Virtualisation has changed how the industry views security, says Bernd Kunze. Virtualisation has changed how the industry views security, says Bernd Kunze.

By Bernd Kunze

Telecoms networks have undergone a big transformation recently, driven by the move from 3G to 4G, LTE and the explosion of IoT connected devices.

Earlier this year, Gartner forecasted that 8.4 billion connected “things” will be in use worldwide in 2017. Mobile devices have also experienced their own transformation, now every bit as powerful and ubiquitous as regular computers. The volume and variety of data they store has increased dramatically, putting more pressure on networks and service providers to meet the demand without disruption.

Recent advances in network software, namely SDN and NFV, have allowed service providers to transform their networks to meet the changing requirements from the customers they serve. The combined effect of the two offers better control of the network, flexibility when deploying services, scalability and the ability of full motion control for where in the network the virtual instance is run. Another benefit which must be observed closely is security. This continues to be a major challenge for operators, as they look to provision and manage their network infrastructure while, at the same time, their customers must be able to run their own firewalls and virtual space.

Protecting the reputation

The threat landscape facing mobile networks has broadened from the SMS-based attacks of early mobile phone days, to a wider attack surface which threatens the device, application and network. For example, the success of Pokémon Go in 2016 gave rise to the number of rogue apps targeting users that promised cheats, tips, and other functionalities. While the Mirai botnet was an example of hackers infecting vulnerable IoT devices as a weapon to carry out DDoS attacks on telecoms organisations. Earlier this year, the notorious WannaCry ransomware attack also wreaked havoc across the world, with companies such as Telefonica and the NHS targeted.

With the increasing variety and sophistication of threat vectors, including social engineering, malware, DDoS attacks, and more, it is critical for modern LTE network operators to protect themselves and their clients from potential attacks. Hackers can use their networks as weapons and therefore, the blame falls on them when they are unable to prevent the attacks from happening. Their reputation is at stake and their fate lies in their response to the threats.

Fortunately, the virtualisation of carrier networks has changed the way the industry views security. Service providers have responded by adding layers of security defences to protect against these attacks.

Simplified security

The virtualisation of networks can make security easier and more cost-effective for service providers across infrastructure. For example, in the past, service providers would need to assess where the largest amount of traffic was coming from in the network to deploy security in response. However, virtualisation improves the ability to detect threats anywhere in the cloud and deploy security more efficiently. Once service providers have protected their physical infrastructure, orchestration tools make it easier to spin up a virtual firewall.

Still, the argument of simplified security should be approached with caution. The overall attack risk is potentially larger under NFV, with multiple control and data planes now present. Service providers are currently dealing with a physical layer where their SDN components are run, which is then abstracted for use by virtual instances. The physical infrastructure, as well as the virtual instances, have their own security requirements which must be met.

Maintaining security and resilience

With the increased complexity that virtualisation brings, service providers need to look at the resources they want to protect and make a judgement on whether they are worth protecting. Once the decision has been made, they need to choose the best mitigation response for this type of attack.

The core technologies to deploy would include DDoS defence and a Web Application Firewall (WAF), alongside the implementation of a Logging as a Service (LaaS) architectural model to understand what source is generating what type of attacks. This will enable the provider to determine the type of defences required to mitigate the attack, without affecting the services that are not under attack.

About the author: Bernd Kunze is solutions architect at F5 Networks.