IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Opinion: How to ensure security during an IT transformation...
Wed, 17th Sep 2014
FYI, this story is more than a year old

With social networking, mobile devices and cloud computing solutions being used more pervasively, we will see a transformational change in how service providers and large organisations deploy and enable security in their revenue-generating network infrastructure.

Recent worldwide security breaches, among even security conscious companies, have shone an uncomfortable spotlight on corporate security and compliance measures.

Security professionals and network administrators have to walk a fine line between enforcing application security against increasingly sophisticated cyber attacks, while providing sufficient access for their corporate customers.

Service providers such as cloud providers, web hosting services, ISPs and large enterprises all require an environment that is highly available and secure.

Any failure to resolve prevailing security threats such as cyber intrusions and distributed denial of service (DDoS) attacks can present costly and complicated scenarios for them.

DDoS attacks have become a significant and escalating threat for businesses. They have grown dramatically over past years in frequency, volume and sophistication. Attacks may originate from inside or outside the corporate network.

A recent survey report from Prolexic, a US-based distributed DDoS mitigation service provider, estimated that about 89 per cent of DDoS attack traffic in the second quarter of 2014 was directed at infrastructure, many targeting telecom and service provider router infrastructures and involving Layer 3 and 4 protocols. The remaining 11 per cent of attacks targeted applications1.

To defend against DDoS attacks, especially infrastructure attacks, service providers need solutions that can scale to handle large volumes of DDoS traffic.

Security appliances that use specialised processors to detect and mitigate DDoS attacks can give service providers the performance they need to block massive attacks.

At the same time, any deployment of mobile devices by an operator can present a significant risk.

The wireless networks on which mobile devices run outside of an operator’s subscriber network can leave information at risk of interception. The theft or loss of a device can be detrimental for the business2, resulting in loss of sensitive or proprietary corporate information.

Best containment strategy...

How can large enterprises and service providers cope with growing security threats?

While they are becoming more and more reliant on the uptime of Internet-connected services, many are finding that legacy security solutions such as firewalls and intrusion prevention systems (IPS) have insufficient capacity to mitigate today’s multi-vector DDoS attacks at scale, that are growing in number and sophistication.

Recent DDoS attacks can overwhelm lesser performing network devices and render network infrastructure and applications vulnerable to downtime and further threats.

To stay resilient, enterprises and service providers need robust security and processing hardware functionality that allows them to continue to provide full system functionality even while simultaneously under volumetric attacks, without impacting system performance.

In addition, a robust security solution that can readily integrate with their existing IT infrastructure is essential for protection against DDoS attacks. This can include a feature set for traffic management to ensure high availability and selective delivery of subscriber services.

Together, these physical and virtual systems must be able to ensure that network operators can also expand their network capacity, mitigate threats and exert greater content control.

Scaling security devices and encrypted communications are critical requirements as the network grows in complexity and size.

Service providers can build robust layer 7 safeguards by leveraging products that offer agile defence mechanisms against more subtle attacks such as Slowloris and Tor’s Hammer to protect against seemingly legitimate traffic streams exploiting application vulnerabilities.

As new devices are added to the network, they need to be integrated into the operator’s security system to meet policy and compliance requirements.

TechTarget reports that new appliances today are capable of performing policy-based networking actions in hardware such as the ability to implement security functions -- like traffic management or cloud security policies3 – to protect the performance and availably of applications and ensure large customer-facing networks are free from disruption.

ADCs and CGNS, for example, sit at the critical ingress to most networks and is a natural place to locate advanced security capabilities so threats can be stopped or mitigated before they can enter the network4.

Other measures that enterprises and network operators can take to strengthen their network defence include adopting multiple complementary approaches to security enforcement at various points in the network, so removing single points of security failure; incorporating people and processes in network security planning; employing security policies, security awareness training and policy enforcement; and maintaining the integrity of the network, servers and clients by ensuring the operating system of every network device is protected against attack by disabling unused services5.

As enterprise and service provider networks evolve, ensuring security will become a compulsory IT requirement rather than a ‘nice-to-have’. Security breaches span access, infrastructure and applications across every industry.

They can happen on both fixed and mobile networks and destroy physical, intellectual and financial capital.

Any downtime resulting from breaches on the network can have a devastating impact on a customer’s experience, brand reputation, and ultimately revenue and business sustainability.

By Greg Barnes, Managing Director ANZ, A10 Networks