual machines, the recovery costs double compared to that of a traditional environment. It is clear that some of the operational challenges encountered from the enterprise IT experience could be harbingers to some of what awaits service providers as they race to virtualize their networks and implement new technologies such as Software Defined Networks (SDN) and Network Function Virtualization (NFV). The Days of Security-Through-Obscurity Have Ended Service provider networks are complex by nature – they span multiple technologies, vendors, geographies, and support millions of end users. Services will extend across wired and mobile networks, and span virtual and physical infrastructure. Equally complex are the business processes and operational challenges to order, administer, maintain and scale services. Management, security, and visibility strategies must also become flexible and adaptable enough to address hybrid environments that encompass both legacy and newly virtualized functions. It’s vital to remember that services traverse heterogeneous, physical and virtual networks. Service provider networks have, in the past, been shielded from a lot of security threats because of obscurity. Proprietary protocols and custom hardware required specialized skill sets. That all changes with SDN and NFV. Admittedly, there are many considerable and important differences between enterprise virtual machine (VM) workloads and the data plane intensive virtual network functions (VNFs) that will be used by communication service providers like components of a mobile evolved packet core (EPC) such MMEs, SGWs, and IMS core elements. Therefore, implementing mission-sensitive networking applications using cloud technologies may impact performance in unforeseen or unacceptable ways, require accurate system configurations, and could introduce new unintended security risks. Traditional hardware-based networks are not immune from security attacks either. In the past, attackers were primarily targeting infrastructure devices to create denial of service (DoS) situations. Increasingly, networking devices such as routers are becoming a high-value target for attackers. By penetrating network infrastructure attackers can gain access data flows as well as launch attacks against other parts of the infrastructure. Take, for example, the recently SYNful Knock attack. While the attack could be possible on any router, the targets were Cisco routers and involved a modification of the router’s firmware image creating backdoors for attackers. The backdoor password provides access to the router through the console and Telnet. This attack isn’t the result of a problem or vulnerability the router itself the result of attackers obtaining administrative credentials allowing them to load a modified version of operating system software. The keys to this attack are nearly always privileged user credentials. The Hypervisor – Protect at all Costs There are many potential security issues with the various components of a virtualized infrastructure, and no component is more critical than the hypervisor – the foundational element of virtualization. The hypervisor is a piece of software that provides abstraction of 1 www.pipelinepub.com Volume 12, Issue 5 Cybersecurity Goes Mainstream By Rob Marson
all physical resources such as CPU, memory, network and storage. It enables multiple computing stacks consisting of an operating systems, middleware and applications to be run on a single physical host. Individual computing stacks are encapsulated into instances called Virtual Machines (VMs), which are independent executable entities. VMs are also referred to as “Guests” and the operating system (OS) running inside each of them as “Guest OS”. The hypervisor performs many of the roles a conventional OS does on a non-virtualized host or server. It provides isolation between the various applications, or processes, running on a server. The hypervisor controls VM access to physical hardware resources as well as provides isolation among VMs. There a number of security threats to the hypervisor and many of these threats emanate from insiders, such as virtualization, network, cloud and security administrators, in addition to threats from external attackers. The National Institute of Standards and Technology (NIST) recently published some important research in a Special Publication 800-125-A on the potential security threats to hypervisors, and recommendations to mitigate them. Don’t Forget to Lock the Side Door ARogue VMs pose significant threats to hypervisor security. Rogue VMs can initiate side channel-attacks from target VMs running on the same physical host. A rogue VM could hijack control of the hypervisor, performing malicious actions such as installing rootkits as well as launch attacks on another VM on the same virtualized host. A rogue VM could also manipulate virtual switch configurations and compromise isolation between VMs to snoop on east-west network traffic between VMs. More often than not, attacks launched from rogue VMs are permitted because of incorrectly configured settings and parameters. Other attacks on the hypervisor include resource starvation leading to denial of service attacks, or a hypervisor providing privileged access to a virtual security tool that could in turn be exploited. A misconfigured VM may consume shared compute and memory, resulting in other VMs being starved. Hypervisors provide privileged interfaces which can be targeted by rogue VMs. Privileged operations such as memory management can be invoked by rogue VMs and executed by the hypervisor. Identity is the new Perimeter, Especially for Privileged Users Traditional approaches to privileged identity management emphasize perimeter-based security controls. Relying solely on firewalls and perimeter-based security strategies still expose networks to insider threats, a growing risk. Increasingly, external hackers are targeting privileged users with sophisticated phishing attacks. Cyber-attackers commonly use a combination of social engineering and malware, often in the form of an email phishing attack. Specifically, they target an organization using information harvested via social engineering, social media, and open source data, and then lure unsuspecting users into downloading malware onto their computers. The attackers’ objective is gaining account credentials or personally identifiable information, contact information and links to other accounts, including those to networks. Attackers typically remain present for long periods of time, moving laterally across systems and organizations. Incident response firm Mandiant has reported that the average mean time to detection for network security breaches is 205 days. During this phase, it’s likely that the attacker is using the legitimate credentials. As a result, service provider network and security operations teams are increasingly the target of phishing attacks. In a recent case, a service provider’s network was compromised in this fashion allowing hackers access to modify the configuration network firewalls in order to create persistent pinholes into the network for snooping. Cybersecurity Goes Mainstream www.pipelinepub.com 2 The Communications Fraud Control Association (CFCA) estimates that Telecom Fraud costs the industry over $40B USD annually. Figure 1
Fraud is another critical threat facing communication service providers. The Communications Fraud Control Association (CFCA) estimates that Telecom Fraud costs the industry over $40B USD annually. This equates to almost 2% of revenues. The most common types of fraud include but are not limited to subscription identity theft and International Revenue Share Fraud (IRSF). This occurs when hackers obtain Subscriber Identity Management numbers (SIMs) from service providers and use them for international roaming status to begin placing outgoing international calls in order to exploit some countries’ high termination rates, or inflate traffic into other high value numbers with the intention of sharing any revenues generated. PBX (Private Branch Exchange) hacking is one of the leading types of fraud globally. In this scenario, a company’s PBX system is compromised and long distance/international calling access is provided to third parties. The CFCA estimates that this type of fraud costs close to $5B annually in lost revenue. Often PBX administrator credentials are used to change call routing configurations. New hosted and virtual PBX services create new types of attack vectors. Often, these types of fraudulent activities are in collaboration with internal employees and collaborators. Passwords are the Keys to the Kingdom Privileged identity access management (IAM) is a key challenge for service providers. On average, a typical user has on average 35% more access rights than needed. In another example, a service provider had roughly 4,000 employees, but over 40,000 privileged user accounts. The boundaries of networks, and between elements within the network themselves are becoming more blurred. Service providers will distribute virtualized infrastructure and VNFs throughout their networks. New configurations, new devices, and new virtualized functions can appear and move.The degrees of automation possible with technologies like SDN and NFV, along with the emergence of the Internet of Things (IoT), requires a redefinition of the term “identity”. New business models enabled by these technologies further opens up service provider networks to a growing community of third-party users. Furthermore, users are accessing network resources from a variety of devices, both fixed and mobile, and from any variety of locations. Traditional, human-focused IAM systems must now accommodate people, processes, and systems. Finding backdoors within networks can be challenging. Finding modifications to network configuration settings that create security pinholes is even more daunting. This challenge is compounded by new technologies such as SDN and NFV which bring more dynamic, programmatic network environments. Incorporating proactive network configuration discovery and auditing is more important than ever, both from a security standpoint as well as from a performance management perspective. Check, Re-Check, Check Again and then Check Some More VMs are typically created from templates which specify key configuration criteria including processor and memory load. In order to assure correct implementation, VMs require a “Gold Image” which defines the set of configuration parameters such as information about the Guest OS, version and patch level. It is important to proactively scan active VMs to ensure that they are properly configured when compared to the “Gold Image”. NIST explicitly recommends that the VM configuration be checked for compliance to configuration settings in these Gold Images in order to minimize configuration errors that may increase the security risk. This is distinctly different from the monitoring of inter-VM traffic. VM “Gold Image” must also be protected with strict access controls. Cloud architectures result in an elastic perimeter. More users throughout an organization, as well as trusted partners increasing risk of data leakage. Privileged user identity and account management strategies to both the hypervisor, consoles and data bases is essential. Service providers spend considerable time and money isolating the source of network performance issues. Processes often include deploying test equipment, capturing traffic, analyzing data, only to isolate the cause of an issue to be the result of a setting on an individual router or switch. Service providers confirm that up to 60% of their network outages and degradations are caused by network configuration errors. This is only going to intensify with NFV which will bring with it orders of magnitude more configurable parameters along with more interdependencies. Ensuring that servers, the VNFs themselves, and all supporting systems are correctly configured, and stay correctly configured, is critical to assuring service delivery performance and service level agreements. Analysis of backhaul network configuration for a mobile service provider spanning more than 10,000 different network elements or 3 www.pipelinepub.com Cybersecurity Goes Mainstream The Communications Fraud Control Association (CFCA) estimates that Telecom Fraud costs the industry over $40B USD annually.
functions from multiple suppliers and close to 30 million configurable parameters identified a considerable number of configuration errors impacting subscriber experience. Numerous security vulnerabilities were also detected. Configuration errors enable 65% of cyberattacks and cause 62% of infrastructure downtime according to a recent published research. UK headquartered service provider BT along with industry research firm Gartner estimate that 65% of cyberattacks exploit systems with vulnerabilities introduced by configuration errors. A review of Annual Incident Reports published by the European Union reveals that 25% of reported incidents in 2013 were the result of human error or malicious actions. The report goes on to cite that incidents caused by malicious actions, had long recovery times (53 hours) on average resulting in 11,600 user hours lost. Moreover, most operators do not correlate the relationship between malicious attacks and outages. The all-IP nature of modern mobile networks creates an expanded attack surface to exploit security vulnerabilities. Discovering and analyzing network configuration parameters along the service path is key to be able to isolate where exactly customer impacts are occurring, and where hidden security vulnerabilities may lurk. Similar to gold standard VM image management in a traditional IT environment, service providers require strategies to import, update, define and manage the lifecycles of “Gold Standard” service templates. Furthermore, using these templates in a proactive, automated fashion to scan the configuration of service chains helps eliminate configuration issues in the first place. Identity and Configuration – The Keys to Improved Network Cybersecurity The recent increase in sophisticated, targeted security threats by both insiders and external attackers has increased the awareness and urgency for comprehensive security strategies. Achieving “network security through obscurity” is no longer an option for service providers. Cybersecurity Goes Mainstream www.pipelinepub.com 4 BT along with industry research firm Gartner estimate that 65% of cyberattacks exploit systems with vulnerabilities introduced by configuration errors. Figure 2
Privileged identity access management strategies must provide granular access control, flexibility, auditability and ease-of-use. Identity data provides critical forensic information. Correlating security events with network configuration data changes or anomalies provides a powerful strategy for service providers to prevent, detect, neutralize and threats. Behavioral analytics helps service providers predict. Networkconfigurationmanagementisaprocessbywhichconfiguration changesareproposed,reviewed,approved,implemented,verified,and re-verified. Implementing configuration management best practice is not only essential to assure network quality but also to mitigate security risks. Often vulnerabilities are the result of misconfigured network security policies. The definition of identity access management must expand to include people, processes, and systems and provide contextual awareness. TechnologiesincludingSDNandNFVdrivetheneedfornewapproaches to holistic network security. The notion of a Secure Network Auditing Platform has emerged which combines identity access management, continuous network configuration data auditing, with value-added network behavior analytics. Learning expected network behavior, correlating network security access events with network configuration changes allows service providers to detect anomalies in order to anticipate, prevent, pin-point, and isolate security policy violations. 5 www.pipelinepub.com © Copyright 2015, Pipeline Publishing, L.L.C. All Rights Reserved Cybersecurity Goes Mainstream About Nakina Systems Nakina offers a suite of Network Integrity applications for managing, securing, and optimizing physical and virtual networks. Nakina’s applications are built upon our Network Integrity Framework - open and modular software platform that abstracts network complexity, normalizes multi-vendor management, and bridges the physical and virtual worlds for Management and Orchestration systems. Our software is proven, trusted and protects the world’s largest and most important networks. For more information, visit our website at www.nakinasystems.com. Nakina Systems 80 Hines Road, Suite 200 Ottawa, Ontario, Canada K2K 2T8 T: +1 613.254.7351 F: +1 613.254.7352 www.nakinasystems.com About the Author Rob Marson is Vice President of Global Marketing at Nakina. In this role, Rob is responsible for directing Nakina’s strategic value proposition. He has authored a number articles and publications about various technology and market inflections and the associated impacts on the communications industry. Rob has held management, business development, and strategic marketing roles at a number of companies including JDSU, LSI and Nortel. Some of Rob’s current focus areas include the network security, management and orchestration transformations created by SDN and NFV. The definition of identity access management must expand to include people, processes, and systems and provide contextual awareness.

Recommended

Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Internet Security Agent
Internet Security AgentInternet Security Agent
Internet Security AgentInternational Journal of Engineering Inventions www.ijeijournal.com
 
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud ComputingA Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computingijsrd.com
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 

Recommended

Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Internet Security Agent
Internet Security AgentInternet Security Agent
Internet Security AgentInternational Journal of Engineering Inventions www.ijeijournal.com
 
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud ComputingA Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computingijsrd.com
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and SystemParam Nanavati
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public SectorSeqrite
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Deepak Mishra
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisCSCJournals
 
IRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different TypesIRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different TypesIRJET Journal
 
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...researchinventy
 
Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsEswar Publications
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution marketSameerShaikh225
 
C018131821
C018131821C018131821
C018131821IOSR Journals
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...eSAT Publishing House
 
Survey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manetSurvey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manetijctet
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
C02
C02C02
C02newbie2019
 
AGILIS: an on-line map reduce environment for collaborative security
AGILIS: an on-line map reduce environment for collaborative securityAGILIS: an on-line map reduce environment for collaborative security
AGILIS: an on-line map reduce environment for collaborative securityRoberto Baldoni
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacksijdmtaiir
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
 
Retail
Retail Retail
Retail CMR WORLD TECH
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingMuhammad FAHAD
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 

More Related Content

What's hot

An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and SystemParam Nanavati
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public SectorSeqrite
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Deepak Mishra
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisCSCJournals
 
IRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different TypesIRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different TypesIRJET Journal
 
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...researchinventy
 
Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsEswar Publications
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution marketSameerShaikh225
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...eSAT Publishing House
 
Survey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manetSurvey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manetijctet
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
AGILIS: an on-line map reduce environment for collaborative security
AGILIS: an on-line map reduce environment for collaborative securityAGILIS: an on-line map reduce environment for collaborative security
AGILIS: an on-line map reduce environment for collaborative securityRoberto Baldoni
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacksijdmtaiir
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 

What's hot (20)

An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and System
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphones
 
5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security Analysis
 
IRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different TypesIRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different Types
 
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
 
Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks Threats
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution market
 
C018131821
C018131821C018131821
C018131821
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
 
Survey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manetSurvey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manet
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
 
C02
C02C02
C02
 
AGILIS: an on-line map reduce environment for collaborative security
AGILIS: an on-line map reduce environment for collaborative securityAGILIS: an on-line map reduce environment for collaborative security
AGILIS: an on-line map reduce environment for collaborative security
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacks
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
 
Retail
Retail Retail
Retail
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modeling
 

Similar to Cybersecurity Goes Mainstream

The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingMuhammad FAHAD
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
Cyber security providers adopt strategic defences
Cyber security providers adopt strategic defences Cyber security providers adopt strategic defences
Cyber security providers adopt strategic defences Markit
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicNetmagic Solutions Pvt. Ltd.
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...iosrjce
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
Risks to Cloud based critical infrastructure -- DHS bulletin
Risks to Cloud based critical infrastructure -- DHS bulletinRisks to Cloud based critical infrastructure -- DHS bulletin
Risks to Cloud based critical infrastructure -- DHS bulletinDavid Sweigert
 
Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...SyvilMaeTapinit
 
IRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET- Security Attacks Detection in Cloud using Machine Learning AlgorithmsIRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET- Security Attacks Detection in Cloud using Machine Learning AlgorithmsIRJET Journal
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443WoMaster
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIOSR Journals
 
8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdfMetaorange
 
Cybersecurity - Poland.pdf
Cybersecurity - Poland.pdfCybersecurity - Poland.pdf
Cybersecurity - Poland.pdfPavelVtek3
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
supply chain management.pptx
supply chain management.pptxsupply chain management.pptx
supply chain management.pptxMinnySkyy
 

Similar to Cybersecurity Goes Mainstream (20)

The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Cyber security providers adopt strategic defences
Cyber security providers adopt strategic defences Cyber security providers adopt strategic defences
Cyber security providers adopt strategic defences
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – Netmagic
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
N017259396
N017259396N017259396
N017259396
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
Risks to Cloud based critical infrastructure -- DHS bulletin
Risks to Cloud based critical infrastructure -- DHS bulletinRisks to Cloud based critical infrastructure -- DHS bulletin
Risks to Cloud based critical infrastructure -- DHS bulletin
 
Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...
 
IRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET- Security Attacks Detection in Cloud using Machine Learning AlgorithmsIRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
 
A017130104
A017130104A017130104
A017130104
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
 
8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf
 
Cybersecurity - Poland.pdf
Cybersecurity - Poland.pdfCybersecurity - Poland.pdf
Cybersecurity - Poland.pdf
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
 
supply chain management.pptx
supply chain management.pptxsupply chain management.pptx
supply chain management.pptx
 

Cybersecurity Goes Mainstream

  • 1.
  • 2. Back to the Future I recently read an article online entitled: “Virtualization is Going Mainstream”. The dateline was January 1, 2006. It’s a good reminder that while the service provider industry working on deploying virtualized networks, the concepts and technologies themselves are not new. Cybersecurity, specifically securing access to physical and virtual networks and resources, is another key area. A recently released study by Kasperksky Labs concludes that when a security incident involves virtual machines, the recovery costs double compared to that of a traditional environment. It is clear that some of the operational challenges encountered from the enterprise IT experience could be harbingers to some of what awaits service providers as they race to virtualize their networks and implement new technologies such as Software Defined Networks (SDN) and Network Function Virtualization (NFV). The Days of Security-Through-Obscurity Have Ended Service provider networks are complex by nature – they span multiple technologies, vendors, geographies, and support millions of end users. Services will extend across wired and mobile networks, and span virtual and physical infrastructure. Equally complex are the business processes and operational challenges to order, administer, maintain and scale services. Management, security, and visibility strategies must also become flexible and adaptable enough to address hybrid environments that encompass both legacy and newly virtualized functions. It’s vital to remember that services traverse heterogeneous, physical and virtual networks. Service provider networks have, in the past, been shielded from a lot of security threats because of obscurity. Proprietary protocols and custom hardware required specialized skill sets. That all changes with SDN and NFV. Admittedly, there are many considerable and important differences between enterprise virtual machine (VM) workloads and the data plane intensive virtual network functions (VNFs) that will be used by communication service providers like components of a mobile evolved packet core (EPC) such MMEs, SGWs, and IMS core elements. Therefore, implementing mission-sensitive networking applications using cloud technologies may impact performance in unforeseen or unacceptable ways, require accurate system configurations, and could introduce new unintended security risks. Traditional hardware-based networks are not immune from security attacks either. In the past, attackers were primarily targeting infrastructure devices to create denial of service (DoS) situations. Increasingly, networking devices such as routers are becoming a high-value target for attackers. By penetrating network infrastructure attackers can gain access data flows as well as launch attacks against other parts of the infrastructure. Take, for example, the recently SYNful Knock attack. While the attack could be possible on any router, the targets were Cisco routers and involved a modification of the router’s firmware image creating backdoors for attackers. The backdoor password provides access to the router through the console and Telnet. This attack isn’t the result of a problem or vulnerability the router itself the result of attackers obtaining administrative credentials allowing them to load a modified version of operating system software. The keys to this attack are nearly always privileged user credentials. The Hypervisor – Protect at all Costs There are many potential security issues with the various components of a virtualized infrastructure, and no component is more critical than the hypervisor – the foundational element of virtualization. The hypervisor is a piece of software that provides abstraction of 1 www.pipelinepub.com Volume 12, Issue 5 Cybersecurity Goes Mainstream By Rob Marson
  • 3. all physical resources such as CPU, memory, network and storage. It enables multiple computing stacks consisting of an operating systems, middleware and applications to be run on a single physical host. Individual computing stacks are encapsulated into instances called Virtual Machines (VMs), which are independent executable entities. VMs are also referred to as “Guests” and the operating system (OS) running inside each of them as “Guest OS”. The hypervisor performs many of the roles a conventional OS does on a non-virtualized host or server. It provides isolation between the various applications, or processes, running on a server. The hypervisor controls VM access to physical hardware resources as well as provides isolation among VMs. There a number of security threats to the hypervisor and many of these threats emanate from insiders, such as virtualization, network, cloud and security administrators, in addition to threats from external attackers. The National Institute of Standards and Technology (NIST) recently published some important research in a Special Publication 800-125-A on the potential security threats to hypervisors, and recommendations to mitigate them. Don’t Forget to Lock the Side Door ARogue VMs pose significant threats to hypervisor security. Rogue VMs can initiate side channel-attacks from target VMs running on the same physical host. A rogue VM could hijack control of the hypervisor, performing malicious actions such as installing rootkits as well as launch attacks on another VM on the same virtualized host. A rogue VM could also manipulate virtual switch configurations and compromise isolation between VMs to snoop on east-west network traffic between VMs. More often than not, attacks launched from rogue VMs are permitted because of incorrectly configured settings and parameters. Other attacks on the hypervisor include resource starvation leading to denial of service attacks, or a hypervisor providing privileged access to a virtual security tool that could in turn be exploited. A misconfigured VM may consume shared compute and memory, resulting in other VMs being starved. Hypervisors provide privileged interfaces which can be targeted by rogue VMs. Privileged operations such as memory management can be invoked by rogue VMs and executed by the hypervisor. Identity is the new Perimeter, Especially for Privileged Users Traditional approaches to privileged identity management emphasize perimeter-based security controls. Relying solely on firewalls and perimeter-based security strategies still expose networks to insider threats, a growing risk. Increasingly, external hackers are targeting privileged users with sophisticated phishing attacks. Cyber-attackers commonly use a combination of social engineering and malware, often in the form of an email phishing attack. Specifically, they target an organization using information harvested via social engineering, social media, and open source data, and then lure unsuspecting users into downloading malware onto their computers. The attackers’ objective is gaining account credentials or personally identifiable information, contact information and links to other accounts, including those to networks. Attackers typically remain present for long periods of time, moving laterally across systems and organizations. Incident response firm Mandiant has reported that the average mean time to detection for network security breaches is 205 days. During this phase, it’s likely that the attacker is using the legitimate credentials. As a result, service provider network and security operations teams are increasingly the target of phishing attacks. In a recent case, a service provider’s network was compromised in this fashion allowing hackers access to modify the configuration network firewalls in order to create persistent pinholes into the network for snooping. Cybersecurity Goes Mainstream www.pipelinepub.com 2 The Communications Fraud Control Association (CFCA) estimates that Telecom Fraud costs the industry over $40B USD annually. Figure 1
  • 4. Fraud is another critical threat facing communication service providers. The Communications Fraud Control Association (CFCA) estimates that Telecom Fraud costs the industry over $40B USD annually. This equates to almost 2% of revenues. The most common types of fraud include but are not limited to subscription identity theft and International Revenue Share Fraud (IRSF). This occurs when hackers obtain Subscriber Identity Management numbers (SIMs) from service providers and use them for international roaming status to begin placing outgoing international calls in order to exploit some countries’ high termination rates, or inflate traffic into other high value numbers with the intention of sharing any revenues generated. PBX (Private Branch Exchange) hacking is one of the leading types of fraud globally. In this scenario, a company’s PBX system is compromised and long distance/international calling access is provided to third parties. The CFCA estimates that this type of fraud costs close to $5B annually in lost revenue. Often PBX administrator credentials are used to change call routing configurations. New hosted and virtual PBX services create new types of attack vectors. Often, these types of fraudulent activities are in collaboration with internal employees and collaborators. Passwords are the Keys to the Kingdom Privileged identity access management (IAM) is a key challenge for service providers. On average, a typical user has on average 35% more access rights than needed. In another example, a service provider had roughly 4,000 employees, but over 40,000 privileged user accounts. The boundaries of networks, and between elements within the network themselves are becoming more blurred. Service providers will distribute virtualized infrastructure and VNFs throughout their networks. New configurations, new devices, and new virtualized functions can appear and move.The degrees of automation possible with technologies like SDN and NFV, along with the emergence of the Internet of Things (IoT), requires a redefinition of the term “identity”. New business models enabled by these technologies further opens up service provider networks to a growing community of third-party users. Furthermore, users are accessing network resources from a variety of devices, both fixed and mobile, and from any variety of locations. Traditional, human-focused IAM systems must now accommodate people, processes, and systems. Finding backdoors within networks can be challenging. Finding modifications to network configuration settings that create security pinholes is even more daunting. This challenge is compounded by new technologies such as SDN and NFV which bring more dynamic, programmatic network environments. Incorporating proactive network configuration discovery and auditing is more important than ever, both from a security standpoint as well as from a performance management perspective. Check, Re-Check, Check Again and then Check Some More VMs are typically created from templates which specify key configuration criteria including processor and memory load. In order to assure correct implementation, VMs require a “Gold Image” which defines the set of configuration parameters such as information about the Guest OS, version and patch level. It is important to proactively scan active VMs to ensure that they are properly configured when compared to the “Gold Image”. NIST explicitly recommends that the VM configuration be checked for compliance to configuration settings in these Gold Images in order to minimize configuration errors that may increase the security risk. This is distinctly different from the monitoring of inter-VM traffic. VM “Gold Image” must also be protected with strict access controls. Cloud architectures result in an elastic perimeter. More users throughout an organization, as well as trusted partners increasing risk of data leakage. Privileged user identity and account management strategies to both the hypervisor, consoles and data bases is essential. Service providers spend considerable time and money isolating the source of network performance issues. Processes often include deploying test equipment, capturing traffic, analyzing data, only to isolate the cause of an issue to be the result of a setting on an individual router or switch. Service providers confirm that up to 60% of their network outages and degradations are caused by network configuration errors. This is only going to intensify with NFV which will bring with it orders of magnitude more configurable parameters along with more interdependencies. Ensuring that servers, the VNFs themselves, and all supporting systems are correctly configured, and stay correctly configured, is critical to assuring service delivery performance and service level agreements. Analysis of backhaul network configuration for a mobile service provider spanning more than 10,000 different network elements or 3 www.pipelinepub.com Cybersecurity Goes Mainstream The Communications Fraud Control Association (CFCA) estimates that Telecom Fraud costs the industry over $40B USD annually.
  • 5. functions from multiple suppliers and close to 30 million configurable parameters identified a considerable number of configuration errors impacting subscriber experience. Numerous security vulnerabilities were also detected. Configuration errors enable 65% of cyberattacks and cause 62% of infrastructure downtime according to a recent published research. UK headquartered service provider BT along with industry research firm Gartner estimate that 65% of cyberattacks exploit systems with vulnerabilities introduced by configuration errors. A review of Annual Incident Reports published by the European Union reveals that 25% of reported incidents in 2013 were the result of human error or malicious actions. The report goes on to cite that incidents caused by malicious actions, had long recovery times (53 hours) on average resulting in 11,600 user hours lost. Moreover, most operators do not correlate the relationship between malicious attacks and outages. The all-IP nature of modern mobile networks creates an expanded attack surface to exploit security vulnerabilities. Discovering and analyzing network configuration parameters along the service path is key to be able to isolate where exactly customer impacts are occurring, and where hidden security vulnerabilities may lurk. Similar to gold standard VM image management in a traditional IT environment, service providers require strategies to import, update, define and manage the lifecycles of “Gold Standard” service templates. Furthermore, using these templates in a proactive, automated fashion to scan the configuration of service chains helps eliminate configuration issues in the first place. Identity and Configuration – The Keys to Improved Network Cybersecurity The recent increase in sophisticated, targeted security threats by both insiders and external attackers has increased the awareness and urgency for comprehensive security strategies. Achieving “network security through obscurity” is no longer an option for service providers. Cybersecurity Goes Mainstream www.pipelinepub.com 4 BT along with industry research firm Gartner estimate that 65% of cyberattacks exploit systems with vulnerabilities introduced by configuration errors. Figure 2
  • 6. Privileged identity access management strategies must provide granular access control, flexibility, auditability and ease-of-use. Identity data provides critical forensic information. Correlating security events with network configuration data changes or anomalies provides a powerful strategy for service providers to prevent, detect, neutralize and threats. Behavioral analytics helps service providers predict. Networkconfigurationmanagementisaprocessbywhichconfiguration changesareproposed,reviewed,approved,implemented,verified,and re-verified. Implementing configuration management best practice is not only essential to assure network quality but also to mitigate security risks. Often vulnerabilities are the result of misconfigured network security policies. The definition of identity access management must expand to include people, processes, and systems and provide contextual awareness. TechnologiesincludingSDNandNFVdrivetheneedfornewapproaches to holistic network security. The notion of a Secure Network Auditing Platform has emerged which combines identity access management, continuous network configuration data auditing, with value-added network behavior analytics. Learning expected network behavior, correlating network security access events with network configuration changes allows service providers to detect anomalies in order to anticipate, prevent, pin-point, and isolate security policy violations. 5 www.pipelinepub.com © Copyright 2015, Pipeline Publishing, L.L.C. All Rights Reserved Cybersecurity Goes Mainstream About Nakina Systems Nakina offers a suite of Network Integrity applications for managing, securing, and optimizing physical and virtual networks. Nakina’s applications are built upon our Network Integrity Framework - open and modular software platform that abstracts network complexity, normalizes multi-vendor management, and bridges the physical and virtual worlds for Management and Orchestration systems. Our software is proven, trusted and protects the world’s largest and most important networks. For more information, visit our website at www.nakinasystems.com. Nakina Systems 80 Hines Road, Suite 200 Ottawa, Ontario, Canada K2K 2T8 T: +1 613.254.7351 F: +1 613.254.7352 www.nakinasystems.com About the Author Rob Marson is Vice President of Global Marketing at Nakina. In this role, Rob is responsible for directing Nakina’s strategic value proposition. He has authored a number articles and publications about various technology and market inflections and the associated impacts on the communications industry. Rob has held management, business development, and strategic marketing roles at a number of companies including JDSU, LSI and Nortel. Some of Rob’s current focus areas include the network security, management and orchestration transformations created by SDN and NFV. The definition of identity access management must expand to include people, processes, and systems and provide contextual awareness.