the digital telecom. security services
Post on 14-Apr-2017
93 Views
Preview:
TRANSCRIPT
• Growth in traditional telecom in developed and developing markets is stagnant with declining ARPU and prices.
• The OTT players are long affecting CSPs by substituting voice and messaging services, placing significant strain on the CSP data networks and grabbing consumer mind share, and thus weakening the CSPs’ relationship with their user communities.
• Thus, CSPs find themselves under increasing pressure, they not only want to protect their core business and their relationship with consumers, but have to seek new revenue opportunities in nontraditional markets.
• CSPs are beginning to partner with alternative partner types to fill gaps in their service portfolios and accelerate the time to market of new services. In contrast to aggressive, competitive and alienating tactics to address OTT vendor threats, CSPs can benefit substantially from pursuing these more collaborative approaches.
SMS and OTT Messages
New Digital Domains CSPs are Focusing on
The figure is approximate and is based on Gartner’s research- Market trends: Eight
innovative CSPs embark on digital service transformation
- CSPs’ market trends and digital transformation strategy
82%of U.S. business executives are
worried that cyber threats could impact their companies’ growth
prospects
10%of organizations are fully
confident that their connected devices secure
Source: AT&T
Security in the Smartphone Era
• Market research firm Gartner says global spending on IT security is set to
increase 4.7 percent in 2015 to $75.4 billion, and the world will spend $101
billion on information security in 2018.
• The cyber security market is estimated to grow to $170 billion (USD) by 2020, at
a Compound Annual Growth Rate (CAGR) of 9.8 percent from 2015 to 2020,
according to a report from Markets and Markets. The aerospace, defense, and
intelligence vertical continues to be the largest contributor to cybersecurity
solutions.
$101 BnIT Security Spendings
$170 BnMarket
• The British insurance company Lloyd’s estimates that cyber attacks cost
businesses as much as $400 billion a year, which includes direct damage plus
post-attack disruption to the normal course of business. Some vendor and media
forecasts put the cybercrime figure as high as $500 billion and more.
• Сyberattacks could cost up to $90 trillion by 2030 if cybersecurity fails to
advance at a rapid pace. Atlantic Council and the Zurich Insurance Group
$90 TnDamage till 2030
$400 BnDamage a year
Security Concerns Rise Across the World with Rise of Scale of Cyber Threats
TechSci Research says the banking and financial
services sector has been the prime target of
cyber criminals over the last five years, followed
by IT & telecom, defense, and the oil and gas
sector.
No vendor or user of computer technology is
immune from a potential cyber security incident
The Essential Guide to Industrial Cyber Security, Honeywell
Recent large-scale cases include Sony’s breach,
attacks on Lenovo and other companies such
as JPMorgan Chase and Home Depot.
Most businesses think they are too small to be
the victims of a cyber attack. But that is not the
case since they are victims of hacking either for
their own data or because they are the weakest
point of entry in a digital information supply chain.
Days of Just Securing the Perimeter are Over
• Wireline operators tend to suffer the greater
exposure, particularly when they host IT
infrastructure or provide managed security
services for enterprise customers.
• So do mobile operators with their huge customer
bases. CSP’s customers are exposed to data
exfiltration, denial of service, fraud and all the
other attack vectors.
• Cloud and IoT services significant growth is
putting even more pressure on service providers
that have to craft their strategies in the age of
cyber insecurity.
It’s Time for the Secure Pipe
• The standard service-level agreement for years allowed
that CSPs just push the traffic in and out. To pass traffic,
not pass judgment. CSPs didn’t usually touch it.
• Some CSPs however has been quietly getting permission
from its customers to stop certain kinds of traffic altogether.
Number of businesses have signed up to have the CSP to
filter out spam, viruses, DDoS attacks and other malicious
activity behind the scenes, before the traffic touches their
enterprises.
• The “productization” of security services will take time
though to catch up with vertical leaders. The final task will
be the “clean pipe” with fewer risks with a bill attached. This
will force transformation from “dumb pipe” to smart one.
CSP’s Security Services Portfolio
92%of the 100K security incidents
studied from the past ten years can be described by just nine
basic patterns
1. POINT OF SALE INTRUSIONS2. DENIAL OF SERVICE ATTACKS3. CRIMEWARE4. WEB APPLICATION ATTACKS5. INSIDER MISUSE6. MISCELLANIOUS ERRORS7. PHYSICAL THEFT/LOSS8. CARD SKIMMERS
Source: Verizon
Mobility and End-Point Security
Hybrid cloud security
Next Generation Perimeter Solutions
Application Threat Protection
Advanced Malware Protection
Discovery Security Analytics
Social Engineering
Protect the network and endpoints from both known and zero-day malware
The ability to protect hybrid cloud environments and identity business risks associated with SaaS usage
Deploying next generation network perimeter solutions to identify and mitigate application threats
Detect and remediate application vulnerabilities and prevent malicious hacks and attacks
State-of-the-art sandboxing technology helping protect against hacks that bypass signature-based controls
Correlating a diverse set of security, network and application event data to improve understanding of normal and discover first seen problems – the unknown unknown
Ensuring adequate security awareness in-house and appropriate procedures in place
CSPs Security Services Value Chain
• Endpoint Security
(including mobile security)
• Server Security
• E-mail Security
• Network Security
• Cloud Security
• Anti-Phishing, Anti-
malware, Antivirus
• Perimeter Solutions
• Application Security
• Security Analytics
• Monitored or managed firewalls or
intrusion prevention systems (IDS/IPS)
• Cloud, mobile and web assets (DDoS
protection, email security, web filtering)
• Security information and event
management (SIEM)
• Need more advanced services such as
real-time and batch security analytics
• Reporting associated with
monitored/managed devices and
incident response
• Security compliance
and consulting
services
• Security design and
architechture services
• Security audit and
assessment services
• Professional services
• Managed services
• Cyberdefence
solutions
Point Products Managed Security ServicesInformation Security
Consulting Services
Consumer
Ad hoc Security
Services
Security Services
Bundle
Network Security
ServicesFully Managed
Security Environment
Level of
Strategic
Partnership
with the
Customer
Why MSSP solutions are good for Businesses?
• Managed security services are the network security services that have been outsourced to a service
provider. A company providing such a service is a managed security service provider (MSSP).
• According to recent industry research, most organizations (74%) manage IT security in-house, but 82%
of IT professionals said they have either already partnered with, or plan to partner with, a managed
security service provider.
• MSSPs offer better resources, scalability, and talent - all for a cheaper price. So cost is the major
reason. Chief Information Security Officers looking to security services cite cost reduction as a top
factor, with 62% of CISOs listing this as an important or very important reason.
• Other important issues include flexibility, expertise, global coverage and advanced technology.
• CISOs want trusted, strategic partners. Information security is an activity built on trust. MSSPs that
understand this develop strong supporting partnerships with their clients and help them overcome their
biggest security challenges.
• Forrester believes that the relationship between CISOs and MSSPs will continue to deepen. As the
MSSP demonstrates competency and even proficiency in certain areas, the partnership will quickly
develop from an ad hoc relationship to a fully managed security IT environment.
• Advanced technologies, such as threat intelligence and correlation, drive future demand.
Sophistication of new threat intelligence technology to detect intrusions with a rapidly changing threat
landscape discover a need for solutions capable of detecting suspicious activity and need to receive
alerts in near real time. Forrester believes those MSSPs that get this right will have a huge advantage
in the market during the next two to five years
Trust
Global Coverage Flexibility
CostReal-time DetectionAdvanced
Technology
82%Of Chief Information and
Security Officers partnered or plan to partner with MSSPs
Why MSSP solutions are good for Businesses?
Source: Trustwave
Global Leading CSPs Clearly Show the Potential for CSPs in Security Domain
• Verizon is a top telecommunications provider with a very large North American
presence, with more than 2,000 unique clients in the region. Verizon employs one of
the largest security teams in the market with an aggressive recruiting strategy.
• Verizon emphasizes the business value and cost-controlling aspects that it delivers
through managed security services and helps clients allocate resources to the most
critical assets through its enhanced risk-based correlation engine.
As a large, North American telecommunications provider, AT&T has one of the largest
customer bases, with more than 1,200 unique customers in the region. AT&T has an
aggressive threat intelligence program and scans more than 25 petabytes of data
travelling over its networks daily. AT&T focuses on threat detection with strong network
infrastructure and perimeter defense offerings, including robust log monitoring and
analysis features. Areas of improvement were its customer portal and reporting features.
• BT's MSS offerings include monitoring and management of customer premises
deployed devices and network-based security controls as part of its larger portfolio of
telecommunications and IT services. BT uses self-developed technology for log and
event collection, correlation, query, reporting, and device management.
• NTT has a global presence as well as a broad range of security service
offerings and delivery options, in addition to broader telecommunications and
IT infrastructure service offerings.
• Headquartered in Paris, with offices in Atlanta and Singapore, Orange offers a broad
range of telecommunications and cloud-based IT infrastructure services, security
consulting and integration services, and MSSs. Orange MSSs are based on
commercial SIEM technology for data collection, correlation and analysis, reporting,
and log management, with self-developed technology for workflow.
Gartner
Forrester Wave: Information Security Consulting Services, Q1 ‘13
But Still Much in CSPs To-Do-List to Gain Leadership in Information Security Consulting Services Though
Only two CSPs were included in Forrester Wave Information Security Consulting Services.
• Verizon demonstrates strong incident response skills, but lack of global coverage is
restrictive.
• Verizon has battled to gain brand awareness within the security consultancy space and
has succeeded thanks to its incident analysis and strong PCI practice. Although some of
the company’s higher-level solutions (for GRC and strategy, for example) may not be as
sophisticated as those of larger competitors.
• The company does offer a wide range of solutions, including strong offerings in
application security, biometrics, DLP, and IAM, many of which it will also subsequently
operate.
• Client feedback stressed the flexibility of the Verizon consultants and its strength in
incident response; areas of potential improvement included Verizon’s comparatively low
number of consultants (just over 400) and weak global coverage, as well as challenges
with internal collaboration and communication.
• BT Global Services delivers pragmatic solutions, with a focus on technology.
• BT was the other organization that stood out because of its unique perspective and
approach to client engagement; the company’s spokespeople come across as very
honest and candid, suggesting that clients are likely to receive straightforward advice,
even if it meant BT recommending a course of action that BT could not support.
• BT focuses on the delivery of predefined security service packages and does not offer
regulatory- or compliance-related services.
• Although BT’s staff is relatively small and inexperienced (with an average of fewer than
five years of experience), the company has a strong presence in the UK and continental
Europe.
• BT plays to these strengths, ensuring that the customers receive high-value consulting
using strong security technology solutions.
Forrester Wave: Information Security Consulting Services, Q1 ‘13
Approaches to Unlocking the Cyber Security Potential
Build
Buy• Orange – Atheos
• Singtel – Trustwave
• Telstra – Bridgepoint and O2 networks
• Telstra – Docusign
• Telefonica - Blueliv
• DT – Cyphercloud, Zenguard, Lockout
• Network Security – Fortinet, F-Secure
• Endpoint Security – Lookout, McAfee,
Symantec
• Cloud Security – Symantec, Akamai
• Cyberdefence – FireEye, AllienVault
• Professional Services – IBM, HP
CAPEX
consumption
OPEX
consumptionTime-to-Market
Partner
Market Cases
Security Services Portfolio and Partnerships leveraged. AT&T Case
• AT&T has partnered with Cisco for the home
controller, plus other specialist vendors for service,
components, and installation. Service Innovation
Digital Life is AT&T’s new consumer
home security and home automation service.
• AT&T partners with Juniper for Mobile Security. It
will help to manage personal or enterprise-owned
devices, enable anti-virus, anti-malware, and
application monitoring and control.
• At the center of AT&T's partnership with AWS is its
NetBond offering, which the company describes as
a "network-enabled cloud solution.
• AT&T also partners with security app provider
Lookout in order to protect AT&T Android devices
from app-based threats. Lookout's
Mobile Security software is expected to be installed
on most AT&T Android phones moving forward.
• AT&T Government Solutions selected Aviat
Networks as its microwave communications partner.
AT&T Government Solutions is a proven solutions
integrator, with expertise in areas such as
Cyber Security, Network Solutions, Application.
AT&T Security Services Portfolio
top related