NetGuard Endpoint Security
Network based malware detection
Nokia’s NetGuard Endpoint Security (NES) is an end-to-end, network-centric malware detection and response, for mobile, fixed infrastructure, and smartphone and IoT devices. Leveraging Nokia’s Threat Intelligence Center and network-based malware sensors allows both to protect network infrastructure from attack and offers revenue-generating malware protection services to customers.
NetGuard Endpoint Security: preventing 5G security breaches
It monitors consumer, enterprise, and critical infrastructure network traffic for malware and attack activity.
The system augments the service provider’s telco security operations teams with real-time, actionable threat intelligence to protect both the critical telecommunications infrastructure and consumer endpoints from malware activity. Being an agentless Endpoint Security solution, NES protects the whole network and is a powerful asset for the Service Provider’s security professionals independent of their role and experience level.
System Components of network-based malware detection
The below figure illustrates a system architecture for network-based malware detection. Sensors in the carrier network monitor the network traffic between user endpoints and the Internet, looking for evidence of malware infection. This includes malware command-and-control (C&C) traffic, exploit attempts, hacking activity, suspicious behavior, and DDoS activity. Alerts are sent to a central alert reporting cluster, where they are analyzed and stored. Interfaces provide real-time information feeds to SOAR (Security Orchestration, Analytics, and Response), SIEM (security information and event management), firewalls, and policy enforcement systems. The system also includes a fully automated end-user notification system and a self-serve remediation portal.
Network Based Malware Sensors
Network sensors are deployed at key locations in the carrier network to monitor the network traffic for malware activity. These are deployed on network taps and have no impact on network performance. They use a combination of behavioral and signature-based technology to identify malware activity with a high degree of accuracy. These also host Nokia’s IoT device profiling and anomaly detection algorithms.
Alert Reporting Cluster
The Alert Reporting Cluster (ARC) is a cluster of virtual machines that run in the carrier’s data center to aggregate malware events from the sensors. This also hosts the system’s database, interfaces with third-party security operation systems (SIEM, Firewalls, PCRF, SOAR etc) and provides a platform for analytics and reporting.
5G Security Analytics Portal
The Analytics Portal provides the main user interface for the security operations team. It provides a dashboard summary of malware activity and the ability to drill down to individual malware events. It provides detailed reports on which devices are infected by which malware and allows the operator to view the individual malware activity history for each device on the network.
Telco Subscriber Portal
The subscriber portal provides a self-serve remediation portal that consumer or enterprise customers use to eliminate malware problems on their devices. It is an integral part of the malware notification and remediation service and provides online scan & clean services and up to date anti-malware software for smartphones, tablets, PCs and laptops.
Benefits and features of NetGuard Endpoint Security
NetGuard Endpoint Security network-based malware detection benefits:
Gathering threat intelligence for telco security operations
The system allows the service provider’s security operations team to collect live threat intelligence from their network. This tells them which devices are infected with malware and which malware is operational in their network. This information is used to protect the critical telecommunications network infrastructure end-point devices.
Consumer malware notification and remediation
The system is a turnkey malware notification and remediation service that provides network-wide protection to the service provider’s customers and enables the service provider to monetize it as an optional service for the consumer and enterprise markets. A notification is triggered when malware activity is detected and gives the subscriber the option to automatically initiate remediation measures, through the NES Subscriber Portal or other customer-facing channels.
Enterprise Malware Notification and Remediation
NES is multi-tenant capable thus enabling the telco service provider to address its enterprise customers with a network-based malware detection solution, customized for each enterprise. The NES Analytics Portal gives each service provider’s enterprise customer their own view of the system.
Related solutions and products
iSIM Secure Connect
Remote SIM Provisioning for eSIM and iSIM based devices made easy
NetGuard Endpoint Detection and Response
Designed for mission critical infrastructures
Threat Intelligence Report 2023
Download the report to identify attack trends and learn how to develop robust 5G network security measures to protect your networks and customers’ data
Learn more about Endpoint security
XDR - Choosing the right solution for your modern security operations
Nokia iSIM Secure Connect provides remote automated xSIM lifecycle management capabilities as-a-service
Endpoint security and device protection / Nokia Digital Trust - TechTalk video
Podcast episode 52: eSIMs and the evolution of the CSP
eSIM and the Future of Secure Digital Identity
Life with a digital identity - introduction to integrated SIM (iSIM)
Go digital to deliver the full promise of smart meters
Unlock new opportunities for digital identity with seamless eSIM and iSIM management
20 Jun 2023
Nokia and Proximus demonstrate future of network security with Europe’s first live hybrid quantum encryption key trial
7 Jun 2023
Nokia Threat Intelligence Report finds malicious IoT botnet activity has sharply increased
12 May 2023
Nokia ranked as a leader in fast-growing XDR security software market by GigaOm
8 Dec 2022
Nokia IP and private wireless chosen by Société du Grand Paris to power one of Europe’s largest metro rail projects
15 Nov 2022
CSPs say they need stronger 5G network security capabilities as breaches mount – Nokia/GlobalData research
23 Aug 2022
Nokia SaaS services strengthened with key GSMA security accreditation
9 May 2022
Nokia launches groundbreaking cybersecurity-focused testing lab in the U.S.
21 Feb 2022
Nokia announces new Software-as-a-Service services in analytics, security, and monetization for CSPs and enterprises #MWC22
24 Nov 2021
Nokia wins awards for its NetGuard XDR Security Operations software and Nokia Digital Assistant solution
17 Nov 2021
Nokia announces entry into Software-as-a-Service for CSPs with multiple services
6 Jul 2021
Nokia launches iSIM Secure Connect software to enable new 5G mobile and IoT services, revenue streams
2 Jun 2021
Nokia launches NetGuard XDR software and MDR services to strengthen 5G security, unlock new revenue for CSPs
2 Feb 2021
Nokia and StarHub partner to expedite standalone 5G services for Singapore customers
22 Oct 2020
Nokia Threat Intelligence Report warns of rising cyberattacks on internet-connected devices
14 Sep 2020
DISH chooses Nokia cloud-native, 5G standalone Core software to build U.S. 5G network with scale, performance, and efficiency
31 Oct 2019
Nokia launches NetGuard Adaptive Security Operations for 5G era
19 Mar 2019
Room40 uses Nokia's machine-learning powered video, audio and IoT analytics to flag emergencies and crime at service stations, parking lots and construction sites
19 Mar 2019
SINET expands into residential market with Nokia's high-speed fiber to the home solution
5 Mar 2019
Nokia wins Indosat Ooredoo's IP/MPLS network upgrade in Indonesia
20 Feb 2019