Main Benefits of Network Security Automation - Ericsson

Main Benefits of Network Security Automation – Ericsson

Communications service providers (CSPs) and mission-critical service providers face growing security challenges and a rapidly changing threat landscape. To deliver reliable 5G services, CSPs need more capabilities to continuously protect these services and detect and respond to threats. Additionally, these capabilities need to be well integrated and lifecycle managed with the network infrastructure.

To minimize business risk in their operations, CSPs need to change the way they manage security and move to automated, policy-based and intelligent fit-for-purpose security solutions that support emerging dynamic networks. The earlier this transition is performed, the better. With decades of experience in the telecommunications security industry, here’s my take on how CSPs can protect their assets and gain a better understanding of network security automation.

Addressing the reality of security for CSPs

The evolution of the network introduces dynamic, distributed and open networks to support various services, including industry-specific use cases. These networks open up endless opportunities for society and accelerate digitization. However, as networks are becoming dynamic, distributed and smarter, security must be on par.

Increased pressure on the network

New and advanced industry use cases put pressure on network requirements. With 5G, networks will act as critical infrastructures to facilitate digitization, automation and connectivity to machines, robots, transportation solutions, etc. Therefore, there is a significant value at stake and, therefore, also a significantly different risk tolerance. 5G marks the beginning of a new era of network security.

The telecom industry and 5G are domains of their own with mission-critical resources and specific protocols. This requires skills, an understanding of relevant security risks, and ensuring that solutions are well integrated with the telecommunications and 5G environment.

Manage dynamic and evolving networks

Furthermore, an additional security challenge is the dynamic nature of networks. It happens in two dimensions; First, networks are dynamic and distributed to adapt to business needs and support diverse industry use cases. Consequently, security must track these dynamic networks in real time. Second, networks must continually evolve with new capabilities and add value to businesses. This requires continuous integration and continuous implementation (CI / CD). Security monitoring and management must be tightly integrated with network products to reduce the time-to-market of new features. As networks are becoming the foundation of society, there are also increased network security regulations driving the need for security visibility and control – this is accomplished efficiently by automation.

How prepared are the CSPs?

When I try to understand the level of readiness among CSPs, my conversations with them and my research indicate a major change. This is no surprise and many trends point in the same direction. According to Ernst & Young, CSPs face these changing sentiments amid growing cyberattacks, with 75% reporting an increase in cyberattacks over the past twelve months. Responding effectively is a crucial concern – 47% say they have never been more concerned about their ability to handle cyber threats.

IBM’s contribution shows that in 2019, 16% of companies said they have a fully automated network security solution, while 36% said they have a partially automated solution. Another 36% reported they do not have automated security but plan to implement it in the next 24 months. Finally, 12% did not have an automated security solution and had no plans to implement it. These figures refer to enterprises in general and are not specific to CSPs. The degree of automation is probably even lower in telecommunications networks; however, it is clear that telecommunications networks will follow the same path to automation. The ENISA report on telecommunications security incidents of 2020 points out that incidents caused by human error in 2020 reached 26% of the total number of incidents. One more reason to increase the level of automation.

Equipped with 3 safety pillars: protection, detection and response, managed by automation

Protection

I see a strong trend to increase automation for threat detection and incident response in the security market; this is for very good reasons. One area that should always come first is protection; the better protected you are at all times, the better off you are when under attack.

One of the main challenges is the introduction of dynamic and distributed networks and cloud-native environments – protection must follow. This challenge is solved with security automation and orchestration, where security policies fit for purpose are automatically set in the network infrastructure. Security policies ensure that the infrastructure has the desired and consistent level of security across domains. This means policies that enable holistic security, such as identity and access security, data and traffic protection, and valid certificates. In addition, automation ensures robust network configurations between domains, making intrusion or lateral movement difficult for an attacker. It also serves as a solid reference of “what is normal in the complex system” – this also allows for effective detection of breaches. This is one of the reasons why automated security management solutions that combine protection and detection capabilities become so effective.

The value of security automation is already evident with traditional networks up to 4G. With 5G, network security automation is becoming mandatory and offers benefits in scaling security, not least with the introduction of network slicing. With security automation, you also have support for splitting specific security policy sets. This enables tailored security for different network sections targeting different industries, including mission-critical companies or government functions.

Detection

Detection

Once effective network security is established and under control, the focus will be on detecting threats and vulnerabilities. An obvious vulnerability that needs to be monitored is the lack of compliance with security policies. Compliance must be continuously detected and corrected. It is also a good idea to analyze the root cause of a policy change. For example, this could be a legitimate interim change in the configuration of a policy or an attacker who tampered with security to gain greater access to the system or disable security logging. This can be effectively managed with automation.

Additionally, CSPs need to detect threats in their domains such as Radio Access Network (RAN) infrastructure, Core and OSS / BSS, considering the transformation to cloud native architecture.

Answer

What can we learn? Harnessing the lessons learned is a fundamental force for humanity and, likewise, it is needed within the domain of network security. A successful security strategy must start with robust protection, which always includes detecting domain-specific threats and vulnerabilities and then responding. Some threats are so significant that they should be assigned to incident response teams. Resources who have the right domain knowledge to analyze threats at a deeper level based on data and insights from fit-for-purpose security tools understand what’s going on and what actions need to be taken. Breaches and incidents are also feedback to the security solution for continuous improvements, such as leading to new or improved security policies.

What we often discover is that the answers are often very manual, even for rather elementary needs such as non-compliance with policies. These have a clear action that can be automated. To respond quickly, security automation must be tightly integrated with other software involved in network management and orchestration, such as telecommunications orchestrators.

Benefit from network security automation

In my opinion, the ultimate goal is that security always adapts to the dynamic network and is constantly evolving with the threat landscape. To achieve this, automated processes are the answer that provides security to CSPs for their ongoing network deployment and operations. This will save a lot of manual and error-prone labor, address the lack of personnel for security operations, and will be a key factor in managing security for advanced networks. Additionally, CSPs will benefit from automation to protect, detect and respond through security automation fully integrated with networks; the sooner that journey begins, the better.

With an evolving, fit-for-purpose, automated security orchestration solution well integrated with a multivendor telecommunications infrastructure, CSPs achieve their ultimate goal by continuously monitoring security compliance, detecting and responding to new threats, and supporting security operations. safety at low cost.

Learn more about how we can protect your assets.

—————-

References:

How can risk prediction lead to new insights? | EY – Global

2019 Cost of a data breach report (ibm.com)

ENISA report on telecommunications security incidents

Leave a Comment

Your email address will not be published.