Nominum Closes the Loop with ‘Security as a Service’ - A ...
16
Networks and Service Platforms July 2017 Sue Rudd email: [email protected] www.strategyanalytics.com Service Provider Analysis Networks and Service Platforms Report Snapshot Cyberthreats have evolved and become costly. A new approach is needed. Hackers and cybercriminals no longer simply attack web sites and spread malware and viruses directly. Phishing attacks capture user data and software for future use; botnets take control of user devices to make them active participants in a threat network; and compromised IoT devices participate in Distributed Denial of Service (DDoS) attacks so diffuse that they look like user traffic - until it is too late. The latest WannaCry and Petya based ransomware attacks are just some of many that exemplify the cost of SMB attacks that has more than tripled over the last 4 years. To ‘Close the Security Loop’ we need a new Paradigm. A ‘Network Centric’ paradigm that detects threats and protects both Small and Medium Businesses (SMBs), Public Wi-Fi users and the network itself. DNS based network solutions can block the growth of botnets and the spread of ransomware centrally rather than relying on busy SMB end users - who have no IT in-house staff - to keep software up to date. For CSP Managed Security as a Service (SECaaS) can pre-empt attacks before SMB end users are even aware they have a problem. While Domain Name Systems (DNS) have long been used to block DDoS and network-based threats, they can now be the best way to offer ‘SECaaS’ to safeguard SMBs from cyberthreats as they emerge in real time. Nominum Closes the Loop with ‘Security as a Service’ - A Network-based Paradigm
Transcript of Nominum Closes the Loop with ‘Security as a Service’ - A ...
Networks and Service Platforms
July2017SueRudd
email:[email protected]
ServiceProviderAnalysisNetworksandServicePlatforms
Report Snapshot Cyberthreatshaveevolvedandbecomecostly.Anewapproachisneeded.Hackersandcybercriminalsnolongersimplyattackwebsitesandspreadmalwareandvirusesdirectly.Phishingattackscaptureuserdataandsoftwareforfutureuse;botnetstakecontrolofuserdevicestomakethemactiveparticipantsinathreatnetwork;andcompromisedIoTdevicesparticipateinDistributedDenialofService(DDoS)attackssodiffusethattheylooklikeusertraffic-untilitistoolate.
ThelatestWannaCryandPetyabasedransomwareattacksarejustsomeofmanythatexemplifythecostofSMBattacksthathasmorethantripledoverthelast4years.
To‘ClosetheSecurityLoop’weneedanewParadigm.
A‘NetworkCentric’paradigmthatdetectsthreatsandprotectsbothSmallandMediumBusinesses(SMBs),PublicWi-Fiusersandthenetworkitself.
DNSbasednetworksolutionscanblockthegrowthofbotnetsandthespreadofransomwarecentrallyratherthanrelyingonbusySMBendusers-whohavenoITin-housestaff-tokeepsoftwareuptodate.ForCSPManagedSecurityasaService(SECaaS)canpre-emptattacksbeforeSMBendusersareevenawaretheyhaveaproblem.
WhileDomainNameSystems(DNS)havelongbeenusedtoblockDDoSandnetwork-basedthreats,theycannowbethebestwaytooffer‘SECaaS’tosafeguardSMBsfromcyberthreatsastheyemergeinrealtime.
NowCSPscanleveragetheirCAPEXInvestmentoftheirinstalledDNSinfrastructure
Nominum Closes the Loop with ‘Security as a Service’ - A Network-based Paradigm
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 2 of 16
ExecutiveSummarySMBSecurityDemandsanew‘Network-centric’ParadigmCyberthreatshaveevolvedandbecomecostly.Anewapproachisneeded.Hackersandcybercriminalsnolongersimplyattackwebsitesandspreadmalwareandvirusesdirectly.Phishingattackscaptureuserdataandsoftwareforfutureuse;botnetstakecontrolofuserdevicestomakethemactiveparticipantsinathreatnetwork;andcompromisedIoTdevicesparticipateinDistributedDenialofService(DDoS)attackssodiffusethattheylooklikeusertraffic–untilitistoolate.
TheMay2017‘WannaCry’andJune2017Petya-basedransomwareattacksarejustafewofmanythathaveescalatedthecostofSmallandMediumBusiness(SMB)attacksbymorethanthreefoldoverthelastfouryears.
WeneedaNewParadigmthatClosestheSecurityLoopAnew‘Network-centric’paradigmcoulddetectthreatsandprotectbothSmallandMediumBusinesses(SMBs),SmallOfficeHomeOffice(SOHO)usersandthenetwork;andinaddition,blockthegrowthofbotnetsandthespreadofransomwarecentrally.SMBswillneverbefullyprotectediftheyrelyonbusyuserstoalwayskeepsoftwareuptodate.
NewOpportunityforCSPstoofferSMBsSecurityasaService(SECaaS)Exacerbatedsecurityattacksandtheneedforanetwork-basedsecurityapproachhavecreatedanopportunityforCommunicationsServiceProviders(CSPs)toofferSecurityasaService(SECaaS)topreemptthreatsbeforeendusersareevenawaretheyhaveaproblem.WhileDomainNameSystems(DNS)havelongbeenusedtoblockDistributedDenialofService(DDoS)andnetwork-basedthreats,theycannowoffer‘SECaaS’tosafeguardSMBsfromcyberthreatsastheyemergeinrealtimewhilepreventingunprotectedSMBdevicesfromjoiningnetwork-basedattacks.
CSPscanleveragetheirexistingCAPEXInvestmentinDNSinfrastructuretooffermanagedSECaaSatapricepointthatisattractivetomillionsofSMBsubscribers.
Thispaperdescribes:• Dynamicthreatlandscape• Requirementstoaddresssecuritythreats• Network-basedsolutionstomeetnetwork-basedthreats• DNS-basedsolutionsthatleverageCSPstrengths• SMBmarketopportunityforCSPManagedSecurityService• HowCSPsarepositionedtoofferSMBSecurityasaService(SECaaS)
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 3 of 16
TableofContentsExecutiveSummary 2
SecurityDemandsanew‘Network-centric’Paradigm 2Cyberthreatshaveevolvedandbecomecostly.Anewapproachisneeded. 2To‘ClosetheSecurityLoop’weneedanewparadigm. 2
NewOpportunityforCSPstoofferSecurityasaService(SECaaS) 2TableofContents 31. Introduction 42. DynamicThreatLandscape 63. Network-basedSolutionstoMeetNetwork-basedThreats 74. RequirementstoAddressToday’sAttacks 85. DNS-basedDefensesEnableClosedLoopProtection 9
FiveStepstoaClosedLoopSolution 10DeployingtheSECaaSinCSPCloud 11
6. SMBMarketsOfferSignificantManagedServiceOpportunityforCSPs 137. CSPsWell-positionedtoOfferClosedLoopSecurity 14
Sixoutof10userswouldlooktoCSPsforasecuritysolution 148. Conclusion-BusinessBenefitsforCSPsandtheirSMBCustomers 15
SignificantbenefitsforCSPs 15SMBsbenefitfrommanagedSecurityasaService(SECaaS) 15Overallbenefitsofdeliveringsecurity‘fromthenetwork’ 15Thebottomline 15
AppendixA.DifferentiatorsforDNSNetwork-based‘SecurityasaService’ 16Sixkeydifferentiators 16
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 4 of 16
1. IntroductionCompetitivepressuresareforcingCommunicationsServiceProviders(CSPs)toevolvebeyondconnectivityandofferincrementalvalue-added,hostedandmanagedservicestosustainrevenuegrowth.SecurityservicesarenowbecomingacandidateforaCSPmanagedserviceasawarenessoftheneedforsecurityprotectionhasskyrocketedfollowingrecentInternetattacks.
ThreattrendsandstrongalignmentwithlargecustomersegmentshavecreatedanopportunityforCSPstoofferafoundationallayerofwebprotectionforeveryInternetaccess.CSPscanprovideapreviouslyunavailablelevelofwebsecuritytoreducetherisktheircustomersface,withoutimposinganynewconfigurationormanagementburden.
Storiesaboutransomwareandmachinesthatinfiltratesystemstodestroydatahavespreadrapidlyaroundtheworld.Thenumberofphishingattacksreachedanall-timehighin2016accordingtotheAnti-PhishingWorkingGroup.1Phishingisthebasisforunwantedsoftwaredownloadsthatleadtomonetaryordatalosses.Botnetsareescalatingtoo;botslurkingondevicesaretrainedtofindvaluabledatalikecreditcardinformation,loginorothercredentialsforfinancialtransactions,andcanquietlyexportthoseinputsfor‘monetization’.2
TraditionalsecuritysolutionssuchasendpointclientsoftwareorexpensiveUniversalThreatManagement(UTM)appliancesarechallengedtokeepupwithdynamicwebthreatsthatchangeconstantlytoavoiddetection.Thoseapproachesarenotwell-suitedforprotectingtherapidlyexpandingbaseofbotnetsandInternet-connected‘things‘thatarebeinginstalledeverywhere.Therightendpointprotectionsareoftennotevenavailableformanydevicesandhardware.Asaresult,anumberofOvertheTop(OTT)cloud-basedsecuritycompanieshaveemergedtooffertheircloudnetworkformanagedsecurityservices.
CSPsareinfactexceptionallywell-positionedtooffercloud-basedsecuritysolutionsthemselvessincenetwork-basedsolutionsleverageaCSP’sdeploymentandoperatingstrengths.CSPservicesalsoalignwellwithCSPcustomersegmentslikeSmallandMediumBusinesses(SMBs)thatcanbepoorlyservedbylargeenterprisefirewallandotherenterprisesecurityvendors.
CSPsnowhaveanopportunitytoleverageexistingrelationshipstotargettwomarkets:• SmallandMediumBusinesses(SMBs)oftenlackITresourcesandsecurityexpertise,yet
nearlythree-quarters(73%)ofseniormanagersinthesecompaniesreportcybersecurityasahighpriority3andarelookingforwaystoreducetheirrisks.Capitalconstraints,however,limitwhattheycanspend,butasubscriptionmodelwithamodestincrementalmanagedsecurityservicefeeonamonthlybillcouldovercomethesebudgetarybarriers.
1Anti-PhishingWorkingGroupGlobalPhishingSurvey:TrendsandDomainNameUsein2016http://docs.apwg.org/reports/APWG_Global_Phishing_Report_2015-2016.pdf2Botnetsovershadowedbyransomware(inmedia)https://www.welivesecurity.com/2017/06/07/botnets-overshadowed-ransomware-media/3CyberSecurityBreachesSurvey2017https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2017
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 5 of 16
• PublicWi-FihotspotsalsowanttoensureWi-Fiusersaren’texposedtowebthreatsorundesirablecontentwhenworkingremotely.PublicWi-Fihotspotdeploymentsareusuallyremotefacilities,e.g.storefronts,withthesameconstraintsasSMBs,i.e.noITexpertise,limitedbudgets,etc.
Thenewnetwork-basedsecurityapproachdescribedinthispaperwillallowCSPstodeliveranessentialfoundationallayerofprotection‘asaservice’fortheseusecases.CSPscantodaycreatenetwork-basedsubscribersecurityserviceexperienceandoutflanktheOTTcloud-basedsecurityplayers.Becauseitislightweight,easytouse,andcost-effective,newDNS-basedmanagedsecurityservicescanbepositionedasnecessaryforeveryInternetaccessconnection.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 6 of 16
2. DynamicThreatLandscapeToday’scyberthreatsarecharacterizedbyinnovation,andaredesignedtopropagate,andbypassdetectionandcontrolsbycontinually‘changingtheircomplexion.’Nooneisimmunebecausetheyspreadrandomlyusingsoftwareflawsorsocialnetworks.SMBsareespeciallyvulnerablebecausetheyfrequentlydonothaveadedicatedITprofessionalonsite.AsofJune2016thePonemonInstitutereportedthat“55percentofSMBssaytheyexperiencedacyberattackinthepast12monthsand50percentofSMBshadadatabreachduringthepastyear.”4
TheInternetofThings(IoT)isemergingandthereiseveryreasontobelievemoreandmore’things’willget’smart’and’connected’.IoTdeviceshaveawiderangeofcapabilitiesthatcanbe‘hijacked’tocreatediversesecurityvulnerabilities.Theseinclude:
• Intelligence-processor/memory/networkingstack• Instrumentation–cameras,microphones,speakers,sensors• Susceptibilitytocompromise–NATed(NetworkAddressTranslation)-always-onorpolled• Accessibility-openportsandagents,unpatchedvulnerabilities
ThismassivepoolofIoTdevicescreatesanewplayingfieldforattackers.ThepotentialforharmwasdemonstratedinOctober2016whenaMiraibotnetdeliveredthelargestDDoSattackinhistoryleveragingarelativelysmallnumberof‘dumb’devices.5AttackershavebeguntoexploreIoTvulnerabilitiesaspartofthe‘weaponizationofIoTdevices’.6
ThecostoftheseattacksforSMBsisescalating.TheFBIestimatedthatthetotalcostofransomwareintheU.S.was$24millionin2015andincreasedto$209millioninjustthefirstthreemonthsof2016.7Thosenumberscouldbeconservativesincemanytransactionsareneverreportedduetobusinessconcernsaboutpublicdisclosure.TheSmallBusinessAssociationsurveyreferencedabovealsoshowedthatattackcostsforSMBsaveragednearly$9,000withlossesfromhackedbankaccountsaveragingslightlylessthan$7,000.SinceSMBcostofcapitalisoftenhigh,theselossesareevenmorepainful.
4http://www.ponemon.org/blog/smbs-are-vulnerable-to-cyber-attacks5https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html6https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03128USEN&7http://www.reuters.com/article/us-usa-cyber-ransomware-idUSKCN0X917X
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 7 of 16
3. Network-basedSolutionstoMeetNetwork-basedThreatsTomeetthesenewnetwork-basedthreatsandtherisksintroducedbymobiledevices,anewstrategyisneeded.SMBscannotwaituntilanattackreachesenduserPCs,tabletsorsmartphonedevicesandhopethateachterminationwillrespondappropriatelytopromptlyblockathreat,stopanattackorrefusetojoinabotnet.SMBsneedtopreemptthreatsbeforetheyjeopardizeenduserdevices,applicationsorcorporatedatabases.Anewapproachthathandlestheproblemfromthenetworkperspectiveisrequired,SMBscannotrelyonmillionsofbusyenduserstoupdatesoftwarethatwouldclassify,isolateorredirecttheincomingfloodofattacksoneverydifferentdevice.
ITsecurityprofessionalsandtheirInternetandCommunicationsServiceProviders(ISPsandCSPs)needtoworktogetherto:
• Stopattacksatadistanceastheydevelop• Blockemergingthreatsandattackswithinsecondsofidentifyingthem,e.g.byrejecting
unregisteredphishingURLsasfastastheypopupratherthanrelyingonenduserstoavoidclickingonbadlinks
• Assumethatsomeuserswillalwaysbecomeinfectedandautomaticallypreventthemfromspreadinganinfection,virusorransomwaresoftwareacrossthenetwork
• Preventunknowinguserswhoseresourceshavebeenhijackedfromparticipatinginbotnetsandbecomingthreatsthemselves
Network-basedthreatsdemandwescanproactivelyforthreatsandattacksastheyarriveinthenetwork.ServiceprovidersoperatingDNSnetwork-basedsecurityservicescanseeeverythingthatiscominginrealtimeandwiththerightsoftwareinstantaneouslytriggernetwork-basedsolutionstofightbothnetwork-andenduser-originatedattacks.
DNSisthe‘alwayson’threatprotectionmechanismthatcanclosethesecurityloopbydetectingandpreemptingthreatstoSMBsorotherendusersevenbeforetheyareawaretheyhaveaproblem.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 8 of 16
4. RequirementstoAddressToday’sAttacksAsattackersinnovate,CSPandSMBdefensesmustadaptinparallel.Thisdemandsfourkeyrequirements:1. Defensesmustrespondfasttofast-changingmalware
SMBsneedsimplewaystoreducetheirexposuretowebattacks.Enforcementpointsmustbenetwork-basedsothattheyarealwaysavailableandupdatedinrealtime–i.e.no“Decline”or“Later.”Threatfeedsshouldbestreamedsothatthelatestprotectionsarealwaysactive.Real-timeenforcementisessentialtonarrowthewindowofviabilityforattacksandreducethesuccessrateofattackers.
2. Defensesmustbedevice-agnosticThediversityofindividualdevicesrendersclient-basedsecuritysoftwareprotectionimpossibleorimpractical.Acommonlayerofprotectionisrequiredtoinsulatethemultitudeofdiversedevicesthatareconnectedtonetworkstominimizeriskexposure.Thiscommonlayerofdefensecannotonlyblockthreats,butalsooffersausefulbaselinesothatsubtledeviationsfromnormalbehavioraredetectedinstantlyacrossallcategoriesofdevices.
3. Securityupgradesneedtobesimplified,automatedoreliminatedEndusersfrequentlyignore,defer,ordisableautomatedclientorapplicationupdatesthatmayimpacttheirsecurity.EvenSMBstaffchargedwithmanagingsecuritymaydelaythoseeffortsinfavorofurgentrevenue-generatingbusinessactivity.Businessapplicationsandserversmustallhavespecializedprotectionsandmanagement,butminimizingdependenciesonenduserandIoTdeviceswillreduceSMBstaffloadandensuremorerobust,continuouslyupdatedprotection.Usersmustbemadeawareofmaliciousactivitythatiswithintheir‘spanofcontrol.’Wheninfectionsarediscoveredonenduserdevices,orusersattempttonavigatetoknownmaliciousdestinations,e.g.websitesthatdownloadmalware,theyneedtobewarnedinstantlyofthedangersofproceedingandpromptedwithsuggestionsforremediation.Messagesnotonlyalertsubscribersbutmotivateappropriateimmediateaction.
CSPsareuniquelypositionedtomeettheserequirementswithDNStoenable‘ClosedLoop’Security.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 9 of 16
5. DNS-basedDefensesEnableClosedLoopProtectionDomainNameSystem(DNS)canprovidethe‘foundationallayerofprotection’toaddresstheSMBandpublicWi-Fiwebsecuritychallengesdescribedabove.NominumhasrecentlyannounceditsClosedLoopsolutionforCSPsandtheirSMBcustomersthatcanbedeployedinfixed,mobile,andconvergednetworksaswellasonpublicWi-Finetworks.Thissolution–showninthediagrambelow–reliesonintelligentfiltersandpoliciesthatareappliedtoDNSqueriesgeneratedbySMBsubscribersequippedwiththeservice.
SincebothmaliciousandlegitimateapplicationsusetheDNSitisessentialtoidentifythepresenceofmaliciousactivitywithreal-timethreatintelligencefeedsandtoprocesslegitimateDNSqueriesnormally.AsmaliciousqueriesareflaggedbytheNominumsolution,specialtreatmentisimmediatelyapplied.Forexample,auserquerytoaphishingdomainwillberedirectedtopreventtheuserfromgoingtothatphishingsite.Alternatively,abotnetCommandandControl(C&C)querywillbeimmediatelyblockedtopreventbotnetmalwarefromgettinginstructions.VirtuallyeverydeviceandapplicationusestheDNSsonearlyalldevicesandapplicationscanbeprotectedwithminimaluseraction.BecauseDNSisalreadyinthereal-timeflow,noadditionallatencyisintroducedforthesecurequeryprocessingandtheuserexperienceismaximized.
Exhibit1.DNSistheMostEfficientPlacetoMatchQueriestoThreatIntelligence
Source:Nominum
Asindicatedinthechartabove,managingsecurityviaDNSqueriessentfromapplicationsanddevicesisthemostefficientandeffectivewaytoidentifymaliciousactivity.SincealltrafficrequiresaDNSlookup,maliciousactivitycanbedetectedbycomparingincomingDNStrafficagainstallknownthreatfeedsinrealtime.Blockingmaliciousqueriesstopsattacksdead.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 10 of 16
ThecompleteClosedLoopsolutionisdepictedinthediagrambelow.ItconsistsoftightlyintegratedapplicationsthatprotectSMBsandWi-Fiusersfromwebthreatswhileaparallelmessagingapplicationkeepstheminformedandengaged.
Exhibit2.CompleteSecurityDemandsaClosedLoopSolution
Nominum’sDNS-basedClosedLoopsolutionoffersanewfoundationallayerofprotectionforeverySMBInternetaccessconnection.TightlyintegratedapplicationslikethisthatleverageexistingDNSinfrastructurearecost-effectiveforCSPstodeployandenduserstouse,whiletheykeepsubscribersinformedandengaged.
FiveStepstoaClosedLoopSolutionBelowwesummarizewhatoccursateachofthestepsshowninthechartabove.
Exhibit3.Five-stepProcessStep Functionality Description1. Protectthe
NetworkSMBsorpublicWi-Filocationsareprovisionedwitheithercloud-basedoronpremiseDNSserversandintegratedtoconnecteachnewsite.
2. DiscoverandBlockInfections
ActivatedsubscribersareprotectedasallDNSqueriestheysendaspartoftheirnormalwebbrowsing/internalITexperienceareevaluatedbyaNominumDNSresolver.DNStracksmalwareorbotsthatstealvaluablepersonalinformationinrealtime.• Protectionsarenetwork-basedsothereisnoclientsoftwaretobeinstalled.• Completelyautomated,everydeviceinbusinessiscoveredandsubscribers
neverhavetodealwithupdates.• Serviceisalways-onwithup-to-the-minutethreatinformation.• SMBsandpublicWi-Fiadministratorscanuseagraphicalportaltoset
preferencesoncontentallowedatworkplacesandremotelocations/homes.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 11 of 16
Exhibit3.Five-stepProcess(Continued)Step Functionality Description3. AlertInfected
UsersIfadeviceisidentifiedasinfected,e.g.,aftervisitinganunprotectednetwork,anintegratedapplicationwillnotifytheinfecteduser.CSP-brandedin-browsermessagespersonalizedforeverySMBorpublicWi-Ficustomeraresenttoreflectspecificdetailsoftheinfection.Toolsformanagingthesemessagesarebuiltintothesoftware.
4. ProvideRemediationOptions
Linkstoremediationtoolsandadviceincludedinendusermessages.Providerspresentbrandedwebpagesrecommendingtoolsfrompartners.Messagepagespointtoadviceandotherinformation.
5. PreventFurtherInfectionsProactively
Todeteremailorweb-drivenphishing,usersarenotifiedwithanin-browsermessagebeforetheyattempttonavigatetomaliciousdestinationswheremalwareorransomwaremaybelurking.Messagingsenttoenduserswhilethey’reactivelyengaged.Preventativeapproachsavestimeandmoneyandreducesstress.
Source:Nominum
AutomateddynamicthreatlistsfortheseClosedLoopservicesarebasedonintelligentalgorithmsdevelopedbyDataScienceexpertsatNominumandupdatedinrealtimeasthreatsareidentifiedaroundtheglobe.Additionallistscanbecreatedtoautomaticallyfilterunwantedcontent.
Nominumprocessesover100billionDNSqueriesperdayandappliesanalyticstoidentifynewthreatsquicklyandtoderiveuniqueinsightsforalgorithmdevelopment.Asophisticated,multi-stepvalidationprocessminimizesfalsepositivesthatcansignificantlyincreaseoperationaloverheadandreducesubscribersatisfaction.
DeployingSECaaSinCSPCloudCSPscandeploytheinfrastructureneededtosupporttheservicewithintheirownfacilities,inthecloud,orhostedasamanagedservice.DNSserversusedbySMBsonthecustomerpremiseoratpublicWi-Fisitescanbeoperatedinthecloudaspartofthemanagedservice.
ThealternativesforCSPsthatdonotoffersubscribersa‘ClosedLoop’securitysolutionarelessefficient,lesseffectiveandmorelimitedinscope.Forexample,onemajordrawbackoftoday’sendpointsecuritysolutionsisthatprotectionmustbeappliedtoeveryindividualdevice,ratherthantotheentirenetworkandallassociateddevices.Endpointsolutionsleaveholesinthenetworkandfirewallsexplicitlyallowmany‘portholes’thatcybercriminalscantakeadvantageof.Ontheotherhand,networklevelDNSsecurityrequiresnosoftwaredownloads,noportconfigurationandnouser-initiatedupdates–andstilleverydeviceonthenetworkisautomaticallyprotected.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 12 of 16
Exhibit4.DNS-basedSecurityCoversEveryDeviceAutomatically
Source:Nominum
Nominum’sClosedLoopDNS-basedapproachthereforedeliversanewfoundationallayerofprotectionforeveryInternetaccessconnection.CSPsthatdeployitwillhaveasustainablecompetitiveadvantagethatis:
• Lightweight-Noclientsoftwaremeanseverydeviceisprotectedautomatically.Noon-premisehardwaremeanslessCAPEXandOPEXforCSPs.
• Personalized-EachworkplaceorpublicWi-FiadministratorcancustomizetheservicetomatchuniqueneedswithoutanymajorconfigurationoroperationalburdenontheCSP.
• Simplicity-SMBsorWi-Fiadministratorscansetuptheserviceinminutesviaaportal.• Engaging-Integratedmessagingappcreatesopportunitiestoinformandengagesubscribers.• Agile–DNS-enhancedplatformensuresrapidtimetomarketwithcontinuingupgradesfor
CSPsbasedontightlyintegrated,software-onlyapplications,deployableinthecloud,‘asaservice’orasacombinedCPEand‘asaservice’solution
• Automated-Threatdetectionandprotectionenforcementpointsareautomaticallyandinstantaneouslyupdatedwiththereal-timeinputs.
• Scalable-DNScontrolplane-basedprocessinganalyzesallquerieswithoutintroducingadditionallatencyandwasdesignedfromthestartforcarrier-scaleoperations.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 13 of 16
6. SMBMarketsOfferSignificantManagedServiceOpportunityforCSPsAsCSPsmovetooffercloud-basedmanagedservices,onesourceestimatesthattheglobalopportunityforTelecomsManagedServices,includingManagedDataCenters,Networks,DataandInformation,Mobility,CommunicationsandManagedSecurity,islikelytobealmost$12billionin2017andwillgrowataCompound Annual Growth Rate (CAGR)of13.7percenttoover$22billionby2022.8
Separately,itisestimatedthatthetotalmarketforManagedSecurityServices(MSS)couldgrowtoalmost$41 billion by 2022, increasing at a CAGR of 16.6 percent from last year.9Eveniftelecomscapturelessthanone-thirdofthetotalMSSmarket,thisrepresentsahugeopportunity.Andcloud-basedMSSareexpectedtobeespeciallyattractivetoSMBsthathavethepotentialtodriveasubstantialshareofthatrevenue.
SMBsNeedManagedSecurityServices(MSS)AJuly2016reportbyOstermanResearch‘ITSecurityatSMBs:2016BenchmarkingSurvey’describestheresultsofasurveyofSMBsecuritymanagersandindicatesthat55percentofSMBshaveanITstaffofthreeorfewerpeople,and29percenthaveanITstaffofoneorless.ThismeansSMBseithercontractforexpensiveITsecuritypeopleorpurchasesecurity-as-a-serviceorforgoprotectionsaltogether.Thereportnotesthat“whileaslightmajorityofSMBsreportedtheircurrentwebsecuritycapableofstoppingmalwareinfiltrations,fewerthanhalfofrespondentsexpressedconfidenceintheirabilitytoprotectagainstthemostadvancedthreatslikeransomware,phishingandtargetedattacks,orstoppingabreachofsensitivedata.”ThetablebelowshowsITmanagers’levelofconcerncomparedtotheirassessmentoftheircurrentprotections.Italsoindicatesconcernsaboutmanagingaccesstocontentatworkthatcanundermineproductivity,consumebandwidth,andcreateHRexposure.
Exhibit5.ComparisonofSMBConcernsvs.PerceivedLevelofProtection
Source:OstermanResearchInc.‘ITSecurityatSMBs:2016BenchmarkingSurvey’
8ResearchandMarkets:http://www.businesswire.com/news/home/20170524005464/en/9AlliedMarketResearch:https://www.alliedmarketresearch.com/managed-security-services-market
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 14 of 16
7. CSPsareWell-positionedtoOfferClosedLoopSecurityRecentattackshavegreatlyincreasedawarenessofsecurity,andasSMBsrecognizetheyneedoutsidehelp,ManagedSecurityServices(MSS)willbecomeasignificantmarket.
CSPs–bothtelecomsandcableoperators–areabletoservicealargenumberofrelativelysmallcustomersveryefficiently,andanattractivebundleofhigh-speedbandwidth,mobileservicesWi-FiandMSSshouldallowthemtodominatetheSMBmarketforSECaaS.
MobileUsersWanttoBuySecurityServicesfromtheirServiceProviderArecentsurveybyAllotindicatesthat61percentoftheirglobalenduserrespondentssaidtheywouldliketobuyamobilesecurityservicefromtheirserviceprovidereventhoughonly11percentcurrentlypayformobileprotection.“ThegapbetweendemandandfulfillmentformobilesecurityservicespresentsasignificantandimmediateopportunityforCSPs.”SeeExhibitbelow.
Exhibit6.MobileSecurityBuyer’sgapbyRegion
Source:Allot
SixOutof10UsersWouldLooktoCSPsforaSecuritySolutionWhenaskedwhotheywouldliketobuyasecuritysolutionfrom,sixoutof10optedfortheirCSP.
Exhibit7.PercentageofEndUsersWhowouldBuyMobileSecurityServicesfromtheirCSP
Source:Allot
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 15 of 16
8. Conclusion-BusinessBenefitsforCSPsandtheirSMBCustomersDNS-basedmanagedsecuritysolutionsnotonlyprovidesignificantITbenefitsforCSPsandtheirSMBcustomers,theyalsodeliversignificantbusinessandoperationalbenefitstobothparties.Thesearesummarizedbelow:
SignificantBenefitsforCSPsTheDNS-basedSECaaSofferssignificantbenefitsforCSPoperationsandservicedeliveryincluding:
• Controlofacompletesecuritysolution• Real-timemonitoringandcontroloflivesecuritythreats• ConfigurableandflexibleoptionsthatcansupportvariableCSPserviceoffers• Fullvisibilityintobothuserandnetworkevents• ManagedServiceOptionforSMBsandSoHousersandevenconsumers• OngoingsupportfromNominumDataScienceexpertsforupdatesonmalicioussites/activities
SMBsBenefitfromManagedSecurityasaService(SECaaS)SECaaSensuresthatSMBshave:
• Instantaneoususercommunicationsandinteraction• ‘Inherent’security• Simpleactivationandupdates-‘NoAssemblyRequired’andnosoftwaretoinstallorupdate
repeatedly• Protectionforalldevicesandallnetworkaccessconnections
OverallBenefitsofDeliveringSecurity‘FromtheNetwork’Severaluniqueoverallbenefitsaccruefromthisnetwork-centricapproach.
� BreadthofSecurityCoverage:Allusersandalldevicesanywhereoveranyaccesstechnologyareautomaticallyprotectedbysoftwarethatisinstantaneouslyupdatedforthelatestthreats.
� DepthofProtection:Moretimely,reliableandrobustthantraditionaldeviceappsoftwarethatdependsonusersforupgrades.
� Cost-effectiveforbothCSPsandtheirSMBCustomers:NoexpensivesecurityplatformorseparateprobesarerequiredfortheCSPs.SMBswillavoidpayingexpensiveITstaff/contractorsaswellassaveonthecostofacquiring,maintainingandupdatingexpensiveCPEsoftware.Costsareprojectedtobeat40-50percentoftraditionalcustomer-basedsolutionstocreatethemostaffordablepremiumSMBsolutionavailable.
TheBottomLineDNS-basedSecurityasaServiceallowsCSPstodeliver‘AlwaysOn,’instantlythreat-aware,highlyreliableyettotallytransparentproactiveprotectionforSMBs.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 16 of 16
AppendixA.DifferentiatorsforDNSNetwork-based‘SecurityasaService’SixKeyDifferentiators-Simplicity,Scalability,ServiceOffer,‘SeeThrough’,SeamlessandSimultaneousCommunicationBelowwesummarizethesixkeydifferentiatorsthatmakeDNS-basedSECaaSthepreferredsolutionforaCSPmanagedserviceforSMBs.
ExhibitA.1.DNS-basedSECaaS-SixDifferentiatorsthatDeliverUniqueBenefitstoCSPsandSMBs SixDifferentiators DeliveredBenefitforCSP DeliveredBenefitforSMB1. Simplicity § ReducescomplexityofcloudandSMB
securitypackagesolutions§ Makespersonalcontrolandlightweightsolutionsimpleyetpowerful
2. Scalability § Reduceslinearlyincreasingfirewallcosts
§ Scalescomplexnetworksecuritymechanismsandnumberofeventsprocessedseamlessly
§ Scalesthreatandattacksupportdynamicallyasneeded‘ondemand’
3. ServiceOffer § Servicebundleoptionsmakeservice‘sticky’andreducechurnforCSPs
§ SecuritybundleisattractiveforSMBsthatcanaddoptionsinfuture-e.g.customer/guestWi-Fisecurity&HTTPSproxytermination
4. ‘SeeThrough’ § CSPshave‘seethrough’visibilityandbigdataanalyticsforthreatandattackhandlingaswellassubscriberawarenessandpersonalprofileanalytics
§ EverythingistransparenttotheSMBanditsendusers
§ ‘Opt-in’foranalyticsoptions
5. Seamless § SECaaSoperatescrossfixed,mobileandWi-Fiaccessnetworks
§ Authenticationandblockingoperateanywherelocally,regionallyandpotentiallyglobally
§ SecureWi-Fi/hotspotaccessforSMBandshared/publicWi-Fisites
§ SecureguestWi-Fionbusinesssites§ (Future)SecureroamingforemployeesonuntrustedWi-Fioracrossserviceproviders-withDNSroamingagentand/orredirectiontomonitorinputsfromotherDNSplatforms
6.SimultaneousComm-unication
§ Two-wayInteractioncanbeinitiatedwithcustomersassoonasthreatisdetected
§ SMBhastoolsforproactiveinteractiveproblemresolutionandcommunicationwithCSP
Source:StrategyAnalyticsNetworksandServicePlatforms
ThesesixkeydifferentiatorsallowbothtelecomsandcableCSPstocompetenotonlywithtraditionalappandfirewall-basedcompetitorsbutalsowithOTTandcloudmanagedserviceproviders.
