Download - Nominum Closes the Loop with ‘Security as a Service’ - A ...

Networks and Service Platforms

July2017SueRudd

email:[email protected]

ServiceProviderAnalysisNetworksandServicePlatforms

Report Snapshot Cyberthreatshaveevolvedandbecomecostly.Anewapproachisneeded.Hackersandcybercriminalsnolongersimplyattackwebsitesandspreadmalwareandvirusesdirectly.Phishingattackscaptureuserdataandsoftwareforfutureuse;botnetstakecontrolofuserdevicestomakethemactiveparticipantsinathreatnetwork;andcompromisedIoTdevicesparticipateinDistributedDenialofService(DDoS)attackssodiffusethattheylooklikeusertraffic-untilitistoolate.

ThelatestWannaCryandPetyabasedransomwareattacksarejustsomeofmanythatexemplifythecostofSMBattacksthathasmorethantripledoverthelast4years.

To‘ClosetheSecurityLoop’weneedanewParadigm.

A‘NetworkCentric’paradigmthatdetectsthreatsandprotectsbothSmallandMediumBusinesses(SMBs),PublicWi-Fiusersandthenetworkitself.

DNSbasednetworksolutionscanblockthegrowthofbotnetsandthespreadofransomwarecentrallyratherthanrelyingonbusySMBendusers-whohavenoITin-housestaff-tokeepsoftwareuptodate.ForCSPManagedSecurityasaService(SECaaS)canpre-emptattacksbeforeSMBendusersareevenawaretheyhaveaproblem.

WhileDomainNameSystems(DNS)havelongbeenusedtoblockDDoSandnetwork-basedthreats,theycannowbethebestwaytooffer‘SECaaS’tosafeguardSMBsfromcyberthreatsastheyemergeinrealtime.

NowCSPscanleveragetheirCAPEXInvestmentoftheirinstalledDNSinfrastructure

Nominum Closes the Loop with ‘Security as a Service’ - A Network-based Paradigm


Copyright©

Strategy Analytics 2017 | www.strategyanalytics.com 2 of 16

ExecutiveSummarySMBSecurityDemandsanew‘Network-centric’ParadigmCyberthreatshaveevolvedandbecomecostly.Anewapproachisneeded.Hackersandcybercriminalsnolongersimplyattackwebsitesandspreadmalwareandvirusesdirectly.Phishingattackscaptureuserdataandsoftwareforfutureuse;botnetstakecontrolofuserdevicestomakethemactiveparticipantsinathreatnetwork;andcompromisedIoTdevicesparticipateinDistributedDenialofService(DDoS)attackssodiffusethattheylooklikeusertraffic–untilitistoolate.

TheMay2017‘WannaCry’andJune2017Petya-basedransomwareattacksarejustafewofmanythathaveescalatedthecostofSmallandMediumBusiness(SMB)attacksbymorethanthreefoldoverthelastfouryears.

WeneedaNewParadigmthatClosestheSecurityLoopAnew‘Network-centric’paradigmcoulddetectthreatsandprotectbothSmallandMediumBusinesses(SMBs),SmallOfficeHomeOffice(SOHO)usersandthenetwork;andinaddition,blockthegrowthofbotnetsandthespreadofransomwarecentrally.SMBswillneverbefullyprotectediftheyrelyonbusyuserstoalwayskeepsoftwareuptodate.

NewOpportunityforCSPstoofferSMBsSecurityasaService(SECaaS)Exacerbatedsecurityattacksandtheneedforanetwork-basedsecurityapproachhavecreatedanopportunityforCommunicationsServiceProviders(CSPs)toofferSecurityasaService(SECaaS)topreemptthreatsbeforeendusersareevenawaretheyhaveaproblem.WhileDomainNameSystems(DNS)havelongbeenusedtoblockDistributedDenialofService(DDoS)andnetwork-basedthreats,theycannowoffer‘SECaaS’tosafeguardSMBsfromcyberthreatsastheyemergeinrealtimewhilepreventingunprotectedSMBdevicesfromjoiningnetwork-basedattacks.

CSPscanleveragetheirexistingCAPEXInvestmentinDNSinfrastructuretooffermanagedSECaaSatapricepointthatisattractivetomillionsofSMBsubscribers.

Thispaperdescribes:• Dynamicthreatlandscape• Requirementstoaddresssecuritythreats• Network-basedsolutionstomeetnetwork-basedthreats• DNS-basedsolutionsthatleverageCSPstrengths• SMBmarketopportunityforCSPManagedSecurityService• HowCSPsarepositionedtoofferSMBSecurityasaService(SECaaS)


Copyright©


TableofContentsExecutiveSummary 2

SecurityDemandsanew‘Network-centric’Paradigm 2Cyberthreatshaveevolvedandbecomecostly.Anewapproachisneeded. 2To‘ClosetheSecurityLoop’weneedanewparadigm. 2

NewOpportunityforCSPstoofferSecurityasaService(SECaaS) 2TableofContents 31. Introduction 42. DynamicThreatLandscape 63. Network-basedSolutionstoMeetNetwork-basedThreats 74. RequirementstoAddressToday’sAttacks 85. DNS-basedDefensesEnableClosedLoopProtection 9

FiveStepstoaClosedLoopSolution 10DeployingtheSECaaSinCSPCloud 11

6. SMBMarketsOfferSignificantManagedServiceOpportunityforCSPs 137. CSPsWell-positionedtoOfferClosedLoopSecurity 14

Sixoutof10userswouldlooktoCSPsforasecuritysolution 148. Conclusion-BusinessBenefitsforCSPsandtheirSMBCustomers 15

SignificantbenefitsforCSPs 15SMBsbenefitfrommanagedSecurityasaService(SECaaS) 15Overallbenefitsofdeliveringsecurity‘fromthenetwork’ 15Thebottomline 15

AppendixA.DifferentiatorsforDNSNetwork-based‘SecurityasaService’ 16Sixkeydifferentiators 16


Copyright©


1. IntroductionCompetitivepressuresareforcingCommunicationsServiceProviders(CSPs)toevolvebeyondconnectivityandofferincrementalvalue-added,hostedandmanagedservicestosustainrevenuegrowth.SecurityservicesarenowbecomingacandidateforaCSPmanagedserviceasawarenessoftheneedforsecurityprotectionhasskyrocketedfollowingrecentInternetattacks.

ThreattrendsandstrongalignmentwithlargecustomersegmentshavecreatedanopportunityforCSPstoofferafoundationallayerofwebprotectionforeveryInternetaccess.CSPscanprovideapreviouslyunavailablelevelofwebsecuritytoreducetherisktheircustomersface,withoutimposinganynewconfigurationormanagementburden.

Storiesaboutransomwareandmachinesthatinfiltratesystemstodestroydatahavespreadrapidlyaroundtheworld.Thenumberofphishingattacksreachedanall-timehighin2016accordingtotheAnti-PhishingWorkingGroup.1Phishingisthebasisforunwantedsoftwaredownloadsthatleadtomonetaryordatalosses.Botnetsareescalatingtoo;botslurkingondevicesaretrainedtofindvaluabledatalikecreditcardinformation,loginorothercredentialsforfinancialtransactions,andcanquietlyexportthoseinputsfor‘monetization’.2

TraditionalsecuritysolutionssuchasendpointclientsoftwareorexpensiveUniversalThreatManagement(UTM)appliancesarechallengedtokeepupwithdynamicwebthreatsthatchangeconstantlytoavoiddetection.Thoseapproachesarenotwell-suitedforprotectingtherapidlyexpandingbaseofbotnetsandInternet-connected‘things‘thatarebeinginstalledeverywhere.Therightendpointprotectionsareoftennotevenavailableformanydevicesandhardware.Asaresult,anumberofOvertheTop(OTT)cloud-basedsecuritycompanieshaveemergedtooffertheircloudnetworkformanagedsecurityservices.

CSPsareinfactexceptionallywell-positionedtooffercloud-basedsecuritysolutionsthemselvessincenetwork-basedsolutionsleverageaCSP’sdeploymentandoperatingstrengths.CSPservicesalsoalignwellwithCSPcustomersegmentslikeSmallandMediumBusinesses(SMBs)thatcanbepoorlyservedbylargeenterprisefirewallandotherenterprisesecurityvendors.

CSPsnowhaveanopportunitytoleverageexistingrelationshipstotargettwomarkets:• SmallandMediumBusinesses(SMBs)oftenlackITresourcesandsecurityexpertise,yet

nearlythree-quarters(73%)ofseniormanagersinthesecompaniesreportcybersecurityasahighpriority3andarelookingforwaystoreducetheirrisks.Capitalconstraints,however,limitwhattheycanspend,butasubscriptionmodelwithamodestincrementalmanagedsecurityservicefeeonamonthlybillcouldovercomethesebudgetarybarriers.

1Anti-PhishingWorkingGroupGlobalPhishingSurvey:TrendsandDomainNameUsein2016http://docs.apwg.org/reports/APWG_Global_Phishing_Report_2015-2016.pdf2Botnetsovershadowedbyransomware(inmedia)https://www.welivesecurity.com/2017/06/07/botnets-overshadowed-ransomware-media/3CyberSecurityBreachesSurvey2017https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2017


Copyright©


• PublicWi-FihotspotsalsowanttoensureWi-Fiusersaren’texposedtowebthreatsorundesirablecontentwhenworkingremotely.PublicWi-Fihotspotdeploymentsareusuallyremotefacilities,e.g.storefronts,withthesameconstraintsasSMBs,i.e.noITexpertise,limitedbudgets,etc.

Thenewnetwork-basedsecurityapproachdescribedinthispaperwillallowCSPstodeliveranessentialfoundationallayerofprotection‘asaservice’fortheseusecases.CSPscantodaycreatenetwork-basedsubscribersecurityserviceexperienceandoutflanktheOTTcloud-basedsecurityplayers.Becauseitislightweight,easytouse,andcost-effective,newDNS-basedmanagedsecurityservicescanbepositionedasnecessaryforeveryInternetaccessconnection.


Copyright©


2. DynamicThreatLandscapeToday’scyberthreatsarecharacterizedbyinnovation,andaredesignedtopropagate,andbypassdetectionandcontrolsbycontinually‘changingtheircomplexion.’Nooneisimmunebecausetheyspreadrandomlyusingsoftwareflawsorsocialnetworks.SMBsareespeciallyvulnerablebecausetheyfrequentlydonothaveadedicatedITprofessionalonsite.AsofJune2016thePonemonInstitutereportedthat“55percentofSMBssaytheyexperiencedacyberattackinthepast12monthsand50percentofSMBshadadatabreachduringthepastyear.”4

TheInternetofThings(IoT)isemergingandthereiseveryreasontobelievemoreandmore’things’willget’smart’and’connected’.IoTdeviceshaveawiderangeofcapabilitiesthatcanbe‘hijacked’tocreatediversesecurityvulnerabilities.Theseinclude:

• Intelligence-processor/memory/networkingstack• Instrumentation–cameras,microphones,speakers,sensors• Susceptibilitytocompromise–NATed(NetworkAddressTranslation)-always-onorpolled• Accessibility-openportsandagents,unpatchedvulnerabilities

ThismassivepoolofIoTdevicescreatesanewplayingfieldforattackers.ThepotentialforharmwasdemonstratedinOctober2016whenaMiraibotnetdeliveredthelargestDDoSattackinhistoryleveragingarelativelysmallnumberof‘dumb’devices.5AttackershavebeguntoexploreIoTvulnerabilitiesaspartofthe‘weaponizationofIoTdevices’.6

ThecostoftheseattacksforSMBsisescalating.TheFBIestimatedthatthetotalcostofransomwareintheU.S.was$24millionin2015andincreasedto$209millioninjustthefirstthreemonthsof2016.7Thosenumberscouldbeconservativesincemanytransactionsareneverreportedduetobusinessconcernsaboutpublicdisclosure.TheSmallBusinessAssociationsurveyreferencedabovealsoshowedthatattackcostsforSMBsaveragednearly$9,000withlossesfromhackedbankaccountsaveragingslightlylessthan$7,000.SinceSMBcostofcapitalisoftenhigh,theselossesareevenmorepainful.

4http://www.ponemon.org/blog/smbs-are-vulnerable-to-cyber-attacks5https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html6https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03128USEN&7http://www.reuters.com/article/us-usa-cyber-ransomware-idUSKCN0X917X


Copyright©


3. Network-basedSolutionstoMeetNetwork-basedThreatsTomeetthesenewnetwork-basedthreatsandtherisksintroducedbymobiledevices,anewstrategyisneeded.SMBscannotwaituntilanattackreachesenduserPCs,tabletsorsmartphonedevicesandhopethateachterminationwillrespondappropriatelytopromptlyblockathreat,stopanattackorrefusetojoinabotnet.SMBsneedtopreemptthreatsbeforetheyjeopardizeenduserdevices,applicationsorcorporatedatabases.Anewapproachthathandlestheproblemfromthenetworkperspectiveisrequired,SMBscannotrelyonmillionsofbusyenduserstoupdatesoftwarethatwouldclassify,isolateorredirecttheincomingfloodofattacksoneverydifferentdevice.

ITsecurityprofessionalsandtheirInternetandCommunicationsServiceProviders(ISPsandCSPs)needtoworktogetherto:

• Stopattacksatadistanceastheydevelop• Blockemergingthreatsandattackswithinsecondsofidentifyingthem,e.g.byrejecting

unregisteredphishingURLsasfastastheypopupratherthanrelyingonenduserstoavoidclickingonbadlinks

• Assumethatsomeuserswillalwaysbecomeinfectedandautomaticallypreventthemfromspreadinganinfection,virusorransomwaresoftwareacrossthenetwork

• Preventunknowinguserswhoseresourceshavebeenhijackedfromparticipatinginbotnetsandbecomingthreatsthemselves

Network-basedthreatsdemandwescanproactivelyforthreatsandattacksastheyarriveinthenetwork.ServiceprovidersoperatingDNSnetwork-basedsecurityservicescanseeeverythingthatiscominginrealtimeandwiththerightsoftwareinstantaneouslytriggernetwork-basedsolutionstofightbothnetwork-andenduser-originatedattacks.

DNSisthe‘alwayson’threatprotectionmechanismthatcanclosethesecurityloopbydetectingandpreemptingthreatstoSMBsorotherendusersevenbeforetheyareawaretheyhaveaproblem.


Copyright©


4. RequirementstoAddressToday’sAttacksAsattackersinnovate,CSPandSMBdefensesmustadaptinparallel.Thisdemandsfourkeyrequirements:1. Defensesmustrespondfasttofast-changingmalware

SMBsneedsimplewaystoreducetheirexposuretowebattacks.Enforcementpointsmustbenetwork-basedsothattheyarealwaysavailableandupdatedinrealtime–i.e.no“Decline”or“Later.”Threatfeedsshouldbestreamedsothatthelatestprotectionsarealwaysactive.Real-timeenforcementisessentialtonarrowthewindowofviabilityforattacksandreducethesuccessrateofattackers.

2. Defensesmustbedevice-agnosticThediversityofindividualdevicesrendersclient-basedsecuritysoftwareprotectionimpossibleorimpractical.Acommonlayerofprotectionisrequiredtoinsulatethemultitudeofdiversedevicesthatareconnectedtonetworkstominimizeriskexposure.Thiscommonlayerofdefensecannotonlyblockthreats,butalsooffersausefulbaselinesothatsubtledeviationsfromnormalbehavioraredetectedinstantlyacrossallcategoriesofdevices.

3. Securityupgradesneedtobesimplified,automatedoreliminatedEndusersfrequentlyignore,defer,ordisableautomatedclientorapplicationupdatesthatmayimpacttheirsecurity.EvenSMBstaffchargedwithmanagingsecuritymaydelaythoseeffortsinfavorofurgentrevenue-generatingbusinessactivity.Businessapplicationsandserversmustallhavespecializedprotectionsandmanagement,butminimizingdependenciesonenduserandIoTdeviceswillreduceSMBstaffloadandensuremorerobust,continuouslyupdatedprotection.Usersmustbemadeawareofmaliciousactivitythatiswithintheir‘spanofcontrol.’Wheninfectionsarediscoveredonenduserdevices,orusersattempttonavigatetoknownmaliciousdestinations,e.g.websitesthatdownloadmalware,theyneedtobewarnedinstantlyofthedangersofproceedingandpromptedwithsuggestionsforremediation.Messagesnotonlyalertsubscribersbutmotivateappropriateimmediateaction.

CSPsareuniquelypositionedtomeettheserequirementswithDNStoenable‘ClosedLoop’Security.


Copyright©


5. DNS-basedDefensesEnableClosedLoopProtectionDomainNameSystem(DNS)canprovidethe‘foundationallayerofprotection’toaddresstheSMBandpublicWi-Fiwebsecuritychallengesdescribedabove.NominumhasrecentlyannounceditsClosedLoopsolutionforCSPsandtheirSMBcustomersthatcanbedeployedinfixed,mobile,andconvergednetworksaswellasonpublicWi-Finetworks.Thissolution–showninthediagrambelow–reliesonintelligentfiltersandpoliciesthatareappliedtoDNSqueriesgeneratedbySMBsubscribersequippedwiththeservice.

SincebothmaliciousandlegitimateapplicationsusetheDNSitisessentialtoidentifythepresenceofmaliciousactivitywithreal-timethreatintelligencefeedsandtoprocesslegitimateDNSqueriesnormally.AsmaliciousqueriesareflaggedbytheNominumsolution,specialtreatmentisimmediatelyapplied.Forexample,auserquerytoaphishingdomainwillberedirectedtopreventtheuserfromgoingtothatphishingsite.Alternatively,abotnetCommandandControl(C&C)querywillbeimmediatelyblockedtopreventbotnetmalwarefromgettinginstructions.VirtuallyeverydeviceandapplicationusestheDNSsonearlyalldevicesandapplicationscanbeprotectedwithminimaluseraction.BecauseDNSisalreadyinthereal-timeflow,noadditionallatencyisintroducedforthesecurequeryprocessingandtheuserexperienceismaximized.

Exhibit1.DNSistheMostEfficientPlacetoMatchQueriestoThreatIntelligence

Source:Nominum

Asindicatedinthechartabove,managingsecurityviaDNSqueriessentfromapplicationsanddevicesisthemostefficientandeffectivewaytoidentifymaliciousactivity.SincealltrafficrequiresaDNSlookup,maliciousactivitycanbedetectedbycomparingincomingDNStrafficagainstallknownthreatfeedsinrealtime.Blockingmaliciousqueriesstopsattacksdead.


Copyright©


ThecompleteClosedLoopsolutionisdepictedinthediagrambelow.ItconsistsoftightlyintegratedapplicationsthatprotectSMBsandWi-Fiusersfromwebthreatswhileaparallelmessagingapplicationkeepstheminformedandengaged.

Exhibit2.CompleteSecurityDemandsaClosedLoopSolution

Nominum’sDNS-basedClosedLoopsolutionoffersanewfoundationallayerofprotectionforeverySMBInternetaccessconnection.TightlyintegratedapplicationslikethisthatleverageexistingDNSinfrastructurearecost-effectiveforCSPstodeployandenduserstouse,whiletheykeepsubscribersinformedandengaged.

FiveStepstoaClosedLoopSolutionBelowwesummarizewhatoccursateachofthestepsshowninthechartabove.

Exhibit3.Five-stepProcessStep Functionality Description1. Protectthe

NetworkSMBsorpublicWi-Filocationsareprovisionedwitheithercloud-basedoronpremiseDNSserversandintegratedtoconnecteachnewsite.

2. DiscoverandBlockInfections

ActivatedsubscribersareprotectedasallDNSqueriestheysendaspartoftheirnormalwebbrowsing/internalITexperienceareevaluatedbyaNominumDNSresolver.DNStracksmalwareorbotsthatstealvaluablepersonalinformationinrealtime.• Protectionsarenetwork-basedsothereisnoclientsoftwaretobeinstalled.• Completelyautomated,everydeviceinbusinessiscoveredandsubscribers

neverhavetodealwithupdates.• Serviceisalways-onwithup-to-the-minutethreatinformation.• SMBsandpublicWi-Fiadministratorscanuseagraphicalportaltoset

preferencesoncontentallowedatworkplacesandremotelocations/homes.


Copyright©


Exhibit3.Five-stepProcess(Continued)Step Functionality Description3. AlertInfected

UsersIfadeviceisidentifiedasinfected,e.g.,aftervisitinganunprotectednetwork,anintegratedapplicationwillnotifytheinfecteduser.CSP-brandedin-browsermessagespersonalizedforeverySMBorpublicWi-Ficustomeraresenttoreflectspecificdetailsoftheinfection.Toolsformanagingthesemessagesarebuiltintothesoftware.

4. ProvideRemediationOptions

Linkstoremediationtoolsandadviceincludedinendusermessages.Providerspresentbrandedwebpagesrecommendingtoolsfrompartners.Messagepagespointtoadviceandotherinformation.

5. PreventFurtherInfectionsProactively

Todeteremailorweb-drivenphishing,usersarenotifiedwithanin-browsermessagebeforetheyattempttonavigatetomaliciousdestinationswheremalwareorransomwaremaybelurking.Messagingsenttoenduserswhilethey’reactivelyengaged.Preventativeapproachsavestimeandmoneyandreducesstress.

Source:Nominum

AutomateddynamicthreatlistsfortheseClosedLoopservicesarebasedonintelligentalgorithmsdevelopedbyDataScienceexpertsatNominumandupdatedinrealtimeasthreatsareidentifiedaroundtheglobe.Additionallistscanbecreatedtoautomaticallyfilterunwantedcontent.

Nominumprocessesover100billionDNSqueriesperdayandappliesanalyticstoidentifynewthreatsquicklyandtoderiveuniqueinsightsforalgorithmdevelopment.Asophisticated,multi-stepvalidationprocessminimizesfalsepositivesthatcansignificantlyincreaseoperationaloverheadandreducesubscribersatisfaction.

DeployingSECaaSinCSPCloudCSPscandeploytheinfrastructureneededtosupporttheservicewithintheirownfacilities,inthecloud,orhostedasamanagedservice.DNSserversusedbySMBsonthecustomerpremiseoratpublicWi-Fisitescanbeoperatedinthecloudaspartofthemanagedservice.

ThealternativesforCSPsthatdonotoffersubscribersa‘ClosedLoop’securitysolutionarelessefficient,lesseffectiveandmorelimitedinscope.Forexample,onemajordrawbackoftoday’sendpointsecuritysolutionsisthatprotectionmustbeappliedtoeveryindividualdevice,ratherthantotheentirenetworkandallassociateddevices.Endpointsolutionsleaveholesinthenetworkandfirewallsexplicitlyallowmany‘portholes’thatcybercriminalscantakeadvantageof.Ontheotherhand,networklevelDNSsecurityrequiresnosoftwaredownloads,noportconfigurationandnouser-initiatedupdates–andstilleverydeviceonthenetworkisautomaticallyprotected.


Copyright©


Exhibit4.DNS-basedSecurityCoversEveryDeviceAutomatically

Source:Nominum

Nominum’sClosedLoopDNS-basedapproachthereforedeliversanewfoundationallayerofprotectionforeveryInternetaccessconnection.CSPsthatdeployitwillhaveasustainablecompetitiveadvantagethatis:

• Lightweight-Noclientsoftwaremeanseverydeviceisprotectedautomatically.Noon-premisehardwaremeanslessCAPEXandOPEXforCSPs.

• Personalized-EachworkplaceorpublicWi-FiadministratorcancustomizetheservicetomatchuniqueneedswithoutanymajorconfigurationoroperationalburdenontheCSP.

• Simplicity-SMBsorWi-Fiadministratorscansetuptheserviceinminutesviaaportal.• Engaging-Integratedmessagingappcreatesopportunitiestoinformandengagesubscribers.• Agile–DNS-enhancedplatformensuresrapidtimetomarketwithcontinuingupgradesfor

CSPsbasedontightlyintegrated,software-onlyapplications,deployableinthecloud,‘asaservice’orasacombinedCPEand‘asaservice’solution

• Automated-Threatdetectionandprotectionenforcementpointsareautomaticallyandinstantaneouslyupdatedwiththereal-timeinputs.

• Scalable-DNScontrolplane-basedprocessinganalyzesallquerieswithoutintroducingadditionallatencyandwasdesignedfromthestartforcarrier-scaleoperations.


Copyright©


6. SMBMarketsOfferSignificantManagedServiceOpportunityforCSPsAsCSPsmovetooffercloud-basedmanagedservices,onesourceestimatesthattheglobalopportunityforTelecomsManagedServices,includingManagedDataCenters,Networks,DataandInformation,Mobility,CommunicationsandManagedSecurity,islikelytobealmost$12billionin2017andwillgrowataCompound Annual Growth Rate (CAGR)of13.7percenttoover$22billionby2022.8

Separately,itisestimatedthatthetotalmarketforManagedSecurityServices(MSS)couldgrowtoalmost$41 billion by 2022, increasing at a CAGR of 16.6 percent from last year.9Eveniftelecomscapturelessthanone-thirdofthetotalMSSmarket,thisrepresentsahugeopportunity.Andcloud-basedMSSareexpectedtobeespeciallyattractivetoSMBsthathavethepotentialtodriveasubstantialshareofthatrevenue.

SMBsNeedManagedSecurityServices(MSS)AJuly2016reportbyOstermanResearch‘ITSecurityatSMBs:2016BenchmarkingSurvey’describestheresultsofasurveyofSMBsecuritymanagersandindicatesthat55percentofSMBshaveanITstaffofthreeorfewerpeople,and29percenthaveanITstaffofoneorless.ThismeansSMBseithercontractforexpensiveITsecuritypeopleorpurchasesecurity-as-a-serviceorforgoprotectionsaltogether.Thereportnotesthat“whileaslightmajorityofSMBsreportedtheircurrentwebsecuritycapableofstoppingmalwareinfiltrations,fewerthanhalfofrespondentsexpressedconfidenceintheirabilitytoprotectagainstthemostadvancedthreatslikeransomware,phishingandtargetedattacks,orstoppingabreachofsensitivedata.”ThetablebelowshowsITmanagers’levelofconcerncomparedtotheirassessmentoftheircurrentprotections.Italsoindicatesconcernsaboutmanagingaccesstocontentatworkthatcanundermineproductivity,consumebandwidth,andcreateHRexposure.

Exhibit5.ComparisonofSMBConcernsvs.PerceivedLevelofProtection

Source:OstermanResearchInc.‘ITSecurityatSMBs:2016BenchmarkingSurvey’

8ResearchandMarkets:http://www.businesswire.com/news/home/20170524005464/en/9AlliedMarketResearch:https://www.alliedmarketresearch.com/managed-security-services-market


Copyright©


7. CSPsareWell-positionedtoOfferClosedLoopSecurityRecentattackshavegreatlyincreasedawarenessofsecurity,andasSMBsrecognizetheyneedoutsidehelp,ManagedSecurityServices(MSS)willbecomeasignificantmarket.

CSPs–bothtelecomsandcableoperators–areabletoservicealargenumberofrelativelysmallcustomersveryefficiently,andanattractivebundleofhigh-speedbandwidth,mobileservicesWi-FiandMSSshouldallowthemtodominatetheSMBmarketforSECaaS.

MobileUsersWanttoBuySecurityServicesfromtheirServiceProviderArecentsurveybyAllotindicatesthat61percentoftheirglobalenduserrespondentssaidtheywouldliketobuyamobilesecurityservicefromtheirserviceprovidereventhoughonly11percentcurrentlypayformobileprotection.“ThegapbetweendemandandfulfillmentformobilesecurityservicespresentsasignificantandimmediateopportunityforCSPs.”SeeExhibitbelow.

Exhibit6.MobileSecurityBuyer’sgapbyRegion

Source:Allot

SixOutof10UsersWouldLooktoCSPsforaSecuritySolutionWhenaskedwhotheywouldliketobuyasecuritysolutionfrom,sixoutof10optedfortheirCSP.

Exhibit7.PercentageofEndUsersWhowouldBuyMobileSecurityServicesfromtheirCSP

Source:Allot


Copyright©


8. Conclusion-BusinessBenefitsforCSPsandtheirSMBCustomersDNS-basedmanagedsecuritysolutionsnotonlyprovidesignificantITbenefitsforCSPsandtheirSMBcustomers,theyalsodeliversignificantbusinessandoperationalbenefitstobothparties.Thesearesummarizedbelow:

SignificantBenefitsforCSPsTheDNS-basedSECaaSofferssignificantbenefitsforCSPoperationsandservicedeliveryincluding:

• Controlofacompletesecuritysolution• Real-timemonitoringandcontroloflivesecuritythreats• ConfigurableandflexibleoptionsthatcansupportvariableCSPserviceoffers• Fullvisibilityintobothuserandnetworkevents• ManagedServiceOptionforSMBsandSoHousersandevenconsumers• OngoingsupportfromNominumDataScienceexpertsforupdatesonmalicioussites/activities

SMBsBenefitfromManagedSecurityasaService(SECaaS)SECaaSensuresthatSMBshave:

• Instantaneoususercommunicationsandinteraction• ‘Inherent’security• Simpleactivationandupdates-‘NoAssemblyRequired’andnosoftwaretoinstallorupdate

repeatedly• Protectionforalldevicesandallnetworkaccessconnections

OverallBenefitsofDeliveringSecurity‘FromtheNetwork’Severaluniqueoverallbenefitsaccruefromthisnetwork-centricapproach.

� BreadthofSecurityCoverage:Allusersandalldevicesanywhereoveranyaccesstechnologyareautomaticallyprotectedbysoftwarethatisinstantaneouslyupdatedforthelatestthreats.

� DepthofProtection:Moretimely,reliableandrobustthantraditionaldeviceappsoftwarethatdependsonusersforupgrades.

� Cost-effectiveforbothCSPsandtheirSMBCustomers:NoexpensivesecurityplatformorseparateprobesarerequiredfortheCSPs.SMBswillavoidpayingexpensiveITstaff/contractorsaswellassaveonthecostofacquiring,maintainingandupdatingexpensiveCPEsoftware.Costsareprojectedtobeat40-50percentoftraditionalcustomer-basedsolutionstocreatethemostaffordablepremiumSMBsolutionavailable.

TheBottomLineDNS-basedSecurityasaServiceallowsCSPstodeliver‘AlwaysOn,’instantlythreat-aware,highlyreliableyettotallytransparentproactiveprotectionforSMBs.


Copyright©


AppendixA.DifferentiatorsforDNSNetwork-based‘SecurityasaService’SixKeyDifferentiators-Simplicity,Scalability,ServiceOffer,‘SeeThrough’,SeamlessandSimultaneousCommunicationBelowwesummarizethesixkeydifferentiatorsthatmakeDNS-basedSECaaSthepreferredsolutionforaCSPmanagedserviceforSMBs.

ExhibitA.1.DNS-basedSECaaS-SixDifferentiatorsthatDeliverUniqueBenefitstoCSPsandSMBs SixDifferentiators DeliveredBenefitforCSP DeliveredBenefitforSMB1. Simplicity § ReducescomplexityofcloudandSMB

securitypackagesolutions§ Makespersonalcontrolandlightweightsolutionsimpleyetpowerful

2. Scalability § Reduceslinearlyincreasingfirewallcosts

§ Scalescomplexnetworksecuritymechanismsandnumberofeventsprocessedseamlessly

§ Scalesthreatandattacksupportdynamicallyasneeded‘ondemand’

3. ServiceOffer § Servicebundleoptionsmakeservice‘sticky’andreducechurnforCSPs

§ SecuritybundleisattractiveforSMBsthatcanaddoptionsinfuture-e.g.customer/guestWi-Fisecurity&HTTPSproxytermination

4. ‘SeeThrough’ § CSPshave‘seethrough’visibilityandbigdataanalyticsforthreatandattackhandlingaswellassubscriberawarenessandpersonalprofileanalytics

§ EverythingistransparenttotheSMBanditsendusers

§ ‘Opt-in’foranalyticsoptions

5. Seamless § SECaaSoperatescrossfixed,mobileandWi-Fiaccessnetworks

§ Authenticationandblockingoperateanywherelocally,regionallyandpotentiallyglobally

§ SecureWi-Fi/hotspotaccessforSMBandshared/publicWi-Fisites

§ SecureguestWi-Fionbusinesssites§ (Future)SecureroamingforemployeesonuntrustedWi-Fioracrossserviceproviders-withDNSroamingagentand/orredirectiontomonitorinputsfromotherDNSplatforms

6.SimultaneousComm-unication

§ Two-wayInteractioncanbeinitiatedwithcustomersassoonasthreatisdetected

§ SMBhastoolsforproactiveinteractiveproblemresolutionandcommunicationwithCSP

Source:StrategyAnalyticsNetworksandServicePlatforms

ThesesixkeydifferentiatorsallowbothtelecomsandcableCSPstocompetenotonlywithtraditionalappandfirewall-basedcompetitorsbutalsowithOTTandcloudmanagedserviceproviders.