|
Contributors | Messages | Polls | Resources |
|
AT&T's Porter on Strengthening Web-Based Security
In response to the rapidly changing shape of security threats, service providers are utilizing more tools that rely on big data analytics and advanced algorithms to speed response time to new and emerging threats. Telco Transformation recently spoke with Jason Porter, Security Solutions vice president for AT&T, about how AT&T is using its Cloud Web Security and Threat Manager Log Analysis tools to detect and thwart security threats to customers from a variety of verticals (See AT&T's Jason Porter on Leveraging Big Data Analytics to Bolster Cybersecurity.) In part one, Porter focused on how AT&T Inc. (NYSE: T) leverages big data analytics to power Threat Manager Log Analysis. In part two of the Q&A, Porter goes into more detail about how Cloud Web Security works as well as a case study on how AT&T uses these security tools to protect the network and sensitive data for Community Based Care (CBC) of Central Florida, a non-profit child welfare services agency that supports over 3,000 children a day.
Telco Transformation: What does AT&T Cloud Web Security do and how does it identify and mitigate security threats? Jason Porter: Cloud Web Security is very much like the name says, it's web-based security, so basically what we do is send traffic going to or coming from websites or companies through a gateway and that gateway is looking for malicious behavior. So again, it has blacklists and whitelists so we know, for example, a bunch of malicious sites that are out there so if you're going to those malicious sites then there's high likelihood of malware, that you've been phished. So you're going out to a malicious site that will either exfiltrate your data or infiltrate and insert malware into your system, and we need to stop that ingress and egress of your sensitive data. We put this web proxy in the middle that's helping to analyze that and again it feeds the threat platform so that as the threat platform is identifying [threats] -- like just last week we found a new malicious multi-tenant storage service site that popped up in one of our customers that had never been seen before. Once we identified that site, we add it to the list in our web proxy to make sure that no traffic is headed toward that multi-tenant storage service site because it's a known malicious site at this point. TT: Do you have a case study or success story to share about the use of Cloud Web Security? Can you tell me more about the Community Based Care example? JP: I think the story about [about Community Based Care (CBC) of Central Florida] -- you have foster care workers that are out trying to protect children and they're using their in-devices. They're going to and from different sites and we don't want them downloading malware. If they did download malware, we don't want their device to distribute say sensitive information about the children to some unknown site or malicious site. This gateway sits in the middle of that as a way to help protect the usage of that employee, that case worker's device and therefore protect childrens' information. So this one has both personal and commercial needs for me, I have an adopted daughter and my wife leads our church's ministry on adoption and orphan care, and so we're very tied into the community of fostering and adoption. When we saw this one, my heart goes out to this group, and we understand the seriousness of protecting those children who are already in a vulnerable situation. So if their information gets out -- healthcare data, information about their social security number and so forth -- those things can have serious implications for that child and create an entirely new challenge that is unnecessary for those kids. What we're doing there is protecting those in-devices and using that threat platform to continue to improve that. The value of it for CBC of Central Florida is when we detect something else -- like the use case [about the multi-tenant storage service site]... We had two different examples that popped up last week. In one, our threat platform identified that malware had been inserted into many servers in one of our customers, and all of a sudden a new IP address showed up in that environment and all of these servers that hadn't been talking to this IP address for months -- our big data algorithms have been watching this environment for months. All of a sudden, a new IP address pops in and within minutes, many servers start sending traffic to that site. So that behavior, our ability to see the logs from the firewall, the local area network and the IP flows, plus our MPLS backbone, we were able to correlate that all of that data was going to a malicious multi-tenant storage service site, and we were able to stop that activity and even better, take the learnings from that and share it with Community Based Care of Central Florida. Now CBC of Central Florida doesn't also have to learn that that's a malicious site. AT&T has protected them from that. The second case we found last week wasn't as harmful but we identified a 'malvertising' event. Similar story in the start -- malware was placed into a number of servers inside one of our customer's environment and this one wasn't the same with the unique IP address popping in -- that was different. In this one, the servers all started communicating out to different sites to the tune of 200 sites a minute, alternating IP addresses like .2, .4 .6. It was moving in a pattern though, through the servers in the local environment and it was communicating at the end of the day to 40,000 different unique IP addresses on the web. Because we could see the web and the local area, we found that they went to 40,000 advertising sites and what they were trying to do was drive up impressions leveraging this harmless company. This company had no idea it was participating in a scam to try and help an advertising agency get paid more by driving up more impressions. We were able to stop that as well and keep that company from having to spend extra money and incur costs that it had no idea it was participating in. TT: What are some other problems and security challenges Cloud Web Security and Threat Manager address for your customers? JP: To me the most important thing is that Cloud Web Security is one of our defensive controls and it was one of the sensitive areas as we looked at that particular situation with the case workers, but again, we're taking the feeds from all of our network endpoints and all of our security controls to make our threat platform as powerful as it can be. We see 137 petabytes of traffic everyday and we're putting that data into the threat platform. We have 200 million end points that we're looking at behaviors and trends from and we also have one of the largest bases of managed security customers in the world that allows us to pull in all of the security controls, all the logs from firewalls and everything else. At the end of the day it gives us a unique opportunity to help protect our customers through kind of shared protection. What we see in one bank we share with others, what we see in one pharmaceutical company, we share with others, or in one non-profit we share with others. Unique attack types can sometimes specialize on industry but then we also share across so that what you learn in a bank will make its way to a pharmaceutical or a manufacturing company. We're able to share those learnings so not everyone has to learn independently. — Kelsey Kusterer Ziser, Senior Editor, Light Reading |
In part two of this Q&A, the carrier's group head of network virtualization, SDN and NFV calls on vendors to move faster and lead the cloudification charge.
It's time to focus on cloudification instead, Fran Heeran, the group head of Network Virtualization, SDN and NFV at Vodafone, says.
5G must coexist with LTE, 3G and a host of technologies that will ride on top of it, says Arnaud Vamparys, Orange Network Labs' senior vice president for radio networks.
The OpenStack Foundation's Ildiko Vancsa suggests that 5G readiness means never abandoning telco applications and infrastructures once they're 'cloudy enough.'
IDC's John Delaney talks about how telecom CIOs are addressing the relationship between 5G, automation and virtualization, while cautioning that they might be forgetting the basics.
On-the-Air Thursdays Digital Audio
ARCHIVED | December 7, 2017, 12pm EST
Orange has been one of the leading proponents of SDN and NFV. In this Telco Transformation radio show, Orange's John Isch provides some perspective on his company's NFV/SDN journey.
Special Huawei Video
Huawei Network Transformation Seminar The adoption of virtualization technology and cloud architectures by telecom network operators is now well underway but there is still a long way to go before the transition to an era of Network Functions Cloudification (NFC) is complete. |
|
|
||
Telco Transformation
About Us
Contact Us
Help
Register
Twitter
Facebook
RSS
Copyright © 2024 Light Reading, part of Informa Tech, a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use in partnership with
|