As we look at the threatening landscape and the severity of cyber attacks on communication service providers we’ll better understand the key components of what to look for in a next-generation threat protection system. And if you’re not convinced a next-generation threat protection system is right for your organization we’ll highlight the benefits of a tightly coupled, fully integrated solution to provide optimal threat protection and a safe environment.

The changing landscape

Cyber threats against most organizations, including communication service providers, are increasingly originating from emerging countries where their Internet infrastructures are rapidly growing. Attacks—like phishing, bots, spam and denial of service attacks—from these developing areas are becoming more malicious in nature and can be directed at any country. Where previously attackers wrote a relatively small number of threats targeted to a large group, now they create a much higher number of threats targeted to small groups. These targeted attacks are expected to grow along with the thriving underground economy and the use of Web-based attacks as a popular attack vector.

As security threats and attacks continue to evolve, it is critical communication service providers act now to develop a comprehensive security strategy including one that is risk-based and policy driven, information-centric, operationalized and has a well-managed infrastructure. Implementing a progressive solution that is global in its resources and blends automation with human intelligence as a part of this plan is essential. Increasing the barriers for unwanted attacks will not only save the company money, but it will also help protect the company’s brand reputation by enabling a better user experience.

Only a next-generation threat protection system that enables the dynamic application of real-time intelligence sharing for greater effectiveness, responsiveness and operational efficiency can absorb and defend against these sophisticated attacks. Communication service providers need a multi-tiered system that provides protection at both the network and application levels to enhance the accuracy and effectiveness of threat detection and ensure the environment remains safe. With a sweeping approach to message security that goes beyond content scanning, carriers and other service providers will gain a competitive edge through improved service levels and better user experiences. That means less customer churn, higher average revenue per user (ARPU) and simplified management—all at a lower total cost of ownership.

Looking at the impact of cyber attacks on organizations

Email remains a vital messaging channel for communication service providers. But, spam continues to grow (now 85 percent of all email traffic) and evolve along with the increasing number of security threats, such as viruses, phishing, Trojans and malware. Forty-ttwo percent of IT groups cite cyber risk as their top concern, yet most carriers continue to rely on technology that’s a step behind. Failing to detect these threats early and allowing them to deeply infiltrate the network is costly. In addition to hard costs, service providers face customer satisfaction issues that are often damaged beyond repair.

If last year is any indication, three out of four communication service providers will be hit by cyber attacks in 2010. While the potential damage from these and other attacks, such as denial of service, can be severe, fully 90 percent are avoidable if companies better protect their networks. Unfortunately, operating budgets for messaging security continue to be under pressure even as volumes and threats grow. So messaging threats tend to be treated with older solutions using historic thought practices and pieced together disparate products and services. Solutions that offer advanced message management and security capabilities in a single integrated package have simply not been available until recently. The net result of these factors is generally sub-par threat protection.

Important considerations in a next-generation threat protection system

In some cases, communication service providers are strapped by legacy systems that aren’t flexible and don’t scale. In others, they’ve got point applications and platforms that aren’t extensible or simply don’t provide solutions adequate to today’s challenges and needs. What’s needed is a combination of best-of-breed products and services to create a well-rounded suite of message security and management solutions. This combination will more readily enable providers to achieve their business objectives, post higher financial returns and gain a competitive edge in the marketplace. Service providers should look for features such as: network-level, multi-tiered filtering; advanced spam detection and prevention capabilities; flexibility in running different rule sets for different groups on a side-by-side, per-message basis; and the unparalleled ability to integrate into virtually any client environment.

To keep the network and customers safe, communication service providers need a next-generation threat protection system that stays ahead of threats and ensures airtight security in an ever-changing environment. This solution requires a comprehensive, holistic approach that enables carriers and service providers to block threats at the earliest point with fully integrated security components at all levels (content, protocol and edge of network) for real-time intelligence sharing. As a result, they can detect and respond to threats faster (before they cause serious damage to the business), deploy enhanced security capabilities to counter ever-evolving attacks, improve service levels, improve customer experiences and reduce costs through streamlined operations.

An important consideration for communication service providers to look for in a next-generation threat protection system is tight integration offered by independent application and platform providers. Tight integration is important to maximizing the benefit of both, but not to the point of restricting choice, such as with a single source or closed solution. Choosing independent application and platform providers is important because it allows providers to take advantage of the technology innovation of both while preserving their choice to respond to ever-changing threats in the ways that best suit their unique needs.

Advantages of a fully integrated solution

For communication service providers, a tightly coupled and fully integrated solution will enable them to provide better service, leverage their existing infrastructure, conduct better decision-making, gain complete control of messaging activity, lower costs, provide advanced security capabilities, and simplify management and solidify business continuity to their customers.

Provide better service

The need for communication service providers to enhance the user experience for their subscribers to reduce customer churn and infrastructure investment is not nice to have, it’s a must. Genesys, Greenfield Online and analysts from Datamonitor/Ovum (News - Alert) found a $50.6 billion loss from customer churn and industry defects.  Service providers are fighting to keep customers who are looking at low cost and free services.

Better leverage existing infrastructure

The communication services industry can better leverage their infrastructure by stopping spam at the network level. However, efficiency and effectiveness gains are based on intelligence sharing between all components of a solution. This means the solution is dependent on adequate end-to-end resources to identify abuse and to communicate (share intelligence) with the other components. While lower overall network traffic might appear to justify a reduction in downstream servers, such reductions could hinder the effectiveness of the solution and introduce latency. With the communication service providers looking to expand into the business/enterprise market they should leverage their existing infrastructure but take caution in reducing it.

Better decision-making through shared intelligence from other networks and data sources

If a communication service provider chooses an intelligence network with a large base of experts and a high detection rate with few false positives, then they’ll most likely find an automatic and seamless information transfer to both internal and external data repositories and additional intelligence that improves a solution’s accuracy and effectiveness in filtering out threats.

Complete control and visibility of all messaging activity and response to observed behavior

Unlike point-focused products, multi-tiered systems provide protection at both the network level and application level to enhance the accuracy and effectiveness of threat detection and ensure the environment remains safe. And with a sweeping approach to message security that goes way beyond content scanning, communication service providers will gain a competitive edge through improved service levels and better end-user experiences.

Lower costs, greater efficiency via connection/bandwidth management

Connection/bandwidth management with SMTP trending and layer three network-level control combine multiple content scanning modules with heuristics and reputation data at the platform and network level for true multi-tiered filtering. Achieved through tight integration, this approach is proven to deliver better results and more efficient operations than specialized point products.

Combined global and local reputation data maximizes accuracy and minimizes false positives with expanded use of a vendor’s reputation lists as well as data from a provider’s local servers. This balanced approach incorporates new feedback faster, further optimizes layer three (TCP/IP) throttling at the network edge and blends the benefits of a global view with filtering tailored for your environment. The result is threats are quickly, efficiently identified and dealt with, and spammers seek out more vulnerable targets.

Advanced security capabilities to counter ever-evolving threats

Message parking for zero-hour and outbound attacks improves the ability to accurately filter newly released spam threats, as well as outbound attacks (egress spam). Combined with powerful heuristics such as improved botnet detection, fully integrated message parking is an effective method for staying a step ahead of spammers by identifying suspicious messages and holding them for scanning when new filters are available.

Enhanced detection of snowshoe spam goes beyond basic filtering methods which aren’t enough to protect from today’s more sophisticated messaging abuse. However, new tools enable the solution to identify snowshoe attacks—small volumes of spam sent from numerous IP addresses—and prevent these covert threats from impacting a network.

Simplified management and solid business continuity

Simplified management and solid business continuity begin with comprehensive global support. Once a global team is on the same page, they can create a unified interface with robust reporting in a single, unified management console for policy and configuration changes making administering the solution easy and efficient, giving communication service providers greater control over all parts of email security. Powerful reporting consolidates data from all solution components into cohesive graphs, reports and logs for complete end-to-end insight that’s truly actionable.

Additional components include a streamlined and rapid installation which is able to duplicate a communication service provider’s current configuration so they can be assured of a non-disruptive migration. With the flexibility to run entirely different rule sets for individual user groups on a side-by-side, per-message basis, administrators have incredible control over the way messages are handled across the network.

Seamless integration and carrier-grade availability provide an unparalleled ability to integrate with virtually any environment resulting in a fast, easy implementation with minimal administration, so cable providers can experience the benefits immediately. Some solutions provide an automatic failover to ensure 100 percent platform availability so once it’s up, it stays up.

Solutions which update protection in real-time, block threats at the earliest point, maximize bandwidth, enable complete control of all message activities and share intelligence across all protection layers will help simplify management of a next-generation threat protection system.

Summary

With the evolving threat landscape and increasing severity of cyber attacks on communication service providers, the need for a next-generation threat protection solution is immediate. Service providers need to look for a set of best-of-breed solutions including a comprehensive suite of message security and management solutions as the best way to answer the uncertain threat landscape. The impressive list of benefits from such a solution demonstrates just how valuable a change in your protection system can be.

Ken Schneider serves as Chief Technology Officer of the Enterprise Security Group. He is responsible for the overall technology and product strategy across the security portfolio. Focus areas include integration, next generation technology initiatives and system architecture. Schneider is a Vice President and Symantec (News - Alert) Fellow. 

David’s focus is on forging mutually beneficial partnerships with enabling system integrators, consultancies, resellers and distributors for all Message Systems solutions. David’s dynamic style and solid background in messaging software, telecommunication and managed service companies worldwide brings an understanding of both enterprise and service provider environments as well as the global challenges inherent in our industry. His commitment to our partner-centric ethic and his solutions based approach to his initiatives resonates strongly with both our current and prospective partners.