TMCnet - World's Largest Communications and Technology Community



tmc logo
November 2007 | Volume 10/ Number 11
Feature Articles

Feature Articles Tips for Solving the Most Common IP Security Issues Encountered by Carriers and Service Providers

By Steve Bannerman,

Vice President of Marketing and Product Management, Narus.

Narus ( focuses primarily on the largest IP networks in the world — those of the carriers and service providers. These are the issues that our customers face as they try and protect their own network infrastructure and services, while also providing managed security services to their enterprise customers. They were kind enough to provide the following tips on solving these problems.

1. Botnets and the associated DDoS attacks they launch are by far the biggest concern of network managers.

To minimize impacts of DDoS attacks often launched by botnets, it’s important for the carriers to have the ability to detect the attack in the early, set up stages. Solutions that monitor the change in pattern of the traffic and not just on the volume of traffic is a good way to detect and mitigate DDoS attacks early and accurately.

2. Over three-quarter of service providers surveyed believe that traditional firewall/ IDS/ IPS systems lack the technical capabilities to detect a wide enough range of attacks, or detect them early enough.

Traditional firewalls/IDS/IPS systems are invaluable tools at detecting and preventing known attacks and even a certain percentage of malicious traffic of unknown origin. These devices need to be coupled with a core network attack detection and mitigation solution made up of best-in-class offerings. The overall solution can now detect an alert with the highest efficiency and accuracy with mitigation quickly carried out in an efficient way. Service providers can have a single view into multiple disparate components to ensure the highest level of security with the least amount of operational effort.

3. Enterprise IT managers are currently overwhelmed by the frequency and veracity of attacks. They cannot keep up from a skills or manpower perspective.

A growing percentage of IT managers are looking toward their upstream service providers to offer “clean pipes” security services and to deliver traffic already cleansed of any service-impacting traffic, whether that comes in the form of worms, DDoS, or more complex application based attacks.

4. With the rollout of new IP-based services such as VoIP and IPTV, security is now a top of mind issue. Service providers participating in a recent survey concluded that a 15-minute network outage is considered “catastrophic” to their business.

Meanwhile, a recent Yankee Group ROI study (See Note 1) concluded that when a service provider deploys a network-wide IP security solution in support of IPTV service and a managed clean pipes offering, analysis shows overall internal rate of return of 125 percent.

5. Security Operation Center managers are concerned that anomalies are displayed without any context. As it turns out, a large percentage of alerts displayed in a typical SOC are related to one another. Too many SOC resources are spent trying to manually correlate alerts and choose mitigation options.

Look for solutions that have the intelligence to group the large number of alerts into “meta-event” in an effort to slim down that mass of information into a manageable form. SOC personnel can address multiple alerts by mitigating the root cause of the alerts. Solutions with the ability to summarize information while still allowing for drill-down capability ensures that security groups for service providers are efficient in their analysis and effective in their mitigation practices.

6. Service providers are now very concerned about combining anomaly detection activities with traffic engineering. They want to know all the ways in which bandwidth resources are consumed, and how to invoke real-time policy to re-engineer traffic.

Service providers can implement solutions with the visibility into service and application traffic and overall network availability. Such awareness ensures proper network functioning in term of maximizing overall customer experience. This awareness will often lead to highlighting instability of Autonomous System (AS) paths or potentially even prefix hijacking that can have a dramatic impact on service quality and availability.

7. In a world of Web 2.0 and hosted applications, the performance of the traffic on the network is only half the story. Service providers are also extremely concerned about the performance of their applications as they run across the network.

Service providers need systems to provide enough granularity in their traffic visibility to control network behavior one application or protocol at a time.

Narus is the established leader in carrier-class security software for the world’s largest IP networks. Narus builds the industry’s most powerful IP traffic processing system that monitors all of the traffic flowing across the entire carrier network at core speeds, and correlates that traffic to provide a unique total network view.

» Internet Telephony Magazine Table of Contents

Today @ TMC
Upcoming Events
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
Austin, Texas
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Austin, Texas
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center
Austin, Texas