NFV CyberGuard

Traditional telecom networks are based on closed operating system infrastructures that can be effectively protected from hacking and other attacks. Using SDN and NFV technologies for next generation network infrastructures offers benefits like openness, remote programmability, agility and other advantages of IT-like networks. However, the similarity to IT networks that makes SDN/NFV networks advantageous for communications service providers (CSPs) also makes them vulnerable to the full range of cyberattacks that target IT networks.
As network technology moves from single-purpose devices to computed elements with network functions provided as virtualized services (VNF) and which use open protocols like Linux, OpenStack, OpenFlow and more. As they do so, the infrastructure becomes exposed to cyber threats.

The NFVI planes must be protected from advanced persistent threats (APTs) such as flooding and direct denial of service (DDoS); from threats to hypervisor/vSwitch appliances on the control plane; and from malware, remote access threats and specific attacks on the application (VMs) plane. In addition, MitB, open source and spoofing attacks pose threats to all open network layers.

On open networks, these and other advanced persistent threats (APTs) bypass existing security solutions that use log file data from security appliances on the core network to analyze security breaches. APTs can hide undetected in a network and on endpoints for months, stealthily capturing and reporting on data passing through the network, which leaves the network open to penetration by undetected attackers.

Solution Building Blocks
Telco Systems’ NFV cyber security solution, NFV CyberGuard, consists of three building blocks:

  1. TVE detection agents that are embedded in the CloudMetro platform or other NFV white box, and additional security probes which collect data
  2. Big data analytics for aggregation and analysis of metadata and identification of anomalies
  3. SDN controller of the EdgeGenie Service Manager, which takes immediate network-wide action to neutralize threats

Four Steps to Cyber Security

The NFV CyberGuard solution leverages sophisticated algorithms, probes and big-data analytics to protect NFV and SDN networks from threats, in a continuous four-stage process.

  1. COLLECTION: In the collection stage, embedded agents running on the CloudMetro TVE engine, together with other security probes, extract metadata and context, gather information about wire speed and hardware acceleration and perform full session reconstruction. All data is maintained in the NFV CyberGuard real-time database of expected network behavior.
    For CSPs and small-medium-businesses (SMBs) using third-party L2 switches, Telco Systems provides an NFV CyberGuard plug-in that filters flows entering the CSP’s TVE virtualization engine and controls the L2 switch to block flows from penetrating the network when threats or malware are detected.
  2. AGGREGATION: Big data techniques for recording, indexing and analysis are applied in the aggregation phase to definitively identify and characterize threats. Data gathered in previous phases is filtered, re-aggregated, correlated, and investigated using network situational awareness, information discovery, advanced detection forensics and real-time analytics.
  3. DETECTION: Network anomalies and threats are detected by monitoring sensors. The sensors leverage predictions and algorithms to pinpoint suspicious activity, and cyber protection policies are applied across the entire network, to the edge, for full network visibility.
  4. ACTION: Once anomalies are identified, characterized and located, the NFV CyberGuard agent instantaneously activates EdgeGenie Service Manager, Telco Systems’ advanced SDN/NFV network management and orchestration system, to take immediate network-wide action to neutralize threats before they cause damage. NFV CyberGuard provides centralized control and orchestration for actions such as remotely change the IP/MPLS control plane or altering routing to shut off flows, service VNFs, and devices. Networks bypasses are established and deployed to reroute and redirect data flows.

Shut Down Threats Before They Get Out of Hand

For network and security analysts who are seeking to halt propagation of threats on broadband, Ethernet and cellular networks, Telco Systems’ NFV CyberGuard solution provides a powerful, data-driven and actionable basis for EdgeGenie Service Manager SDN Controller decisions to:
  • Reroute traffic
  • Shut off or bypass infected VNFs
  • Shut off network services or devices
  • Auto-deploy vProbes
  • Restore normal operations

Providing Cyber Security as a VNF Service

vCyberGuard, the security-as-a-service version of NFV CyberGuard technology, enables telecommunications network operators to offer value-added IT management and security services for enterprise customers via a virtualized cyber-probe in the operator device. Security services are centrally managed, with actions executed by vCyberGuard based on each customer’s needs and service-level agreements.
2017 Cybersecurity Excellence Award
Telco Systems Wins Cybersecurity Excellence Award for Second Year in a Row. 
Company recognized for protecting SDN and NFV networks against cybersecurity vulnerabilities with its NFV CyberGuard solution.

Press Release 

2016 Global Excellence Awards
Telco Systems received the gold award in the category for Best Security Products and Solutions for Telecommunications at the Global Excellence Awards for its NFV CyberGuard solution for protecting new SDN and NFV networks used by telecommunications service providers from ongoing cybersecurity threats.

Press Release

Cybersecurity Excellence Award 2016
Telco Systems has won the Cybersecurity Excellence Award in the category for SDN/NFV Security.

Telco Systems received this award recognition for its innovative NFV CyberGuard solution protecting SDN and NFV infrastructures against cyberattacks.

SDN and NFV networks are open, software-based and designed to be remotely programmed and controlled with distributed architecture, which create inherent security vulnerabilities, including ongoing threats of cybersecurity related attacks. 

Press Release