After end-to-end quality of service and experience, network security is one of the most critical factors in enabling innovation in applications and communications service. Being able to protect an application or service is becoming as important as delivering it.
PriceWaterhouseCoopers (PwC) estimates that there are over 117,000 security incidents per day, every day. Innovation isn’t limited to the good guys. Network security is a challenge for service providers because innovation in infrastructure threats and malicious attacks is on going. It never stops and is continually changing.
That means security breaches are inevitable and need to play a significant role in network strategy. On the infrastructure side there is no easy answer for network security but more can be done to build security into multiple aspects of a service providers network.
As always the challenge is to add new capabilities without adding complexity to the network. That’s where we see an opportunity to integrate security directly into some network elements and make them work harder for the business. In the case of a traditional session controller (SBC), we think they can do more to protect the network and customers’ applications and services.
React in Real-Time
Traditional SBCs do not leverage real-time visibility in the network so are not effective in alerting service providers to security breaches. It takes comprehensive visibility end-to-end and from the transport to applications to make an impact on network security.
We often talk about the importance of end-to-end visibility in the context of network performance but this can also be used to monitor traffic flows for malicious activity and enable network policing.
Comprehensive real-time visibility into how the network is behaving allows the service provider to monitor for abnormal traffic patterns that can be associated with a security breach and react to them quickly. Seeing session quality in real-time can give the service provider immediate alerts about a denial of service attack or flooding of traffic on the network.
Similarly, intelligent dynamic blacklist, black and grey lists trust levels can be assigned to routes for closer observation. This highlights routes with higher risks for network security issues.
Multifunction, Multipurpose Infrastructure
In today’s network security environment, every possible tool should be taken into consideration. If new security capabilities are built-in and fully integrated into a network element then it will benefit the business with multiple functions and purpose.
Leveraging multiple capabilities increases the value of the network element while reducing management and integration costs. Today the network needs reliability that goes beyond A to B and is ready for any eventuality. If you have already built-in then you’re ready to not just deliver applications but protect them as well.