By: Andy Huckridge
With more users and devices comes an explosion of data being delivered to them, which has increased network complexity. According to Cisco’s Visual Network Index, global mobile data traffic reached 2.5 exabytes per month at the end of 2014, up from 1.5 exabytes per month at the end of 2013. This is a growth of 67% in just one year. Operators are struggling to ensure their networks are flexible, scalable and secure enough to support these escalating data demands, while at the same time ensuring they continue to offer high levels of service. In a market that already sees high levels of churn, operators have to keep Quality of Service (QoS) high to hold onto their customers, as well as introduce new services to differentiate themselves. In order to do this, as well as deal with continuously increasing traffic, a transformation is required.
100G networks aimed to solve the issue of too much traffic, but are hard to monitor as associated analytic tools are unable to directly connect, while mobile services like VoLTE are complex and very sensitive to real-time performance, requiring a high level of visibility to keep them functioning. On top of that, virtualization technologies, such as software-defined networking (SDN) and network functions virtualization (NFV) – are becoming increasingly attractive propositions, thanks to their promise of simplicity and agility. Yet they also add layers of network abstraction, which decreases visibility into traffic crossing the physical layer. Essentially, a telecommunications network is a very complex environment, and the challenges don’t stop there.
Like other industries, security threats to carrier networks and services are increasing every day and the tactics used by adversaries are sophisticated and wide-ranging. SMS fraud, malware, DDoS attacks, and data ex-filtration are just some of the ways cyber-criminals can compromise a mobile network. A cyber-criminal only needs to find one vulnerability to exploit, while the network operator needs to protect the entire infrastructure. And while these threats to carriers are growing, security infrastructure is becoming more complex and costly to manage and operate.
The introduction of SDN to service provider networks increases network vulnerabilities. For example, separating the data and control plane in an SDN deployment that could lead to synchronization issues between these two components. Also, when virtualizing a network using encapsulation or tunneling, organizations must create separate logical overlays which are abstracted from the physical underlying network, creating two planes of troubleshooting, monitoring, and management—the physical underlay and the logical overlay. Both planes can be subject to security threats and breaches.
To work around this, real-time visibility into the entire network environment is required so threats can be identified and removed as quickly and as seamlessly as possible.
Today, service providers still battle with "stovepipes" design, where pervasive network visibility is defeated. One group inside the organization is unable to share visibility with another group. Also, SPAN and Mirror ports drop packets routinely, so insight from the traffic can be lost when the network is under load—the most important time to understand what is happening to the traffic on the network.
Without the required visibility, packets will be dropped and blind spots will occur, making it easier for nefarious actors to access and remain on service provider networks. Operators need to conduct real-time analysis of data streams in order to detect and prevent criminal activity as quickly as possible. To do this effectively, they need pervasive visibility into network traffic. Real-time analysis of packets is also required; yet with the sheer amount of data that they need to sort through, this can be a challenge. These visibility tools require a security delivery platform that will intelligently feed the tool with the specific data packets and streams they need – and nothing else. They also need GTP tunneling.