Enhancing critical networks’ cybersecurity with XDR
Cybersecurity is an essential component of critical networks – especially as public safety agencies migrate from legacy narrowband communications to all-IP 4G LTE and 5G architectures. With powerful benefits such as cloudification, edge computing, slicing and inter-agency interoperability, these advanced networks also have greater potential exposure to attacks while leveraging the maturity of 3GPP standards. This means that operators must commit to a renewed, focused and more agile approach to cybersecurity to protect critical communication services.
Fortunately, there are new tools available to keep these critical networks safe. We addressed this topic at a recent TCCA workshop, where we described emerging risk trends, the security governance profiles of different wireless deployment models. Security operations and threat detection can evolve from simple security monitoring via security information and event management (SIEM) into an approach that’s specifically designed to defend today’s new-generation networks – extended detection and response (XDR).
Consider the new cybersecurity reality
Year over year, operators of critical communications networks have reported incidence increases of up to 35 percent, according to the European Union Agency for Cybersecurity (ENISA). Even more concerning is an 87 percent rise in ransomware attacks. Within IT and OT we are seeing an increase of 27 percent, with 77 percent of organizations still lacking proper mitigation processes.
Meanwhile, regulations and executive orders in North America, Europe and elsewhere, including the EU’s NIST2 directive to be enforced by 2025, mean critical network operators will need to report cybersecurity incidents and data breaches more rigorously, perform periodic audits against national security standards, actively monitor normal and anomalous activity and report security compliance to the regulator.
All of this means you will need to have full visibility of your security posture at every moment in time.
Plan from the beginning
Protecting the new generation of critical networks begins with knowing your assets and risks. Then you can predict, prevent, detect and respond. Comprehensive cybersecurity must be built into your overall strategy from the beginning. How well are you able to monitor the security of your network now? Have you got the right tools in place to detect anomalies, and do you have the capability to respond to them?
The scope and architecture of your cybersecurity will depend on your network deployment model. That could be through a “white labeled” commercial MNO, in which the MNO operator manages your cybersecurity function; an S-MVNO or hybrid model, either of which would allow you to drive some of the cybersecurity governance; or a dedicated network approach where you as the critical communications operator would have complete cyber security governance and all of the investment and responsibility that entails. Whatever your model, it’s critical that you keep that “zero day” vulnerability period as short as possible. Here we’re talking about firewalls, digital identities for equipment and devices, sophisticated access control and the capability to monitor every vulnerability.
Security information and event management (SIEM) has served us well for threat detection, reporting and compliance monitoring. However, the SIEM approach can be complex and human-dependent, and can be challenged in monitoring disparate data silos. SEIM also is prone to false positives, expensive and requires an extended time to value.
Raise the bar of cybersecurity operations with XDR
Fortunately, we now have XDR, the new approach to cybersecurity management designed to match the increasing complexity of today’s critical networks. XDR offers plenty of advances for assuring your critical network is secure, including cohesive visualization and analytics of complex attacks across multiple technologies and applications. It aggregates, correlates and consolidates multiple security tools into a single threat detection and response solution, prioritizes security incidents and alerts based on the severity of the task and proximity to critical business assets, and supports automated response playbooks that can help block those attacks or perform remediation based on a set of triggers – all shortening the time needed to detect and respond while improving the efficiency of the security analysts who are monitoring your network.
Nokia addresses all of this through Cybersecurity Dome, our own award-winning cloud-hybrid XDR platform, offering centralized monitoring of all devices and connections from telco radio access network (RAN), transport and core workloads. Utilizing a 3-D dashboard that depicts network layers on distinct levels, each with a different threat index, it unifies all control points and operations so that you can monitor any and all network functions – distinguishing legitimate telemetry from anomalies that can be instantly analyzed for immediate response. As 5G is deployed, your will be able to deploy multiple, sliced services for a range of traffic or agencies, or even implement specific operations from a library of pre-built use cases.
Get agile before it’s too late
Today’s new networks are greatly enhancing flexibility and agility, but they require new-generation security tools that are equally flexible, agile, efficient and effective. It all really comes down to this: Time is king when the security of your network is at stake. With XDR you may be able to shrink the detection time by 80 percent cutting investigation time by 50 percent while accelerating the recovery time by 75 percent! And that is precisely why cybersecurity can no longer be an ad hoc measure or an afterthought, but foundational to your critical communications network.