21 June 2018
| Gareth Willmer
Increased security, reduced costs and enhanced network visibility are just some of the benefits of adopting automation in
networking. Gareth Wilmer investigates this and looks at what’s causing some of the resistance against it
WannaCry, DDoS attacks, ransomware, botnets – the
world has become unhappily familiar with such terms in the past
few years. This has come about as cyberattacks have grown in
sophistication alongside the surge in number of connected
devices, with some of the latest wave hitting record-breaking
sizes in 2018.
At the same time, carriers and other organisations are
undergoing major digital transformations as they move towards
technologies such as SDN, NFV and 5G. This is triggering
greater network automation, calling for new ways of running
security alongside these technologies.
The transformation from legacy environments to
"programmable, horizontally abstracted, open-partner
ecosystems" means that "service providers have to build
security-oriented thinking into every aspect of their
ecosystems", says Daniel Bar-Lev, director in the office of the
CTO at the MEF industry association.
After identifying needs for security services caused by
rising deployment of SD-WANs and use of NFV, the association is
starting a project with its members in the area of
security-as-a-service (SECaaS) under its MEF 3.0 framework. In
line with this, Bar-Lev foresees the opportunity for a whole
new market segment opening up for service providers
specialising in WAN-oriented security services.
"Securing SD-WAN services running in NFV environments is a
challenge that will only grow in scale and complexity," adds
Bar-Lev. To date, he says, security work has often been focused
within service providers’ IT groups rather than
their networking departments, but he emphasises the need to
move towards development of security throughout the
Bar-Lev highlights that automation can reduce the attack
surface by lessening the opportunity for human-associated
vulnerabilities. But, he notes, the flip side is that
automation can spread vulnerabilities rapidly in a hyperscale
environment. "Automating security in a WAN service provider
environment is very much more complex than what we have been
accustomed to until now. Service providers are clearly working
towards a DevOps approach where they deal with security
enhancements in real time."
Chris Richter, VP of global security services at
CenturyLink, explains that the pace of change as activities
become more automated in the move towards technologies such as
SDN, NFV and 5G is such that carriers have to change their
overall processes to keep up. "Changes to IP and the network
core are central to that transformation, and
there’s a security transformation that goes hand
in hand with that," he says.
In line with this rising automation, Richter says
CenturyLink is therefore going through a transition both to aid
its own business and that of its customers. "I talk to many
CIOs who are struggling with the challenges of moving to
automated networks," says Richter.
"They’re faced with having to upgrade all their
infrastructure and are under pressure to reduce their
networking costs. In doing so, they have to make a decision
about where their security controls are going to reside." A key
way for carriers to aid with this, says Richter, is to help
their customers move to cloud-based security, reducing the cost
and complexity of the overall security framework.
"That’s what drove us to create a new security
model that was compatible with technologies such as NFV and
SD-WAN," says Richter.
CenturyLink is also moving to enhance automation in security
itself and is offering automation in some of its security
controls, but customers need to opt in to get this. "Not
everybody trusts automation, so we give customers a choice,"
says Richter. "As we begin to trust technology more,
there’ll be more automation in the backbone."
Carriers, meanwhile, note the benefit of having to build in
security from the start with the new raft of technologies.
"From a security perspective it’s actually good,
because it forces network designers to think first and then
build," says Stefan Schröder, a security expert at
Deutsche Telekom. "That gives us as security experts a good
opportunity to be included in the design to make sure that we
have designed for security and privacy right from the
And Orange, for example, is also following a principle of
"security by design", says Yves Bellego, director of European
networks at the company. This could help in areas such as
mitigating potential increased risk in the use of more
open-source processes in the industry.
One way that Orange is dealing with this is by working
within the industry in open source communities and
standardisation bodies. This may also help in, for example,
bolstering security mechanisms for 5G, where network slicing is
set to lead to new interfaces with new types of player and
bring its own security issues, says Bellego.
Virtualising workloads, meanwhile, calls for central
coordination of security policies and for having controls
virtualised and able to expand along with workloads, says Brian
Rexroad, VP of security platforms at AT&T. He points out
that identity and access management are "significantly more
complex" in this environment, so there is a need to change in
line with this and alter the philosophy around network
But he emphasises that this is a step-by-step process, and
is about learning over time to ensure a thorough understanding
of what works. "The entire network infrastructure
isn’t changing to virtualised overnight," he
The dynamic changes in the network that SDN and NFV enable
mean that sometimes additional security controls will be
needed, but there is a big upside in being able to automate
many functions based on a known event and moving to automate
security, says Lee Field, associate director of solutions
architecture at Verizon Enterprise Solutions.
"Let’s say, for instance, we see 'known
bad’ traffic or actors," he says. "We can automate
change into the core of the network... to proactively defend
One big thing that Verizon has done in recent years, says
Field, is to look at how data gleaned from the
company’s core network can be better used to
defend its own and customers’ infrastructure
– capitalising on the oversight offered by its
extensive global IP network and its in-depth tracing of
cyber-threats over the years.
Carriers are also looking to launch alliances to deal with
the new breed of threats. Telefónica, for instance, has
just teamed up with Etisalat, Singtel and SoftBank to create a
Global Telco Security Alliance, allowing the members to share
intelligence on threats and security capabilities to help
protect enterprises. The alliance is also open to bringing in
new members over time.
"The collaboration between partners within the alliance
helps to bring different views on security and allows [us] to
share intelligence such as tested technologies," says Pedro
Pablo Pérez, CEO at Telefónica’s
cybersecurity unit, ElevenPaths.
CenturyLink’s Richter agrees that interaction
will be important. "One way that we as carriers will be able to
battle that traffic is by working together and communicating
more transparently," he says. "That way, we can keep the
internet as clean as possible of malicious traffic."
While working with enterprise customers, a key requirement
that CenturyLink itself keeps in mind is the need to cooperate
with other carriers to ensure network-agnostic security
controls, he adds. Richter points out that about 90% of the
company’s SD-WAN customers use more than one
carrier to ensure diversity, so accommodating this is
Something that might, meanwhile, aid inter-carrier security
in future is blockchain technology. Indeed, Colt Technology
Services and PCCW Global, along with blockchain start-up Clear,
recently ran a proof of concept to show how the use of
blockchain can slash inter-carrier settlement times from hours
to minutes in a reliable way.
"This is a good example of how Colt is looking at emerging
technologies to try and not only automate processes but also
find a secure way in which to do so," says Ashish Surti, chief
information security officer at the company. "Blockchain by its
very DNA is inherently secure, and as a business Colt is
investigating how blockchain and other technologies can be used
to ensure that security is a major pillar of everything we
As security itself becomes more automated, meanwhile, there
may be challenges resulting from a more hands-off approach.
But Christian Wollner, head of product management for mobile
world at Deutsche Telekom International Carrier Sales &
Solutions (ICSS), explains one way this might be managed
effectively. For instance, on the mobile side the company
operates firewalls for SS7 and SMS, and uses automated
algorithms to carry out this screening efficiently and in real
time – but this also ensures that experts at Deutsche
Telekom double-check traffic patterns.
"This enhances the level of security because we know that
'the other side’ uses human intelligence as well,"
Jay Coley, EMEA director of security at Akamai, flags up a
different challenge – that, for instance, automated
provisioning could push carriers’ customers into
new pricing during a surge in traffic from a DDoS
"Akamai can help by mitigating threats at the access layer
of the internet rather than at the core, potentially preventing
large amounts of traffic aggregating in the core," says
Ultimately, cutting off threats as quickly and cleanly as
possible clearly offers a huge upside for carriers. "Defending
earlier protects the network and performance," says
"Think forward to being able to use machine learning and AI
to make these decisions, and we have some real potential to
implement self-defence through automation on a carrier-grade