Traditional telecom networks are based on closed operating system infrastructures that can be effectively protected from hacking and other attacks. Using SDN and NFV technologies for next generation network infrastructures offers benefits like openness, remote programmability, agility and other advantages of IT-like networks. However, the similarity to IT networks that makes SDN/NFV networks advantageous for communications service providers (CSPs) also makes them vulnerable to the full range of cyberattacks that target IT networks.
As network technology moves from single-purpose devices to computed elements with network functions provided as virtualized services (VNF) and which use open protocols like Linux, OpenStack, OpenFlow and more. As they do so, the infrastructure becomes exposed to cyber threats.
The NFVI planes must be protected from advanced persistent threats (APTs) such as flooding and direct denial of service (DDoS); from threats to hypervisor/vSwitch appliances on the control plane; and from malware, remote access threats and specific attacks on the application (VMs) plane. In addition, MitB, open source and spoofing attacks pose threats to all open network layers.
On open networks, these and other advanced persistent threats (APTs) bypass existing security solutions that use log file data from security appliances on the core network to analyze security breaches. APTs can hide undetected in a network and on endpoints for months, stealthily capturing and reporting on data passing through the network, which leaves the network open to penetration by undetected attackers.
Solution Building Blocks
NFV CyberGuard consists of three building blocks:
1. TVE detection agents that are embedded in the CloudMetro platform or other NFV white box, and additional security probes which collect data
2. Big data analytics for aggregation and analysis of metadata and identification of anomalies
3. SDN controller of the EdgeGenie Orchestrator, which takes immediate network-wide action to neutralize threats
Four Steps to Cybersecurity
The NFV CyberGuard solution leverages sophisticated algorithms, probes and big-data analytics to protect NFV and SDN networks from threats, in a continuous four-stage process.
Collection – in the collection stage, embedded agents running on the CloudMetro TVE engine, together with other security probes, extract metadata and context, gather information about wire speed and hardware acceleration and perform full session reconstruction. All data is maintained in the NFV CyberGuard real-time database of expected network behavior.
For CSPs and small-medium-businesses (SMBs) using third-party L2 switches, Telco Systems provides an NFV CyberGuard plug-in that filters flows entering the CSP’s TVE virtualization engine and controls the L2 switch to block flows from penetrating the network when threats or malware are detected.
Aggregation – big data techniques for recording, indexing and analysis are applied in the aggregation phase to definitively identify and characterize threats. Data gathered in previous phases is filtered, re-aggregated, correlated, and investigated using network situational awareness, information discovery, advanced detection forensics and real-time analytics.
Detection – network anomalies and threats are detected by monitoring sensors. The sensors leverage predictions and algorithms to pinpoint suspicious activity, and cyber protection policies are applied across the entire network, to the edge, for full network visibility.
Action – once anomalies are identified, characterized and located, the NFV CyberGuard agent instantaneously activates EdgeGenie Orchestrator, Telco Systems’ advanced SDN/NFV network management and orchestration system, to take immediate network-wide action to neutralize threats before they cause damage. NFV CyberGuard provides centralized control and orchestration for actions such as remotely change the IP/MPLS control plane or altering routing to shut off flows, service VNFs, and devices. Networks bypasses are established and deployed to reroute and redirect data flows.
Providing Cybersecurity as a VNF Service
vCyberGuard, the security-as-a-service version of NFV CyberGuard technology, enables telecommunications network operators to offer value-added IT management and security services for enterprise customers via a virtualized cyber-probe in the operator device. Security services are centrally managed, with actions executed by vCyberGuard based on each customer’s needs and service-level agreements.
|Categories||Security > Security Management and Analytics|
Use of the SDxCentral service directory is governed by our Terms of Service, including without limitation those sections under the headings "CONTENT", "LICENSING AND OTHER TERMS APPLYING TO CONTENT POSTED ON THE SDXCENTRAL SITES", "INDEMNITY; DISCLAIMER; LIMITATION OF LIABILITY" AND "COPYRIGHTS". Under no circumstances will SDxCentral be liable in any way for any Content, including, but not limited to, liability for any errors or omissions in any Content or for any loss or damage of any kind incurred as a result of the use of any Content posted, emailed or otherwise transmitted via the Sites.