Most large scale providers manage Distributed Denial of Service (DDoS) attacks by spreading the attack over as many servers as possible, and simply “eating” the traffic. This traffic spreading routine is normally accomplished using Border Gateway Protocol (BGP) communities and selective advertisement of reachable destinations, combined with the use of anycast to regionalize and manage load sharing on inbound network paths. But what about the smaller operator, who may only have two or three entry points, and does not have a large number of servers, or a large aggregate edge bandwidth, to react to DDoS attacks?
Topics: Cyber Security
When initially introduced into the market, optical encryption was a niche application looking for a market. Optical encryption protects primarily against fiber tapping and traffic cloning, which were not viewed as widespread threats a few years ago.
At my recent presentation to the 2016 Canadian Utilities Information & Communications Technology Conference in Toronto entitled “Is Your Network Secure or Secured?” I started by explaining to the audience that the purpose of any good security lecture is to scare the audience.
The LightReading Big Communications Event (BCE) for 2017 was held May 24th and 25th in Austin, Texas. The attendees list was strong and the presentations were certainly worth the cost of admission. The show presented a microcosm of the significant issues and themes confronting the telecommunications industry as a whole, with a significant focus on virtualization of network functionality. Other major themes of the show included security, automation, and disaggregation. All of these topics showed up throughout vendor and service provider presentations alike.
Up until the late 2000s, implementing carrier-grade security solutions involved a great deal of struggle and multiple appliances were installed all over the network. Ordinary servers weren’t built to handle the resource-intensive software that would monitor and protect your network. In the modern day, COTS servers have greatly increased their capabilities, allowing complex applications to run on general-purpose computing machines. The next obvious step is to run network security applications using NFV.
Service providers are bleeding! Over the last few years, service providers have had their lunch absolutely devoured by OTT (Over the Top) applications and services: When Skype (or WhatsApp, or Google Hangouts, or Facebook Messenger) allows users to make calls over Wi-Fi and data, for example, consumers pay less than a network would charge them for making an ordinary phone call. When users use the chat functions embedded in these apps, service providers can’t capture the revenue provided by text-messaging rates. When someone cuts the cord and switches to exclusively watching Netflix (or Hulu or Amazon Instant Video), then an entire cable bill’s worth of revenue is lost. As of 2014, telecom companies alone have lost $386 billion to OTT apps, and the meter is still running.
While many organizations see network functions virtualization (NFV) solutions as a technology for making their infrastructure more dynamic and efficient, most fail to realize that it can also be leveraged to make cyber security programs more effective. Instead of having to deploy multiple, dedicated security appliances that uniformly inspect all network traffic in the same way, NFV can be leveraged by companies to take a more holistic and adaptive approach to configuring security policy.
For 25 years, the world’s leading cybersecurity professionals have gathered for the RSA Conference—and this year seemed bigger than ever in San Francisco. We had a great time exhibiting at RSA Conference 2016; but we realize you may not have been able to make the trip to California to meet with us.
Topics: Cyber Security
The recent power outages in the Ukrainian city of Ivano-Frankivsk have become a subject of global concern. The outages, which were caused by targeted cyber attacks on two major power suppliers in the region, were implemented via malware smuggled into their industrial control systems (ICS).