Unlock revenue opportunities security and personalization services · 2020. 11. 30. · Unlock...

© 2018

Published by

WHITEPAPER

Unlock revenueopportunitieswith newsecurity andpersonalizationservices

21265 MNO Security Whitepaper.qxp_Layout 1 26/09/2018 08:55

Executive summary

2 | WHITEPAPER

Accessibility of inappropriate content andconcern about overuse of mobile devices bychildren has left parents looking for better waysto manage internet access. Small businesses arealso looking for ways to ensure all their devicesare protected.

As trusted brands, mobile network operators(MNOs) are ideally positioned to address theseproblems. In doing so they can potentiallyunlock revenue opportunities (ARPU) with newservices deployed in their networks.

DNS-based security and personalisation servicesstand out as a simple, effective, and flexible wayto address these problems because they typically:

• Use proven, familiar DNS infrastructure.

• Provide comprehensive threat coverage,excellent precision and are highly responsive tofast changing threats.

• Allow families to easily configure content filtersand usage management features to matchtheir preferences and values.

• Secure mobile workers in small businesses.

• Deliver a great user experience with nosoftware or ongoing maintenance.

• Work across access technologies – 3G, 4G, 5G,Wi-Fi, Fixed.

• Offer the same user experience as subscriberstraverse converged networks.

For MNOs, DNS-based security services are anobvious opportunity as competitive pressuresincrease and revenue growth remains modest.Different revenue models to drive ARPU can beimplemented: “freemium”, free trial linked tosubscription, premium access service bundlesand so on. MNO-branded offerings alsodemonstrate commitment to subscriber safety,increasing affinity.

Recent high-profile data breaches and numerous waves of widely publicised internetattacks have made everyone nervous about security. Families, small businesses andother organisations are struggling to figure out how to protect themselves.


Unlock revenue opportunities with new security and personalization services | 3

1. Threat Level

A huge range of mobile exploits exist. Forexample, the Anti-Phishing Working Groupestimated the number of phishing attacks hit anall-time high in 2016 (see figure 1). Socialnetworks are now targeted with malicious linksand downloads. People on mobile devices areexcellent targets for phishing and other kinds ofsocial engineering because they’re generallydistracted as they multitask and check theirphones throughout the day, and constrained bysmall screens which may not offer visual cuesthat something is amiss.

In August 2017, researchers from Akamai andelsewhere uncovered a botnet named WireXthat primarily compromised Android devices. Ittargeted Content Delivery Networks (CDNs) andcontent providers in a distributed denial of

service (DDoS) attack. Traffic was observedfrom at least 70,000 concurrent IP addressesfrom more than 100 countries, which is unusualfor current mobile botnets (see figure 2, P4).

In October 2017, a multipurpose malware namedLoapi which infects mobile devices wasreported. Among other things it can sendmalicious SMS, use the device as an HTTP proxy,and display unwanted advertisements (seefigure 3, P5). It can even mine bitcoins,sometimes with disastrous impact on the phone.Malicious advertising networks are anotherplague, which present a direct threat to mobilenetwork infrastructure. Malicious ads consumebandwidth when they are loaded, with no returnfor anyone except the criminals sending them.

Today, mobile is the dominant method of internet access and the rapid proliferationand usage of mobile apps mean MNOs, consumers and businesses face myriadthreats. In an interview with Mobile World Live, James Kelly, Google’s Androidsecurity senior product manager noted securing first-time smartphone users fromthe threat of malware and other criminal activity is one of the most pressingchallenges facing the company today. 1

January April July October January April July October

100,000

125,000

150,000

175,000

75,000

25,000

50,000

0

Figure 1. Phishing activity reached an all time high in 2016

Source: Anti-Phishing Working Group http://docs.apwg.org/reports/apwg_trends_report_q4_2016.pdf

1. https://www.mobileworldlive.com/featured-content/top-three/securing-new-tech-users-a-pressing-challenge-google/


https://www.mobileworldlive.com/featured-content/top-three/securing-new-tech-users-a-pressing-challenge-google/

4 | WHITEPAPER

Taking the discussion a little deeper, mobile appspresent exposure in different ways. One isunauthorised or copycat apps which mimicpopular verified apps and secretly gather userinformation. Legitimate apps can also pose athreat to smartphones and networks if they’vebeen unknowingly compromised during theirdevelopment, or in the deployment cycle.

Major app store providers are of course aware ofthe potential for vulnerabilities. They’re alwayssearching for illegitimate apps. In a blog post inJuly 2017, Google said it had found 20 Lipizzanspyware apps on its Play Store. The apps andtheir developers were blocked from the Androidecosystem, however renegade apps still functionuntil they’re detected so subscribers and MNOs’infrastructure are unprotected for a period oftime. 2

Malware designers go to great lengths toobscure their exploits, but they also design themto change constantly so they can be repurposedquickly. This means short lifetimes aren’tnecessarily a deterrent because malware can just

rise again in a new form hours (or minutes) later.

Even apps designed to protect users can pose athreat because security software adds morecomplexity, which leads to a larger attacksurface. They also typically have privilegedaccess to devices and operating systems, andare equipped to connect with outside resourcesto perform their functions. This makesvulnerabilities in these apps especiallydangerous. Unfortunately, naive andunderfunded developers of mobile security appscan unknowingly create this exposure. Networkbased security solutions don’t have theselimitations (and don’t impose any load on mobilebatteries, processors, and memory).

As an example, a blog on IBM’s Mobile BusinessInsights publication stated research haddiscovered a security app leaking data on morethan 16,000 customers including details of theirfull name, email addresses, phone numbers,device information and the length of theirpasswords. As if this flaw is not big enough, farworse problems can arise.

2017-0

8-24

2017-0

8-2

32017-0

8-2

22017-0

8-2

12017-0

8-2

02017-0

8-19

2017-0

8-18

2017-0

8-17

2017-0

8-16

2017-0

8-15

2017-0

8-14

2017-0

8-13

2017-0

8-12

2017-0

8-11

2017-0

8-10

2017-0

8-0

92017-0

8-0

82017-0

8-0

72017-0

8-0

62017-0

8-0

52017-0

8-0

42017-0

8-0

32017-0

8-0

22017-0

8-0

12017-0

7-3

12017-0

7-3

02017-0

7-2

92017-0

7-2

82017-0

7-27

2017-0

7-2

62017-0

7-2

52017-0

7-24

2017-0

7-2

32017-0

7-2

22017-0

7-2

12017-0

7-2

02017-0

7-19

2017-0

7-18

2017-0

7-17

2017-0

7-16

2017-0

7-15

2017-0

7-14

2017-0

7-13

2017-0

7-12

2017-0

7-11

80k

100k

120k

140k

60k

20k

40k

0

Figure 2: WireX botnet unique IPs observed per hour participating in attacks.

Source: Akamai https://blogs.akamai.com/2017/08/the-wirex-botnet-an-example-of-cross-organisational-cooperation.html

2. https://security.googleblog.com/2017/07/from-chrysaor-to-lipizzan-blocking-new.html


https://security.googleblog.com/2017/07/from-chrysaor-to-lipizzan-blocking-new.html


To summarise the overall security trend, in itsOctober 2016 Threat Intelligence Report, Nokiarevealed the rate of mobile device malwareinfections increased 63 per cent in the secondhalf of 2016, with an average of 1.35 per cent ofall smartphones infected. By contrast only 1.06per cent of all smartphones were infected inApril that year, and the vendor noted the rate ofinfection in October 2016 was the highest it hadseen since it began reporting on malware in2012. These statistics don’t include phishing andsocial network exploits, discussed above.

Parents also face problems coping with thegrowing influence of the internet on theirchildren: they understand the variety ofinappropriate content children can access andsee the constant fixation on the mobile screens.Parents are looking for ways to personalise theirinternet access and want oversight over contentand usage. They want to instil healthy onlinehabits, mediate time online, minimise onlinedistractions and many other things. They don’twant endless software downloads or constantconfiguration headaches.

Dec 2017 Jan 2018 Feb 2018

10k

20k

30k

40k

0k

1000

2000

3000

0

Clients Queries

Figure 3: Loapi malware activity in late 2017

Source: Akamai Spring 2018 State of the Internet/Security Report


2. Operator opportunity

6 | WHITEPAPER

Consumer

Although consumers are aware of the level ofthreats they face, even the most diligent usuallydon’t get around to protecting themselves.Potential problems with apps from reputableproviders, or those that cannot be trusted not toexpose personal details, mean safety-consciousconsumers face an uphill battle.

In-network DNS-based security solutions make itsimple for consumers to protect their devices.There’s no software to install so all they need todo is sign up. Parents can easily configure filtersto block internet content based on their family’sown unique needs and preferences. They canalso set time parameters to manage internetusage or pause access when they need to getchildren’s attention. Services from a known andtrusted third party like their MNO also eliminatethe risk factor of apps and subscribers whocustomise their service in these ways arestrongly motivated to stay.

Public Wi-Fi

In a survey of 500 CIOs and senior IT decisionmakers conducted by iPass, more than two thirdsof respondents said they have introduced a banon public Wi-Fi use: 27 per cent at all times, dueto security concerns.

MNOs who have Wi-Fi in their portfolio would bewell served offering a foundational layer ofsecurity to change the perception of Wi-Fi as“unsafe”. DNS-based services also allowenforcement of Acceptable Use Policies (AUP)to filter content which is not appropriate inpublic venues. Security and content filteringservices protect consumer and businesscustomers, and the operator brand.

Small and Medium Businesses (SMBs)

Large businesses are challenged dealing with amobile workforce but small businesses are farworse off. SMBs often lack IT resources andsecurity expertise, yet 73 per cent of seniormanagers in these enterprises reportcybersecurity is a high priority and they arelooking for ways to reduce their risks, accordingto the Cyber Security Breaches Survey 2017sponsored by the UK Government.

Similarly, for its Mobile Security Index 2018, USoperator Verizon commissioned an independentsurvey of 600 professionals involved inprocuring and managing mobile devices. Itfound 85 per cent of respondents acknowledgedtheir businesses face mobile security threats and74 per cent said the dangers connected withgreater reliance on mobile devices haveincreased over the past year.

Security services offered by an MNO make itsimple for SMBs to protect mobile devices theiremployees use. Budget constraints may limit whatSMBs can spend, but a subscription model with amodest incremental line item on a monthly bill willovercome any budgetary barriers.

These summaries show consumers and smallbusinesses are crying out for someone to step inand deliver a solution. MNOs are ideallypositioned to fill that role and in the processcreate a new revenue opportunity; improvecustomer satisfaction; increase “stickiness”; andpotentially lower support costs since somesecurity problems like crypto mining can beperceived as network or device problems.

For MNOs, security and personalisation services are an obvious opportunity ascompetitive pressures increase and revenue growth remains modest. Target marketsegments are summarised below. Service providers of all types around the worldhave successfully deployed services targeted at each of these segments withdifferent business models (as covered in the case studies section).


Challenge: A leading fixed and mobileoperator in North America sought Akamai’shelp in deploying family protection servicesfor mobile devices.

The operator wanted a solution that allowedthem to deliver different service levels whileoffering users a high degree of control.

Solved: Akamai worked with a technologypartner to deploy its AnswerX solutionincluding managed intelligent DNS resolversalongside additional mobile client features.

Users got a variety of controls coveringinternet screen time and content filters, aswell as a feature that allowed families to‘pause’ internet access.

Benefits: Akamai’s lightweight solution waseasy for the operator to deploy, withautomated security protections that wereupdated constantly.

The configuration user interface wasextremely simple for subscribers to use.

Outcome: The ease of deployment let theoperator deliver an improved subscriberexperience while reducing overall costs.

The service offered a free trial that turned intoeither a basic or premium paid option.

Since launch nearly 80,000 subscribers havetaken out a subscription. The underlyingsystem allows the operator to offer regularupdates to fuel further growth and increasecustomer satisfaction.

CASE STUDY 1


Challenge: Alarmed by the impact ofincreases in malicious activity on its network,a large national telecom operator in Asia-Pacific concluded it needed to do more thansimply educate consumers about the risks ofinternet threats.

The operator saw an opportunity to boostrevenue and customer satisfaction by offeringsecurity-as-a-service, while also combatingthe rising threats to protect its infrastructureand consumers alike.

Solved: Using Akamai’s SPS Secure Consumerproduct, the operator developed a broadbandnetwork protection offer which it madeavailable to all subscribers for free. Customersdid not have to sign up to access the system,but could opt-out if they wished.

The system also enabled the operator todeliver a premium service with parentalcontrols for an additional charge on theirbasic internet access service or as part of amore expensive broadband bundle.

Benefits: SPS Secure Consumer deliveredmore comprehensive threat coverage thansimilar systems evaluated by the operator. Theresulting improvements in consumers’ securityand safety increased customer loyalty, whileopening up new revenue and incentiveopportunities.

Outcome: Less than 2 per cent of customersopted out of the service in the three monthsafter it was launched. In fact, this successprompted the operator to switch the paid-forelement to an opt-out model.

The security service, as part of a new packageof broadband bundles, contributed to afinancial boost of more than $100 million inthe 12 months after launch. The boost wasthanks to an increase in subscribers and areduction in subscriber re-acquisition costsafter around 400,000 customers who were atrisk of leaving the company were enticed tostay by the new service bundles.

CASE STUDY 2


8 | WHITEPAPER

The alternatives

MNOs offering security services can takeadvantage of the alignment of demand fromconsumers and SMBs described above, andlimitations of alternative security solutions.Today’s cyber threats are characterised byinnovation, they’re designed to propagate andbypass detection and controls by continuallymodifying their complexion. No-one is immunebecause these threats spread randomly usingsoftware flaws or social engineering.

Traditional security solutions like endpointsoftware are challenged when it comes tokeeping up with dynamic web exploits thatchange constantly to avoid being detected anddisabled. They’re also not well suited forprotecting the rapidly expanding base of thethings being installed everywhere as part of IoTrollouts.

Endpoint protections aren’t even available forIoT devices, yet there are regular reports ofthese devices being exploited and used formalicious purposes. The Mirai DDoS attack inOctober 2016 is a highly visible example.Connected cameras were loaded withspecialised software and used to execute whatwas, at the time, the largest DDoS attack inhistory. Many other IoT devices have beenexploited, compromising personal privacy andvaluable personal data.

Deep packet inspection (DPI) has been widelyused in mobile networks to manage traffic andcollect data for rating and billing. DPI vendors,anxious to expand their presence in mobilenetworks, are now promoting security usecases. DPI systems can be programmed to lookfor domains (or URLs) containing malicious orunwanted content. When a request for a target

domain/URL is encountered a rule candetermine how it is handled.

In order to reliably support security andpersonalisation use cases DPI equipment mustinspect every subscriber data packet sincemissed packets could allow an exploit tofunction, or unwanted content to be transmittedin a network. Since DPI systems scale withnetwork bandwidth, costs rise accordingly.Enabling personalised services with DPI requiresadditional data plane processing capacity, whichraises costs. Redundancy and provisions forfailover increase installation cost (andcomplexity) even more. DPI also increaseslatency, which is revealed in online benchmarksor tests conducted by regulators.

In 4G networks the cost of scaling in the dataplane with DPI will be substantial: at 5G datarates it will be unsustainable.

Better alternatives are needed for security andpersonalisation services, which is where DNS-based solutions come in.

How DNS-enabled security and personalisationservices work

The DNS performs a simple, but essentialfunction on the internet: resolving an IP address(for example 192.164.128.24) with a given domainname (www.example.com). Because it iseverywhere, highly robust, super-lightweight andhas scaled in parallel with the growth of theinternet for more than 30 years, nearly everylegitimate and malicious application and serviceuses the DNS.

Adding intelligence to DNS resolvers used inevery network enables incoming query streamsto be evaluated against dynamically changingthreat feeds to identify traffic of interest. Policiescan then be applied to this traffic that dictatehow it is handled (see figure 4, P9). For instance,incoming DNS queries can be compared to listsof domain names known to be associated withbotnets and the queries can be dropped toprevent bots from functioning.

Different dynamic feeds can enable differentservices, for example, feeds tracking maliciousactivity can be used to secure homes and smallbusinesses, or feeds tracking categories ofwebsite content (adult, gambling, and so on)can be used to enable a parental control service.Similarly, a wide range of policies canaccommodate a wide range of threats.

“In 4G networks thecost of scaling in thedata plane with DPI willbe substantial: at 5Gdata rates it will beunsustainable.”



This is an exceptionally lightweight method ofidentifying malicious or unwanted activity.Comparing incoming DNS queries againstentries in list feeds is an operation DNS resolversare highly optimised to do (identical to a cachelook up). There is no perceptible latency for theend-user. Servers also need to enforce policieson target domains: drop, rate limit, redirect, andlog (there are others), which is a smallincremental effort, especially when tightlyintegrated into the server code.

There are situations where domain-level visibilityenabled with DNS lookups is insufficient, for

example when a website has been hacked andthus has a mix of benign and malicious content(or family friendly and adult content). ObtainingURL-level visibility is straightforward to enableusing policies that redirect subscriber requests fordomains with URLs that host targeted content toan http proxy. The proxy can identify target URLsand apply policy accordingly. Intelligently routingtraffic to a proxy, using conditional forwarding,only provides additional visibility when it isneeded. This strikes the perfect balance betweenaccurate analysis of traffic, processing burden andsubscriber privacy.

Internet

DNS Resolver

Consumer and business devices

Subscriber & AdminPortals

Streaming threat intelligence, policies

Data collection

Figure 4: DNS resolvers can evaluate incoming queries to determine if they signal malicious orunwanted activity.

Source: Akamai


3. The next generation of mobile securityand personalisation

10 | WHITEPAPER

These features are designed to help MNOs get asustainable competitive advantage with:

• Rapid time to market using tightly integratedsoftware-only applications and deployment options.

• Engaging services that encouragepersonalisation and give families, smallbusinesses or Wi-Fi admins a foundationallayer of security.

• Simplicity for subscribers with a service that“just works” and personalised filters that areeasy to configure with a purpose builtgraphical portal.

• Automated protections continuously updatedwith the latest threat intelligence and contentcategories, covering every device in homes and workplaces.

• Ongoing subscriber interaction with anintegrated in-browser messaging app andcampaign management tools.

• A great user experience with no data planeprocessing and no client software.

• Proven scalability to millions of users.

Why MNOs are well positioned

MNOs are exceptionally well positioned to offerDNS-based security and personalisationsolutions that are inherently biased toward theirbusiness, deployment, and operating strengths.A key advantage MNOs hold in terms of offeringsecurity is their position as a trusted brand.

When combined with their network assets thisperception leaves operators well placed to upsellsecurity services to consumers and businesses.At a stroke they can address a rapidly changingthreat level not well served by traditionalalternatives which struggle to keep pace, andpotentially open a new revenue stream.

Getting more value from existing network assetsis operationally desirable, becoming a must bothin terms of protecting their own infrastructureand fending off competition from OTT providersof security services. MNOs (and convergedservice providers) can build a foundational layerof security and personalisation services into theirexisting access offerings that drives incrementalrevenue. They can take advantage of billingsystems (and relationships) to offer differentrevenue models: “freemium”, free trial linked tosubscription, premium access service bundlesand so on.

Akamai Security and Personalisation Services (SPS) can be deployed by MNOs in theirnetworks, in the cloud, or as a fully managed service. Akamai research teams analysemore than 100 billion DNS queries per day. Akamai SPS uses one of the world's mostaccurate and extensive domain and URL databases for identifying malicious activity,with millions of validated and categorised entries maintained by Data Science experts.Pre-populated categories are continually updated to ensure new exploits (or unwantedcontent) are appropriately classified and automatically filtered.

“A key advantageMNOs hold in terms ofoffering security is theirposition as a trustedbrand.”



ConclusionHigh profile cyber-attacks and an increasingdesire among families and small businesses formore control over internet usage are creatingopportunity for MNOs.

Combining Akamai’s Security andPersonalisation Services with assets includingtheir position as a trusted brand and billingsystems, MNOs can swiftly deploy security-as-a-service as an additional revenue generator usingmultiple business models, in turn increasingoverall customer satisfaction.

These DNS-based solutions are easy to set-upand maintain (particularly when compared withtraditional security solutions), work acrossmultiple access technologies and are simpler toupdate to keep pace with a rapidly changingthreat landscape.


12 | WHITEPAPER

© 2018

Produced by the mobile industry for the mobileindustry, Mobile World Live is the leading multimediaresource that keeps mobile professionals on top of thenews and issues shaping the market. It offers dailybreaking news from around the globe. Exclusive videointerviews with business leaders and event reportsprovide comprehensive insight into the latestdevelopments and key issues. All enhanced by incisiveanalysis from our team of expert commentators. Ourresponsive website design ensures the best readingexperience on any device so readers can keep up-to-date wherever they are.

We also publish five regular eNewsletters to keep themobile industry up-to-speed: The Mobile World LiveDaily, plus weekly newsletters on Mobile Apps, Asia,Mobile Devices and Mobile Money.

What’s more, Mobile World Live produces webinars,the Show Daily publications for all GSMA events andMobile World Live TV – the award-winning broadcastservice of Mobile World Congress and exclusive hometo all GSMA event keynote presentations.

Find out more www.mobileworldlive.com

Disclaimer: The views and opinions expressed in this whitepaper are those of the authorsand do not necessarily reflect the official policy or position of the GSMA or its subsidiaries.

As the world’s largest and most trusted cloud deliveryplatform, Akamai makes it easier for its customers toprovide the best and most secure digital experienceson any device, anytime, anywhere. Akamai’s massivelydistributed platform is unparalleled in scale with over200,000 servers across 130 countries, givingcustomers superior performance and threatprotection. Akamai’s portfolio of web and mobileperformance, cloud security, enterprise access, andvideo delivery solutions are supported by exceptionalcustomer service and 24/7 monitoring. To learn whythe top financial institutions, e-commerce leaders,media and entertainment providers, and governmentorganisations trust Akamai please visitwww.akamai.com, blogs.akamai.com, or @Akamaion Twitter.


Unlock revenue opportunities security and personalization services · 2020. 11. 30. · Unlock...

Documents

Transcript of Unlock revenue opportunities security and personalization services · 2020. 11. 30. · Unlock...