Consumers need network-native cybersecurity – but which kind?

Sponsored: It’s hard to chose from so many options to give customers the protection and features they need

Cybercrime is part of our lives and will apparently continue to be so for the foreseeable future. In Europe, according to Eurostat, 32% of individuals in the 27 states of the European Union claim to have experienced security-related issues, and 16% of individuals curtailed internet activities because of security concerns. In the United States, 2021 saw 496,501 internet crime victims totaling $6.1 billion in losses according to the FBI Internet Crime Report.

According to an Allot-sponsored 2022 survey by Coleman Parkes Research, 56% of global communications service providers’ (CSPs) consumer customers want security as part of their existing package. In other words, we expect our mobile and fixed broadband providers to protect us from cyber criminals as a part of the service they offer.

Now that CSPs know this, the question is how to provide that protection? With different options on the table, including some that have been around for decades, which cybersecurity solutions offer consumer customers the protection they want with the features they need?

What do consumers want and need?

The most obvious choice for CSPs has been the endpoint application. With familiar names, the endpoint solutions have been the go-to security solution for CSPs for decades. The problem with endpoint applications, however, is that they need to be installed and configured and maintained by the customer. While there are a handful of consumers who are comfortable with this scenario, they are just that – a handful. Perhaps 5-7% of customers take advantage of endpoint solutions. For the rest, they argue that they need a simple, easy-to-use solution that doesn’t take up their time or effort. So, what else is out there?

CSPs can implement inline network-native cybersecurity solutions for their consumer and small business customers. These are solutions that sit in the core of the CSP network and provide protection as a part of the CSP’s service offering. One of the most significant features of network-native solutions is that they offer zero-touch onboarding and operation.

As opposed to endpoint solutions, Network Native solutions provide protection from cyber threats without the need for the customer to install, configure or operate them. The protection simply happens. However, there are two types of very different network-native solutions, DNS-based and premium network-based.

DNS-based protection

DNS-based protection is the more traditional way of filtering network traffic. It looks at DNS queries to make filtering decisions, making it very lightweight from a deployment perspective. When the DNS-based solution sees a malicious site that resolves from a known DNS entry, instead of serving the page with the IP address of the malicious site, it will reply with the IP address of a blocking page, causing a redirection on the browser and preventing access to the malicious content.

Sounds great but there are some drawbacks. Threats that use an IP address, instead of a DNS entry, are not addressed by DNS-based solutions. For example, classified as the world’s most dangerous malware by Europol, EMOTET, a banking trojan, has operated using direct IP based communication.

DNS-based solutions also cannot identify a compromised page within a legitimate HTTP website since they only operate at the domain level. In addition, DNS settings can be changed by malware or by curious kids, enabling content to bypass the DNS-based solution. Finally, anti-virus protection requires a proxy with DNS-based solutions, adding latency to the network.

DNS settings can be easily accessed and changed.

Operating from within the CSP’s network

Like DNS-based cyber protection solutions, premium network-native security solutions operate from within the CSP network, offering zero-touch activation and operation. However, a premium solution blocks more malicious sites by making filtering decisions based on IP addresses. In this way, it can catch malicious pages in legitimate sites so that those sites can be accessed, with only the bad pages being blocked and it can block direct communication to IP addresses (that don’t use DNS queries).

Premium solutions can also block malware that was downloaded from a legitimate site or from a new site that has not yet been indexed. Importantly, this type of solution cannot be bypassed by changing DNS settings since it is fully operated from the core network and does not rely on DNS filtering.

A traditional DNS-based filtering and cyber threat protection solution can be exactly what a CSP needs if the goal is to provide a response to regulatory demand, or if the customer base is prepared to only pay a limited fee for cyber threat protection. For a more comprehensive approach, and one that cannot be bypassed by changing device settings, a premium solution could be what is called for.

Both offer zero-touch, clientless activation. Both protect subscribers from dangerous and inappropriate content. However, a premium Network Native security solution for consumers and small businesses continues to filter malicious content even if DNS settings are changed. A premium solution can also block domains, URLs and IP addresses. Importantly, a premium solution can also block individual pages that are compromised with malware or phishing bait within a legitimate HTTP site.

Pros and cons

The bottom line is that endpoint security solutions have traditionally seen slow uptake and are rarely deployed properly, leaving customers with exposed assets and not much revenue for the CSP. DNS-based solutions offer a good first layer of defense, but call for additional solutions to fill the gaps. ​

To protect customers fully from botnets, phishing, malware and dangerous and inappropriate content, while taking advantage of the high adoption rates that zero-touch activation offers, the way to go is a premium Network Native security solution.

These types of solutions, for mobile, fixed and converged networks, are being deployed by large and small CSPs around the globe who are benefiting from supplemental monthly revenue and improved customer loyalty. Premium Network Native security solutions for consumers and small businesses are becoming more prevalent as CSPs discover the benefits for themselves and their customers.

To learn more about the research cited in this article, please visit the Telco Security Trends H1 2022 report on allot.com.

David Elmaleh Bio

David Elmaleh is the VP of Product Management for Cybersecurity at Allot. With over 18 years of experience in enterprise technologies, David has a strong track record in product management and cross-functional leadership at companies such as Cisco, Imperva, and Alvarion. In these roles, he has focused on developing innovative solutions for service providers and enterprise markets, with expertise in 4G and 5G networks, AI, application security, and network security. David holds a M.Sc. in Electronics Engineering from Paris XII University, France.