Displaying items by tag: cyberattacks

Nokia launches security software for cloud-native deployments

Written on Thursday, 09 November 2017 10:19

Nokia announced its next-generation “Session Border Controller” software, offering service providers dramatically higher levels of performance and security for their cloud-native deployments.

Nokia SBC acts as the gatekeeper at the edge of the network, preventing cyber-attacks, IP-bandwidth overload and unauthorized access attempts launched against communication interfaces from devices and other peer networks.

The new software provides enhanced capabilities to help customers better manage and protect media and signaling streams within and across their networks, ensuring high-quality, uninterrupted delivery of voice and video.

Extensive testing by Miercom, an independent organization specializing in networking and communications product testing, revealed that Nokia's newest cloud-native SBC delivers performance on par with hardware-based SBC solutions, and far surpasses that of other comparable cloud-based products the firm previously tested.

"Nokia's cloud-based SBC software demonstrated impressive levels of performance, security and scalability in our testing, delivering high signaling and media plane performance, powerful encryption/decryption capabilities, strong DoS and DDoS protection, and more,” said Rob Smithers, CEO of Miercom. “It offers service providers a safe, reliable and affordable way to migrate their session border controllers to a cloud environment."

Key findings from Miercom's testing report revealed that Nokia's new SBC software delivered carrier-grade performance for the most demanding signaling and media plane use cases when implemented as Virtual Network Functions (VNFs). The software also provided complete mitigation of DDoS attacks without any degradation in voice or video call handling and quality; and it also delivered high-density transcoding, encryption, decryption and other compute-intensive tasks, ensuring high-quality, private connections for voice and VoIP calls.

In addition, the software demonstrated high resiliency in failover tests under a high call load (800 calls per second with Transport Layer Security) with 100 percent successful handover of established calls. Is also supported the highest per-VNF capacity for software-based media and signaling compared to other pure-cloud SBC competitors.

"All service providers deploying IP-based communications services need session border control to protect the network at the boundaries. We're the only vendor to offer a cloud-native SBC solution that is field proven in large communication service provider networks with tens of millions of subscribers,” said Bhaskar Gorti, president of Applications & Analytics at Nokia. “The validation by Miercom underscores our ability to deliver world-class products that help customers ensure the safety, reliability and performance of their IP networks."

Nokia SBC enables communication service providers to cost-effectively control, secure and manage access, peering, IP Multimedia Subsystem (IMS), VoLTE and over-the-top (OTT) applications within a single software package, and helps deliver a high-quality voice and video experience for end users.

Designed for cloud deployments, Nokia's SBC software is fully virtualized and supports OpenStack and VMware telco-cloud environments, and is currently used by more than 90 service providers globally, including 12 of the top 25 mobile network providers.

Zain, Kuwait’s leading telecommunications company, today announced their collaboration to launch a new cloud disaster recovery service that will provide IBM and Zain’s enterprise customers with cloud-based business continuity capabilities and faster disaster recovery of their critical IT systems, without incurring the infrastructure expense of a second physical site. Through the new service, customers will benefit from the added flexibility of keeping their data in-country on IBM Cloud.

The disaster recovery as a service (DRaaS) market size in the Middle East is $100.64 million and is expected to see a compound annual growth rate of 44.8 percent through 2021. The Middle East region is experiencing a significant increase in DRaaS adoption due to the increasing number of cyberattacks and other data threats like security breaches, software and hardware failures, and power outages, according to MarketsandMarkets.

The new cloud disaster recovery service will help protect IBM and Zain customers against data loss from their own servers or from other cloud services, and can maintain readiness without the need to invest in additional physical space or stand-by hardware. The service will provide replication of critical applications, infrastructure, data and systems to IBM Cloud so customers can recover from an IT outage within minutes.

Amr Refaat, General Manager, IBM Middle East and Pakistan, commented: “Unplanned downtime or data loss is a risk any business can face. Not only can this lead to business loss but present a threat to a company’s reputation amongst its customers, stakeholders, and the wider public. Having a resiliency plan in place should play an integral part in every business. Through the new cloud disaster recovery service, IBM and Zain customers can run their operations at ease, while we provide around-the-clock monitoring of the recovery environments.”

“Today’s announcement comes as part of our vision to transform Zain into a digital lifestyle provider," said Zain Kuwait’s Chief Executive Officer Eaman Al Roudhan. “The business needs of our corporate customers are continuously changing, and offering them innovative solutions to help maintain resiliency is a top priority for us.”

The cloud disaster recovery team will monitor developing disaster events 24/7 and help ensure that the infrastructure of IBM and Zain customers is equipped to handle the latest threats to keep data, applications and transactions secure. The new service will also enable customers to adjust and customize their resiliency strategies to their own requirements to optimize recovery time.

The new service underscores IBM’s expanding business continuity and resiliency services portfolio. In today’s “always-on” world, IBM offerings like DRaaS and Cloud Resiliency Orchestration are built to simplify and automate the disaster recovery process, increase workflow efficiency, and reduce risk, cost, and system testing time for clients around the world. With more than 50 years of business continuity and disaster recovery experience, today IBM has over 300 resiliency centers across 68 countries.

Zain’s strategy of being a sustainable digital communications company has long focused on the customer experience and using technology to create more value for the customer. The launch of this service is one of the major steps in the company’s strategic plan to introduce more distinctive digital services dedicated to corporate and enterprise customers.

Russia’s FSB security service announced in a statement on Friday, December 2, that it had received intelligence about “plans by foreign secret services to carry out large-scale cyber-attacks from December 5.” The plans, it said, were aimed at “destabilizing Russia’s financial system including the activities of a number of major banks.” FSB is reportedly working to neutralize the threat.

In November, Moscow-based security giant Kaspersky announced that a massive cyber-attack had penetrated at least five of Russia’s largest banks. Those attacks, according to Kaspersky, were carried out using devices located in 30 countries including the United States. One of the banks that were attacked, Sberbank, acknowledged that it had been attacked, but also said that none of its main operations has been affected.

But Russia is not just the victim of large-scale cyber-attacks – in fact; the country has been accused in the past for several major hacking operations in the U.S. In October, Washington formally accused Russia of attempting to “interfere” in the 2016 presidential election. What’s more, German Chancellor Angela Merkel recently said that cyber-attacks by Russia have become so common that they are now a “part of daily life”.

Russia now faces skepticism, such as MI5, the British intelligence agency, warning that Russia is becoming more aggressive and using cyber-attacks to promote its foreign policy abroad. At this stage, Russia’s FSB has not disclosed which countries’ secret services were involved in the recent cyber-attacks aimed at the country’s financial institutions, but has alleged that the attacks would use servers and “command centers” located in the Netherlands belonging to Ukrainian hosting company BlazingFast.

Anton Onopriychuk, director of the Kiev-based company, told AFP it provides "services for protection against cyber-attacks, not for attacks.” He continued, “As yet no one has contacted us about this, neither the FSB or clients,” adding that the company would investigate. The FSB said that "provocative publications" about a crisis in the Russian banking system were planned to appear on social media networks, blogs and mobile phone text messages.

Published in Government

Intel Security, in partnership with the Centre for Strategic and International Studies (CSIS), recently released ‘Hacking the Skills Shortage’, a global report outlining the talent shortage crisis impacting the cybersecurity industry across both companies and nations. A majority of respondents (82 percent) admit to a shortage of cybersecurity skills, with 71 percent of respondents citing this shortage as responsible for direct and measurable damage to organizations whose lack of talent makes them more desirable hacking targets.

“A shortage of people with cybersecurity skills results in direct damage to companies, including the loss of proprietary data and IP,” said James A. Lewis, senior vice president and director of the Strategic Technologies Program at CSIS. “This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage their organization.”

Despite 1 in 4 respondents confirming their organizations have lost proprietary data as a result of their cybersecurity skills gap, there are no signs of this workforce shortage abating in the near-term. Respondent’s surveyed estimate an average of 15 percent of cybersecurity positions in their company will go unfilled by 2020. With the increase in cloud, mobile computing and the Internet of Things, as well as advanced targeted cyberattacks and cyberterrorism across the globe, the need for a stronger cybersecurity workforce is critical. 

“The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cybersecurity talent shortage,” said Raj Samani, VP & CTO, EMEA, Intel Security. “To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the frontline. Finally, we absolutely must diversify our ranks.”

The demand for cybersecurity professionals is outpacing the supply of qualified workers, with highly technical skills the most in need across all countries surveyed. In fact, skills such as intrusion detection, secure software development and attack mitigation were found to be far more valued than softer skills including collaboration, leadership and effective communication. The report studies four dimensions that comprise the cybersecurity talent shortage, which include: 

Cybersecurity Spending: The size and growth of cybersecurity budgets reveals how countries and companies prioritize cybersecurity. Unsurprisingly, countries and industry sectors that spend more on cybersecurity are better placed to deal with the workforce shortage, which according to 71 percent of respondents, has resulted in direct and measureable damage to their organization’s security networks.

Education and Training: Only 23 percent of respondents say education programs are preparing students to enter the industry. This report reveals non-traditional methods of practical learning, such as hands-on training, gaming and technology exercises and hackathons, may be a more effective way to acquire and grow cybersecurity skills. More than half of respondents believe that the cybersecurity skills shortage is worse than talent deficits in other IT professions, placing an emphasis on continuous education and training opportunities.

Employer Dynamics: While salary is unsurprisingly the top motivating factor in recruitment, other incentives are important in recruiting and retaining top talent, such as training, growth opportunities and reputation of the employer’s IT department. Almost half of respondents cite lack of training or qualification sponsorship as common reasons for talent departure.

Recommendations for moving forward:

  • Redefine minimum credentials for entry-level cybersecurity jobs: accept non-traditional sources of education
  • Diversify the cybersecurity field
  • Provide more opportunities for external training
  • Identify technology that can provide intelligent security automation
  • Collect attack data and develop better metrics to quickly identify threats