By Zia Askari
As telecom networks around the world look forward to securing their infrastructure, acquiring security with Network Function Virtualization or NFV presents a unique opportunity to drive new level of network efficiency that is ready to face future requirements in a better manner.
As the concepts of NFV deliver unique set of flexibility, scale and control for the telecom networks, it is introducing new opportunities for addressing security problems for telecoms. With NFV driven approach, compute, storage and network resources can be optimally allocated and fabricated more inherently together.
Yuval Illuz, General Manager, Cyber Solutions, ECI Telecom says that ECI has found that many of its customers address cyber security threats at a symptomatic level. When they need to protect from viruses they search for antivirus, when they need to control incoming and outgoing traffic they search for firewalls. What is usually lacking is a comprehensive solution, which enables visibility, management and optimization of all of the relevant applications.
“That is where the ECI solution stands out from the pack – it provides one system which is able to implement, visualize and manage all threats and all prevention measures in one, user friendly GUI and NFV technology. LightSec provides a comprehensive cyber security solution in several parts of the telecom ecosystem: core network, ISP network and the private/public cloud. Also important is improving security at the network’s edge, as hackers use lightly-protected / unprotected edge devices to penetrate the core network. Quickly responding to new cyber security threats (e.g. discovered by OSINT) is essential for proper protection of the carrier’s day to day operations.” He adds on.
Speaking about the importance of securing data in motion for today’s telecom networks, Michael Ritter, Vice President Technical Marketing & Analyst Relations, ADVA Optical Networking, says that Network infrastructure providing scalable connectivity between locations and points of presence is at the heart of every communication network. “Securing data in motion at the connectivity network layer ensures superior network performance, simplifies network operations and reduces the overall cost of data protection. Data encryption at the lowest network layer also protects data at all layers in the network stack, as everything must ﬂow through the connectivity layer before going anywhere else.” He explains.
Yuval Illuz from ECI Telecom says that many telecoms have many a security application to protect their network from attack. Many of the more mature applications have achieved wide acceptance, for example: DDoS, Firewalls, IPSec and L3 encryption technologies.
“However, the new vision is based on NFV technology to introduce security services quickly based on automation and machine learning algorithms,” he explains.
Talking about the ECI offering in the NFV for securing telecom infrastructure, Yuval Illuz from ECI Telecom says that ECI is one of the leaders in NFV for cyber security and has developed a comprehensive cyber security suite which can utilize this technology.
“The NFV solution is designed to provide telecom networks with comprehensive cyber security services, without forklift upgrades or additional physical devices. Using an integrated server, ECI’s NFV cyber solution enables networks to easily and seamlessly activate different cyber applications at the click of a button. One of the applications, crafted in partnership with Check Point Software Technologies, delivers best-of-breed firewalls, IPSec, DPI and application control. The NFV solution is based on three layers – hardware, real-time virtual cyber security VNFs and a management layer. The HW platform comes in two distinct forms: as a pluggable card to ECI’s transport platforms or as a standalone appliance for mixed vendor environments. Cyber Security VNFs are located in a virtualized environment on the cyber cards or appliances. They inspect the inline traffic, bridge or port, mirroring it from different network segments. Data flow can be tailored to types of traffic and customers. The management layer is providers by LightSec-V, an aggregated web-based threat management system for managing all cyber security threats, whether detected by ECI or third party solutions,” he explains.
The Indian Market Scenario
Even though there are not many announcements around the NFV space when it comes to Indian market, however, there are a number of large operators who are believed to be working towards virtualizing their network functions and security is surely one of the key focus areas for operators in India.
Speaking about the Indian market scenario, Yuval Illuz from ECI Telecom says India is one of the most important and successful markets for ECI. ECI has a long standing relationship with many of India’s large service providers.
“In fact, they are some of our biggest customers. ECI has been active in India for many years and holds multiple offices there as well as a site for research and development. Today, a large proportion of the traffic of India’s fixed and mobile operators runs on ECI optical and packet networks. Following the Cyber Security breach detected at India’s Prime Minister’s Office, a governmental directive was issued resulting in National Cyber Security Policy. ECI’s native packet transport platforms (NPT) and network management systems (LightSoft®) are currently undergoing an Indian version of common criteria process for cyber security verification. Building on our global success in the utilities sector, ECI will increasingly address this segment in India as well. The NPT is among the most successful platforms playing in this market, and like its NFV based SCADA DPI counterpart, addresses the serious threats of the power grids,” he adds on.
“After having started in the SAN area, the need for L1 encryption is increasingly growing in mission critical networks as well as data center connections, and also “classic” service providers are showing more interest. Especially in areas with long distance fiber connections that can’t be 100% protected, high quality L1 encryption alongside the respective key mechanisms are the optimal way of preventing data interception.
And as mentioned before, ECI strongly believes in the value of addressing security concerns in a holistic way, rather than piece by piece,” Yuval Illuz from ECI Telecom explains.
Talking about the adoption of security in the telecom space, Michael Ritter from ADVA Optical Networking says that fiber-optic networks provide the physical infrastructure to transport important and large volumes of data over metro and long distances across the globe.
“Verticals including finance, telecommunications and healthcare as well as government sectors interconnect their critical data appliances with fiber-optic networks. As such, it is essential for private data to travel securely over fiber-optic networks. We are working on an increasing number of projects where high-speed network encryption is mandatory. And this is only the beginning. Cybercrime and espionage are on the rise and set to intensify,” he adds on.
Talking about the rise of NFV in the telecom security space, Michael Ritter from ADVA Optical Networking says that virtual appliances for firewall and other network security applications are an essential part of many NFV activities today.
“While security appliances can theoretically be provisioned in any part of the network, enterprises today are favoring hosting of such functions at their premises. This is where ConnectGuard™ network encryption can help. As a company, we already conducted several trials with network operators and demonstrations at public events involving partners providing security software appliances to complement our NFV-centric Carrier Ethernet access solution,” he explains.
Talking about the growing importance of India, Michael Ritter from ADVA Optical Networking says that India is an ambitious and large country. “Telecommunication and IT play a central role in supporting economic success and establishing a high standard of living. People therefore have increasing expectations that their information will be securely transported, especially in the current age of cloud applications. Secure network connectivity is an important component for offering secure cloud and hosting services on and end-to-end basis. It will help enterprise organizations to trust cloud services from a security standpoint and will speed up adoption – a milestone for flexible and dynamic growth across all industry segment,” he explains.
There is no doubt that today NFV represents a major shift happening in the telecommunications and networking industry look at optimization of their network resources. The very fact that NFV is moving with basic principles of cloud computing and virtualization, is presenting unique opportunities in front of the telecoms of today – and moving forward more and more operators are likely to adopt virtualized infrastructure and secure their networks from cyber warfare to face a better tomorrow.
Picture Courtesy: www.freedigitalphotos.net