The current business environment
Enterprises are looking at global on-demand availability of applications, data and service platforms, while pushing to the edge over fixed, mobile and other IT infrastructure. The need for dependable connectivity is non-negotiable and this movement of data is also bringing new vulnerabilities. Enterprises are having to answer to their customers on how they provide reliability without sacrificing security and business continuity.
How the carrier community is preparing for this next wave of threats
- Getting customer buy in
Preparation is key. Carriers are researching emerging technologies that are better able to mitigate network vulnerabilities and security threats to customers. DDoS attacks, vulnerabilities native to routers, malware awareness, detection and quarantine before hitting carrier or customer networks — these threats and prevention methods require readiness. The challenge is that the customers aren’t exactly sure what they want or need. The short answer for carriers is to continue research and keep a finger-on-the-pulse while proposing solutions to customers.
- Continue to do what is working
There is a myriad of security related work that is currently being done. There are tool sets that carriers provide the customer like selective black-holing and black-hole routing that are already proving successful and will continue to keep backbone service and networks safe. Companies should continue to provide, maintain and improve these services.
- Get involved in internet communities
MANRs and RPKI are places that allow the entire community to formulate best practices and work on solutions for industry-wide problems. Mutually agreed upon norms result in additional security. Whether or not the carrier is under threat, enterprises and governments are starting to realize the unintended consequences from situations like router leaks. The effects may be widespread for enterprises. It’s up to network operators to do their part and collaborate and take basic actions to keep themselves safe.
In collaboration, a key aspect may be as simple as being able to contact a network operator if they have a route leak. This inability to be contacted about fixing a leak is currently a problem with 13 percent of ASNs. These are basic security fixes the community must address.
- Provide a suite of solutions
Curating options allows the customer to pick and choose the right type of offering to meet their needs. That might be fully automated mitigation or layer ACLs or a hybrid of the two. Having this service and a variety of other solutions ready reduces complexity for the customer.
- Most customers don’t go with a single solution
Be prepared to accommodate a single solution or one that includes services from a third-party vendor. The customer-identified a la carte option is how most customers really decide on solutions.
- Understand the customer profile
Some customers get hit all the time and some are very low on the “radar screen.” Identify the reasons for the attack, and the solutions can be profile based.
- Pass through protection costs
Make it possible for customers to resell DDoS protection, for instance, to their customers. This allows the opportunity for save the internet while being sensitive to cost. The opportunity for resale protects your customer while also creating business value.
- Mitigate exposure in advance
It’s not a question of “if” but “when” a network carrier will be attacked. The question is what kind of strategy you can put in place to protect your customers. Have a business approach that takes into account the convergence between fraud and security. A recent study done by CSS shows that threat actors are utilizing SIP voice vulnerabilities to steal assets.
Carriers and Enterprises take these steps:
- Fix the basics
- Monitor layer 3 architecture risk
- Implement risk support systems
- Follow government risk compliance
- Improve DDoS mitigation skillset
DDoS is now more server based. Monitoring UDP and TCP protocols helps define where the epicenter or point of origination is for a DDoS attack. Geo-blocking helps to cut off radware, IoT bots and server based volumetric and center-flood attacks. Some wholesale carriers offer Managed DDoS solutions which can help “turn up” the protection for the customer.
About Bluebird Network
Since 1999, Bluebird Network, headquartered in Columbia, Missouri, has provided internet and fiber transport services to Carriers and Enterprises in Missouri, Illinois and the surrounding states. In 2014, an underground data center was acquired and created Bluebird Underground, adding a data center facility to the Bluebird suite of services. The network now has over 9,300 fiber route miles of high-speed broadband and fiber-optic connections. The Bluebird fiber network also has over 135 Points of Presence (POP) sites spanning the Midwest, including the major cities of Chicago, St. Louis, Kansas City, Springfield, Tulsa, Peoria, Rockford, Bloomington, Normal and the Quad Cities. To learn more, please visit bluebirdnetwork.com and follow us on LinkedIn, Facebook, and Twitter.