ALU Adds NFV-Based Malware Protection Solution

Alcatel-Lucent announced that "Motive is to introduce the Motive Security Guardian (powered by Motive Security Labs, formerly Kindsight Security Labs), a virtualized security solution to optimize both the delivery of services as well as the customer experience by protecting service provider’s networks, machine-to-machine (M2M) communications, and mobile and home devices from malware that can degrade performance, mine information and even steal data minutes.

.. When malware is found on a device, its owner is immediately alerted with step-by-step instructions on how to remove the threat. This intervention can significantly reduce calls to care agents triggered by malware, such as complaints of mobile device batteries draining too quickly; bill shock due to pirated data usage; and unwanted pop-up ads on a laptop.

[Related post - "Kindsight Helps ISPs to Detect, Block and Remove Bots" - here]

.. Residing on an operator’s cloud network, it can identify and pinpoint malware on mobile or home devices without having to be installed on them. The solution can be onboarded and managed using Alcatel-Lucent’s CloudBand™ 2.0 NFV platform and can be rapidly scaled up or down to meet market demand". 

See "Alcatel-Lucent’s Motive to deliver virtualized security solution to help service providers ensure a safe ultra-broadband customer experience" - here.

VAS/Security Deployments [275]: Singtel Uses Fortinet to Protect Enterprise Customers

Fortinet announced that it has ".. partnered with SingTel to immediately roll out secured broadband services to enterprises across Singapore. Running on Fortinet's high performance FortiGate® network security platforms and FortiManager® and FortiAnalyzer® centralised management and reporting appliances, the SingTel Business Fibre Broadband Security Suite intercepts security threats and eliminates them in the cloud before they reach a company's IT network. Businesses subscribed to this Suite will have online content filtering bundled with their broadband access. Antivirus and anti-spam protection can be added as options. Besides improving security, the content filtering and anti-spam functions help businesses optimise bandwidth usage and increase staff productivity".

Mr Goh Boon Huat [pictured], VP Business Products, Global Products, SingTel Group Enterprise said: “The SingTel Business Fibre Broadband Security Suite is tailor-made for SMEs, which have little or no IT support. Having a reliable, convenient and automated cloud security enables them to protect their vulnerable IT networks from internal and external threats. Our SME customers can enjoy a secured Internet network allowing them to focus on their business, enhance customer experience and drive new revenue growth,"

See "SingTel and Fortinet Partner to Provide Secured Broadband Services to Businesses" - here.

Australian Police Seeks DPI Appliances @10Gbps

The Australian Federal Police (AFP) ".. intends to expand upon its network forensics expertise to include new deep packet inspection capacity that will be able to capture and retain metadata. The agency is currently seeking tenders for an appliance that can accept a stream of TCP/IP traffic or potentially previously captured packets in PCAP format. The request for tender does not specify where the input to the appliance will come from, but states that at a minimum, it must be able to analyse flows of information at 10Gbps, regardless of whether it is using IPv4 or IPv6. Further requirements that the AFP needs are the ability to identify services and applications at the application layer.

Proposals are additionally expected to be able to filter out packets based on keywords, protocols, applications, IP addresses and ports. They should also identify malware, antivirus activity, communication and mobile applications, detect various types of encryption when used and de-capsulate tunnelling protocols. An example of the latter could include the Layer 2 Tunneling Protocol commonly used in virtual private network (VPN) connections, assuming the AFP is able to bypass the secure channel typically established to protect such data.

See "AFP seeks deep packet inspection capability to capture metadata" - here.

Allot Adds Parental Control and Anti-Malware VAS

The DPI vendors continue to invest in the fast growing parental control market (see "[ABI]: Parental Control Market to Reach $1B in 2013" - here).

Allot Communications announced that it has expanded its Websafe solution beyond its previous single black list filtering to "WebSafe Personal. Fully integrated with Allot Service Gateway .. WebSafe Personal offers two flexible service bundles, which can be deployed together or individually. WebSafe Personal Parental Control allows parents to filter and monitor the websites and content their children view, as well as the amount of time they spend online. WebSafe Personal Anti-Malware prevents incoming viruses, worms, Trojans, bots and other forms of malware from infecting their smartphones, tablets and other handheld devices. WebSafe Personal Anti-Malware provides network-based protection against attacks and 24/7 signature updates, while requiring no action to be performed by subscribers".

".. Allot WebSafe Personal has already been deployed by leading mobile operators in multiple regions across the globe" (see "Allot Sees Growth in VAS Projects, Led by Parental Control" - here and "$6M Parental Control Win for Allot in EMEA (with Partner)" - here).

"Allot WebSafe Personal is a licensed software application that is fully integrated with Allot Service Gateway and Allot NetEnforcer platforms and can be hosted either on a blade in the Allot Service Gateway or hosted externally. Allot WebSafe Personal is NFV-ready and offers operators a pay-as-you-grow concept with the addition of software licenses". 

See "Allot Communications’ WebSafe Personal Delivers Personalized Parental Control and Anti-Malware Services to Fixed and Mobile Operators" - here.

Announcements: Kindsight's Security Analytics and VAS platform

      

More on the growing DPI based analytics for security purposes market (see also yesterday's post on Solera Networks).


Kindsight (subsidiary of Alcatel-Lucent; CEO is Basil Alwan, President of the Alcatel-Lucent IPDivision and Head of Portfolio Strategy for the Alcatel-Lucent Networks Group) announced ".. Kindsight Security Analytics, a new platform for service providers to analyze network traffic for malware and aggregate security statistics onto a single web-based dashboard. The new platform provides unparalleled insights into subscriber infections, enabling Internet service providers and mobile operators to reduce risk within the network and diminish the malicious consumption of network resources".

See previous coverage - "DPI Solution: KindSight's Security VAS" - here. 

Brendan Ziolo (pictured), VP, Marketing, said: "Our new platform provides huge benefits to Internet service providers and mobile operators by giving them real-time, actionable security insights which can reduce network risk and improve the overall service experience.  These service providers may also launch value-added security services using this same platform, which can alert subscribers and help them remove malware from their home networks or mobile devices"

".. Kindsight Security Analytics analyzes Internet traffic for malware and generates aggregated statistics. It is comprised of four key components: Network Intrusion Detection System (NIDS-8800), Alert Reporting Cluster (ARC), Security Analytics Dashboard and Signature Update Service".

See "Kindsight Launches Security Analytics to Help Service Providers Better Protect their Networks and Subscribers" - here.

Security Announcements: ALU Integrated Arbor's DDoS Mitigation into its Routers

   
Alcatel-Lucent and Arbor Networks announced that are ".. offering a joint solution that provides advanced DDoS protection and security capabilities to help address this escalating challenge .. Service providers can deliver denial-of-service ‘scrubbing’ as a cloud-based service from the same platform as virtual private network (VPN) and business Internet services, with minimal incremental investment"

ALU integrates Arbor's Peaklflow SP TMS into its 7750 Service Router. Recently, ALU positioned the 7750 as a mobile gateway (here) and published some data on it DPI capabilities (here).

ALU solution page explains the DDoS mitigation facility protects ".. networks and enterprise services from a wide range of threats, including:

• TCP stack/generic flood attacks
• Fragmentation attacks
• Application layer attacks
• Vulnerability exploit attacks
• Malware pipes
  

See "Alcatel-Lucent and Arbor Networks team up in the fight against ‘denial-of-service’ attacks" - here.

DPI/Security Announcements: Allot Integrates with AdaptiveMobile Parental Control & Malware Protection

 
Allot Communications and AdaptiveMobile announced today "a joint solution that is designed to enable operators to deliver Parental Control and Malware protection as a value-added subscriber service. The solution, based on Allot Service Gateway and AdaptiveMobile’s Network Protection Platform has already been selected by a Tier-1 operator in EMEA .. Intelligent policy-based steering ensures that security services are provided only to opted-in users, optimizing the operator's profitability and protection capabilities".

Gareth Maclachlan (pictured), COO, AdaptiveMobile said: “Parents are asking operators to deliver the most complete levels of protection within the network but with the flexibility to decide what is appropriate for their children. Our joint solution means that operators can now offer a differentiated service and monetize it.”

"With the AdaptiveMobile Network Protection Platform (NPP), an operator can support parental choice in providing mobile communications to children and teenagers yet allow the parent to have full control over how and when the services will be available.

• Personalised Communication Manager: allows the parent to manage all text, voice, IM and other communications to and from their child; limiting who they can contact and the times when contact can be made, whilst ensuring that the parent or selected family members are always accessible
   
• Content Manager: allows the parent to select the type of content a child can access, whether it is by Web, SMS, call or MMS. Not only are inappropriate websites and premium services blocked, the parent can ensure appropriate filter settings are applied at the top search engines, for example or block messages that contain inappropriate words or URL’s
   
• Personalised Usage Manager: Analysis with our customers has shown that one of the busiest usage periods for children is between 10 and 11.30 pm where they are texting and browsing while parents believe their children are asleep. A parent can set their own timetables for permitted usage, including the volume of messages and calls that a child may make or receive; parents can even have the option of allowing more access for good behaviour, or implementing sanctions through a single webclick"

See "Allot and AdaptiveMobile Partner to Enable Carriers to Deliver Personalized Cloud Security" - here.

VAS Deployments (87): SK Telecom [Korea] Selected Fortinet for Security Services

    

Fortinet announced that "SK Telecom, the leading telecommunications provider in Korea, has chosen Fortinet's FortiGate®-3950B high-end network security appliance to help protect its 24-million subscribers using its 3G and 4G LTE services against increasing malicious attacks .. SK Telecom has purchased FortiGate-3950B appliances for carrier-grade NAT service and for 10G firewall protection of its content server farm. With this implementation, the telco provider will be able to apply up to 10 million concurrent session firewall performance, SSL & IPSEC VPN, NAT/PAT, ALG-SIP, DPI (Deep Packet Inspection), and QoS features over its service at no additional cost. Moreover, SK Telecom will be able to offer greater stability in its services by preventing service delays caused by traffic overload and ensure high availability".  

See "SK Telecom Chooses Fortinet to Enable Broad, High Performance Security Protection to its Subscribers" - here.

VAS Deployments (85): AT&T Uses Juniper for Security Services

    

Last May we learned that "AT&T Plans to Launch Wireless Consumer Security Service" (here), and before that "AT&T Develops Mobile Security" (here). Now we hear that the new service will be based on a Juniper solution. 

AT&T announced that it "..has executed an agreement with Juniper Networks to deliver this security capability and additional services based on the platform in the future. This new agreement is part of AT&T’s mobile security strategy to manage and protect smartphones and customer information .. The first phase of the platform – the AT&T Mobile Security application – is expected to be available later this year and is based on the Juniper Networks® Junos® Pulse solution".  

See "AT&T Invests in Mobile Device Security Platform" - here.

Junos Pulse is flexible, supporting personal mobile device access to corporate networks and resources through a zero touch deployment model. A cloud based, Software-as-a-Service (SaaS) offering—which speeds and simplifies deployment and user rollout—Junos Pulse Mobile Security Suite includes the Juniper Networks Junos Pulse Mobile Security Gateway, a hosted, web-based administrative management console from which Junos Pulse Mobile Security Suite services are enabled and managed by enterprises and service providers (here).

DPI: NSA Scans AT&T, Verizon and CenturyLink Traffic Going to Defense Firms

     
Ellen Nakashima reports to the Washington Post that "The National Security Agency is working with Internet service providers to deploy a new generation of tools to scan e-mail and other digital traffic with the goal of thwarting cyberattacks against defense firms by foreign adversaries, senior defense and industry officials say .. The program uses NSA-developed “signatures,” or fingerprints of malicious code, and sequences of suspicious network behavior to filter the Internet traffic flowing to major defense contractors. That allows the Internet providers to disable the threats before an attack can penetrate a contractor’s servers. The trial is testing two particular sets of signatures and behavior patterns that the NSA has detected as threats. The Internet carriers are AT&T, Verizon and CenturyLink. Together they are seeking to filter the traffic of 15 defense contractors".

See "NSA allies with Internet carriers to thwart cyber attacks against defense firms" - here.

While this is a case of "national security", security threats to enterprise customers are real and growing (see Cisco's report below). Nevertheless, security represents an opportunity for ISPs to sell a value-added service.

One aspect, offered by DPI/traffic management vendors is DDoS prevention functions, offered as an add-on to traffic management (see examples from Allot, Arbor, Procera and Sandvine), by detecting traffic anomalies and blocking the relevant packets, thus protecting networks and business or residential subscribers from being attacked.

A recent "Global Threat Report 1Q11" from Cisco (here) finds that "Malicious webmail represented 7% of all Web-delivered malware in March 2011, a 391% increase from January 2011 .. Enterprise users experienced an average of 274 Web malware encounters per month in 1Q11, a 103% increase compared to 2010. Unique Web malware encountered also increased (46%) in 1Q11, from 72,294 unique Web malware in January 2011 to 105,536 in March".

See also "ALU Bell Labs: Network Behavior Analysis Helps to Detect Malware Infection" - here and "Recent Cyber Monday DDoS Attacks "revealed a sophisticated and motivated attacker” - here.



Source: Cisco



DPI/VAS Deployments (35): Telefónica O2 [Czech Republic] Cleans the Internet with NSN

 

Nokia Siemens Networks announced that "Companies that use Telefónica O2 in the Czech Republic for broadband Internet access now have more control and greater security over the service ..Nokia Siemens Networks has integrated its security-as-a-service into Telefónica’s operational support system/business support system (OSS/BSS) platforms. The security service is delivered to Telefónica O2’s enterprise customers from the operator’s secure, centralized, and continuously updated platforms in O2 data centers to protect fixed Internet access. A fixed monthly fee is charged to enterprises for the service."

See "Telefónica O2 gives Czech companies control of Internet access" - here.

O2 calls this service "O2 Clean Internet" (here), and presents the following benefits:

• protect company computers from all internet threats
• increase employee efficiency by blocking distracting, non-work-related web addresses – settings are controlled through a self-care portal (see screenshot)
• no need to buy expensive devices and software
• maintain control over your security expenses for a fixed monthly fee

    

“ .. there are concerns about security threats such as malware, and the implications of access to the web that a company provides and is responsible for, but cannot exercise control over,” said Oscar Gómez, director of Product and Services at Telefónica O2 Czech Republic. “.. Nokia Siemens Networks was chosen to create a bespoke Internet service that we can offer to enterprises that addresses both security threats and responsible use.”

Related posts:

• Virgin Media [UK] Helps Customers to Fight Malware - here
• TalkTalk Uses uawei to Detect Malware (or Parental Control?) - here
• Australia: ISPs Should Detect Virus Infected Computers (DPI Becomes a Must for ISPs) - here
• Sandvine - Who is the Global DSL/Mobile Cusotmer with 20 Properties ? - here
  

 

 

DPI Announcements: Bivio's New Network Content Control System

   

Bivio Networks announced "the launch of its Network Content Control System (NCCS), the industry’s first fully integrated traffic enforcement, Web filtering and threat prevention system for service providers (SPs), carriers, government agencies and large enterprise customers alike"

See "Bivio Networks Introduces Network Content Control System" - here.

"Protecting network users from cyber threats including phishing and malware hosts is crucial for network managers and operators. Furthermore, specific network usage policies require accurate enforcement regardless of the access device type such as laptop computers or mobile smart phones. The Bivio NCCS is a carrier-grade networking platform that utilizes advanced deep-packet inspection (DPI) technology to deliver a rich set of functionality to identify, manage and control network traffic granularly, on a per-user basis, or universally on a network-wide level."

Dr. Elan Amir, president and CEO of Bivio Networks said “.. The NCCS delivers industry-leading web filtering and security safeguards necessary to keep pace with network threats and eliminate costs associated with deploying multiple load balanced or proxy-based devices"

Product brochure - here. The system uses the Flowinspect DPI engine, a company acquired by Bivio last year (see "Bivio Networks Acquires FlowInspect SpA" - here).

DPI/VAS Deployments (21): Virgin Media [UK] Helps Customers to Fight Malware

  

Vigin Media launched a new service that will "help its customers avoid or resolve malware attacks and protect them from potentially irreparable harm".

See "Virgin Media launches malware defence campaign" - here.

Many ISPs are offering desktop security packages to their subscribers, presumably protecting them from viruses and other malware - both on on-line connections (web pages, mainly) and offline (email messages). However, according to Virgin media "many customers haven’t installed any type of computer protection or are failing to keep their security packages up to date. Virgin Media’s Digital Home Support team discovered that nearly a quarter of customers asking for help had computer or speed issues caused by malware infections such as viruses, trojans or spyware."

To solve this "Virgin Media will be working with a number of independent, not-for-profit organisations, .. which constantly monitor the spread of these viruses around the internet .. such as The Shadowserver Foundation [see below], are typically run by volunteer internet professionals that alert ISPs to home connections that might be infected to help minimise the impact of malware attacks on individuals, businesses and governments".

The Shadowserver Foundation is an all volunteer watchdog group of security professionals that gather, track, and report on malware, botnet activity, and electronic fraud. It is the mission of the Shadowserver Foundation to improve the security of the Internet by raising awareness of the presence of compromised servers, malicious attackers, and the spread of malware.

Jon James, executive director of broadband at Virgin Media said: “.. It’s time for ISPs to go beyond the basics and do whatever they can to help protect their customers from this growing problem .. we’re going to do whatever we can to help defend our customers from serious consequences such as identity theft, and even banking fraud .. We’re writing to customers we’ve been told may be infected by malware, encouraging them to check their computers have an up to date security package, such as Virgin Media Security, and offering advice on simple and free ways to disinfect their computer. For those who need a little bit more help we also have our fee-based Digital Home Support service which fixes problems using the latest cutting edge remote control technology”

So while the monitoring service is free, getting support is a value-added service for Virgin.

A month ago we saw a similar service (different technology) offered by another UK ISP - see "DPI Deployment (15) : TalkTalk Uses Huawei to Detect Malware" - here.

See also:

• Australia: ISPs Should Detect Virus Infected Computers (DPI Becomes a Must for ISPs) - here.
• DPI Solution: KindSight's Security VAS (Orange France)- here