Modernizing security operations with XDR
If they want to modernize their security operations for extended detection and response (XDR), communications service providers (CSPs) need to start by capturing the right data. This means working from a centralized security management platform that’s continuously updated with new data and curated to ensure ongoing relevance.
In theory, the ability to tap into security data from any application, network element, connected resource or device sounds like a great idea. In practice, it creates challenges that few organizations have been able to resolve.
Security teams now have to manage data coming from an extensive network that spans multiple clouds and software-as-a-service (SaaS) applications, growing numbers of branch offices with new SD-WAN connections, distributed internet of things (IoT) devices, operational technology (OT) systems, mobile workers and devices, and now, dozens or even hundreds of home offices.
Many organizations have handled all this in an ad hoc manner, deploying new security solutions for each new segment of the network. Without a central emergency response plan or security strategy to guide them, security operations teams have deployed, on average, more than 40 different point products across their networks.
Many of these solutions are operating in isolation. They don’t share or correlate threat intelligence. Nor do they work seamlessly with other solutions to coordinate threat responses in the same segment of the network, let alone across disparate network environments. Security operations teams are simply unable to centrally manage or orchestrate policy distribution, ensure consistent enforcement, or centralize configurations through endpoints, the network and the cloud.
To accommodate the volume, velocity and variety of security-related data in the variety of security-related data that 5G networks are producing, XDR technologies must be anchored by a modern data pipeline that can collect and process security data at scale across hybrid IT environments.
Bringing it all together with an integrated security platform
To identify threats, security managers and data analysts need a common source of threat intelligence that’s been quickly and accurately correlated from across the network.
This makes interoperability of a CSP’s security tools a top consideration. Regardless of where they’ve been deployed, the tools that are in place need to leverage common security intelligence feeds and share alerts and threat data with other security tools.
NetGuard security management consolidation for consistent response
The easiest and most effective way to make this happen is to build a common security framework using an integrated security platform that can connect security tools from many different vendors. Such a platform needs the following characteristics:
- Integrated security operations: With a single view of security across endpoints, the network and the cloud, CSPs can more easily stop threats before they affect their customers.
- Integrated security tools: CSPs that streamline the security tools in their kit can more easily orchestrate the ones that remain — and more confidently expand their network without compromising its integrity.
- Integrated threat intelligence: A complete picture of the cyberthreat landscape assures the integrity of the network and reduces the burden on security teams to distinguish between minor anomalies and major threats.
CSPs with mature operations often adopt a security orchestration, automation and response (SOAR) solution to coordinate their distributed security system throughout their security operations center (SOC) and network operations center (NOC) environments. If they partner with the right vendor, CSPs can upgrade and leverage XDR solutions to facilitate a more coordinated and consistent response.
XDR can play a central role in SOC modernization
Many CSPs start an XDR project to supplement or perhaps replace their SIEM solutions. That said, SIEM is a foundational SOC technology, so it’s likely most organizations will simply add XDR to SIEM to improve alert fidelity, help analysts triage incidents, or supplement SIEM correlation rules with advanced analytics for threat detection.
Other CSPs focus their first XDR initiative on adding threat detection and response capabilities to cloud-based workloads, SaaS applications and slice-based services to detect adversary exploits, malware downloads or anomalous behavior.
For example, in the United States, new5G digital service provider DISH is deploying Nokia’s NetGuard security suite to orchestrate and automate the response capabilities it needs to rapidly scale its network and intelligently assess and resolve cyber incidents with minimal manual intervention.
DISH Executive Vice President and Chief Network Officer Marc Rouanne explained:
“Nokia is providing DISH with modern SOC security orchestration and automation capabilities, which acts as the brain of the network, making automated decisions about isolated slices and changing policies in real time to strengthen the network’s security stature.”
Nokia NetGuard Adaptive Security Operations (NASO) is a telco-centric security management platform deployed in a cloud-native environment for extended detection and coordinated, consistent response. It integrates and automates audit compliance, privileged access management, threat intelligence, network-based malware detection, and certificate management, and includes connectors and a library of interfaces for multi-vendor infrastructure components and security tools.
Is XDR in your security plans?
Has your organization considered the potential impact of XDR on your security operations? What’s your plan to protect all that data to come? Learn more about how Nokia NASO, built on XDR technologies, can help you modernize, integrate and automate your security operations:
