By Travis Russell
When people say “Alexa, play my music list” or “get me a recipe,” they don’t think about the vulnerabilities voice-enabled devices open up on carrier networks. But CSPs sure do! A landscape once made up of PCS, handsets, servers, and devices now bursts with millions of tiny, connected “things” in homes and enterprises: security cameras, door locks, DVRs, WiFi routers, printers, appliances, monitors.
What happens when millions more users begin streaming music, setting timers, controlling in-home and in-office devices with the IoT-driven digital services? How many millions of potentially “infected” “things” will make us all vulnerable to sabotage and espionage?
Of particular concern are botnet-driven malware attacks, like the Hide-n-Seek and Mirai attacks. Not too long ago, 50,000 unsecured IP surveillance cameras in Japan carried out a massive DDoS botnet attack. These types of attacks can be self-propagating and trigger massive IoT infections, and even DoS attacks. These attacks are even “monetized, with cryptocurrency sites becoming the most recent target. And as perpetrators succeed, they make the code publicly available so that copycats can race to also capture their “15 minutes of fame” —albeit anonymously.
These threats are certainly catching the attention of service providers offering smart-home and intelligent-business services, but even “hardening” of devices cannot fully offset what manufacturers fail to do. For this reason, most security and IT professionals never “breathe easy.” They know the bad guys are racing to be 20 steps ahead, as evidenced in a recent Oracle Communications’ industry survey that shows security as the #1 network challenge.
We expect security to be an increasing concern with the migration from 4G to 5G architecture and the expansion of the IoT. As the surface area of security risk exposure expands, CSP customers and enterprises will demand that suppliers invest in broader network and web application security—anything that helps them gain visibility into botnet activity and to detect when bots are being distributed in various parts of their networks.
In that vein, Oracle Communications has invested significantly in 5G next-gen core security, as well as improving its capabilities to detect new security threats with the acquisition of DNS pioneer DYN. The global DNS is a critical core component and a natural extension to Oracle’s Cloud Infrastructure and Network solutions, all of which are intrinsically architected with security as a number-one priority.
For CSPs and their enterprise customers to protect against botnets, they have to continue to explore solutions that are securely architected, securely deployed, securely maintained and independently verified. That is the case, for example, with Oracle Communications Session Border Controller, which offers SBC denial of service (DoS) self-protection.
The SBC is just one example of the Oracle Communications solutions available to provide multiple levels of security. And as our CSP and enterprise customers get into IoT-driven digital services and feel the pressure to ensure their customers, partners and employees are protected from botnet-driven malware attacks, they will see that security is part of our DNA, as we have architected foundational solutions like Oracle Cloud Infrastructure (OCI) and Oracle Autonomous Database with security as a number-one priority.
Travis Russell is director of cybersecurity at Oracle Communications.