Guarded Optimism Over AI for Automation of Telco Security
Artificial intelligence (AI) techniques such as neural networks and machine learning have been used for many years to improve the detection of malicious code and other threats within telecom traffic. The ability of such approaches to establish what normal patterns of traffic look like -- so as to flag abnormalities that might indicate an attack, or to characterize the behavior of systems after they have become infected with malware, so that it is possible to diagnose similar problems in other systems -- is undoubtedly a useful weapon in the fight against hackers and other malicious actors.
And AI has the potential to go further in support of telecom security. For instance, flagging that a denial of service or distributed denial of service (DoS/DDoS) attack has begun is one thing; automatically taking appropriate remediation actions based on the AI system's reasoning of what "appropriate" means is something different.
Vendors of DDoS prevention and mitigation solutions aren’t all sure that removing the human security analyst from this chain of events is a good thing: The consequences of a "false positive" identification of an attack, resulting in incorrect blocking or diverting traffic from certain sources, or of a certain type, can have serious consequences for a telco -- not least in terms of revenue. AI systems that can immediately present a human security analyst with the right type of data on which to base a decision, and perhaps a recommendation for three actions that could be taken, based on a machine learning model, seem a useful approach.
But other security management activities could be even more automated with the help of AI. To understand why in some cases the speed and accuracy of AI is appropriate, it is helpful to think about the threat and vulnerability context in which telcos find themselves at any given time.
The telecom industry has evolved from one where technologies and networks were largely proprietary and partners were trusted, to one that is much more open. This increases both the vulnerability of telco systems and exposes them to more threats. By putting in place new security-hardened networks, and deploying security products and functions, operators can reduce their vulnerability, but their control over threats is more limited.
The ability of AI to carry out complex analysis on high volumes of data very quickly, and to come to decisions about what is a threat, is something that is continually developing as traffic and the nature of threats change. One recent hot area of activity is in baselining of the behavior of devices connected to the Internet of Things (IoT). Here many established vendors and AI startups are developing solutions that will help operators to manage IoT devices and services more securely, making use of automatic profiling of those devices. More widely, application-level anomaly detection using local models of behavior on devices themselves, periodically updated from a central, cloud-based AI system, will help more rapid action in response to threats.
Heavy Reading’s Telecom Security Market Tracker, published in PowerPoint format, analyzes and forecasts the global market for cybersecurity solutions sold to communications service providers (CSPs). It maps available security solutions onto CSP domains, and profiles leading vendors of security solutions sold to CSPs -- both to protect their own networks and to enable them to provide managed security services to their customers.
— Danny Dicks, Contributing Analyst, Heavy Reading