Generally, attacks on Cellco networks start with penetration of a single network component and then use that component to attack other components in the network. It is only after a critical mass of components have been compromised that severe damage to the network results. Because of the scale, complexity, and volatility of Cellco networks, what is needed is a very fast means of quickly identifying an intrusion or infection and preventing it from propagating or moving through the network. Trying manually to detect and respond fast enough to prevent damage has proven difficult. An automated system is needed, one that can identify attacks quickly and prevent them from spreading.
Ideally, a network system should respond like the human immune system acts when our outer defenses are breached. Companies are now offering security probes that can detect “infections”. To be effective in catching malignancies before they can spread, there has to be an array of these probes distributed at the edges of the network where attacks are most likely to start. Today, these probes can be so distributed, but they report their results back to a central manual operations center. In large, complex, volatile Cellco networks, these manual responses can’t be fast enough to prevent significant damage. What is needed is a way to automate and respond quickly where the attack is originating. This would be acting in a way similar to how our lymphatic system protects against breaches of our outer defenses.
Recently, there has been a significant amount of industry activity focused on end-to-end automated network orchestration (see “Collaboration Effort, Making Progress” Pipeline, January 2017). End-to-end network orchestration products are available or being developed by vendors, operators, and open source groups. Some are central site architected, but some have a combination of central and distributed capabilities. These central and distributed systems are akin to our nervous system complete with ganglions. Some of these orchestration systems seek to replace the entire existing Cellco operations environment and others are an overlay on existing operations.
The initial motivation to develop these overlay end-to-end orchestration systems was to reduce operations expenses that are increasing in a non-linear fashion. Over time, they were seen as also a means for quickly and efficiently delivering services both conventional and innovative. This became known as a composable services capability.
These overlay end-to-end orchestration systems can also be the means to automate the response to attack information from the security probes. Today, the security probes can quickly identify a breached component. The response is to remove that component from the network. A well-crafted, end-to-end orchestration system can connect to the security probes, accept alerts, and automate the response to infection detections. In this way, such a system becomes the immune system of the network.
We have seen how the increase in threats to and vulnerabilities of the Cellco are necessitating both new policies and procedures, and the automated network immune system described above. The network immune system is within reach and can be provided by connecting existing security probes to some of the end-to-end orchestration systems available now and those being developed.