Mitigating Unwanted Communication On Your Service Network
With so many new and varied devices such as smartphones, smartwatches, laptops, and tablets accessing a service provider network, with a 2.9 device per-person average worldwide according to aSophos survey, it’s no wonder there is Operator concern with supporting only desired and approved communication. And with the total number of devices growing to 5 per internet user by 2017 according toCisco, Service Provider network traffic is going to continue to increase…dramatically. What will Operators connect to their network next? All these new device clients connected to the internet need a secure DNS (Domain Name System) architecture for reliable responses to where that desired service is available. So as the internet of things (IoT) turns into the internet of everything with not just people to machines butmachines to machines,with BYOX anything,and withwearables connected to the internet, there are exponentially more chances of malicious traffic accessing a fixed and wireless network. Recently,HP released an Internet of Thingsstudy noting 70% of IoT devices were vulnerable to attack with an average of 25 vulnerabilities per product. In a recent IDG Research survey sponsored by F5, 66% of network managers in charge of DNS services were highly concerned about Security…and, rightly so. The growth of services for subscribers to access means more opportunities for attackers to introduce malware and viruses. When a subscriber selects a service, downloads data, views a webpage, or clicks on a browser link, there is a possibility that the response contains malware or viruses unknown to the subscriber. Once a data transfer happens, possible infections occur undetected. Is that a filter or a firewall? To keep your services at peak performance for the best subscriber usage and service availability, malicious communication from rogue programs and web sites must be blocked in your network. Many DNS offerings optionally protect from malicious communication by providing outbound domain filtering, although, it’s commonly called a DNS Firewall. The actual feature is referred to as Response Policy Zones (RPZ), and it helps filter out domains with reputations for malicious activity. Those offerings, that let you choose a domain filtering service and import the database of IP addresses for blocking, give you the most flexibility in customizing where your users and those pesky viruses are able to navigate. RPZ should be a part of an overall strategy of securing your network landscape. Mitigating unwanted communication on your service network When you want to start filtering domains out of your network communication, solutions like BIG-IP Global Traffic Manager (GTM) with DNS security, scale, performance, and control provides DNS firewall benefits including domain filtering with RPZ. You can lower your risk of malware and virus communications on your service provider network and mitigate DNS threats by blocking access to malicious IP domains of your choice using a domain reputation service imported into BIG-IP GTM. In addition, with high speed logging and reporting of blocked domains, you now know which clients on your network have potential infections for rapid inspection and reduction of infection resolution costs. By mitigating unwanted communication, BIG-IP increases service performance for subscribers with the desired traffic traversing your network. The BIG-IP platform is ICSA certified for network security, and it’s easy to select various DNS security services to increase your overall posture. So now you have confidence and control in allowing more Internet of Things to connect with your services while you filter out and mitigate malicious communications. Related: Mobile World Congress 2015: Threats to Mobile Carrier Networks (video) F5 Intelligent DNS - Optimizing the Mobile Core To learn more about how F5 BIG-IP Service Provider solutions support DNS and service performance, visit: Intelligent DNS for Service ProvidersandScalable, Secure DNS and Global App Services
Mobile World Congress…It’s not just about the handsets!
Like every other tech company with an interest in the mobile industry, we’ve been looking forward to Mobile World Congress this week. Yes, it’s incredibly tiring and most people have had enough of the Fira after the week’s over, but it’s a fantastic event. After a somewhat quieter show last year in terms of new launches, we can’t wait to see a few flagship devices and announcements in Barcelona. But while the unveilings of Microsoft’s first Android phone and Mark Zuckerberg’s call for free Internet will – deservedly – make the headlines, there are other equally important matters up for debate. Applications have become central to the mobile economy over the last few years, which means their safe and secure delivery is crucial. Security generally doesn’t get a look in at MWC, yet it’s increasingly becoming a major issue for mobile users. We commissioned some independent research last month to look into it in a little more detail, and the findings make compelling reading for operators. What the study found was that half UK consumers have concerns about mobile security. And with the NSA revelations and the reports that spy agencies are mining data from smartphone apps such as Angry Birds, it’s shouldn’t come as a surprise. What’s really interesting is how these security concerns look to be manifesting themselves in mobile users’ behaviours. When consumers are pick their mobile operator, security is the third major consideration, coming hot on the heels of pricing and network coverage. A massive two thirds (65 per cent) of respondents stated that security is more important to them than access to the latest model. If their security is compromised, a third would point the finger towards their network operator, rather than company providing the app or service. And over half would jump ship as a result. While huge sums have been invested in LTE, it’s no secret in the industry that 4G networks are inherently less secure than their 3G and 2G predecessors. Our concern is that not enough focus in being placed on addressing this. Look out for posts from Lenny Burakovsky that discusses and highlights the steps we think operators need to take to ensure their customers get the best most secure experience possible, and eliminate any chance of defection to another network.
