Building Intelligent, Self-Defending Broadband Networks

Sandvine’s recent research, gleaned from over 100 globally–dispersed deployments, found that up to 12% of all scanning attacks found on broadband service provider networks are launched internally from their within their own subscriber base.

Significantly, these internal attackers are unsuspecting victims; zombie PCs – completely unaware that they are infected and doing ‘behind the scenes’ searches for other vulnerable hosts. These subscriber play the unwitting hosts to malicious agents, scanning IP addresses, sending requests to useable port numbers, and transferring a worm or Trojan code when a vulnerable host is found. Service provider help desks often end up in a support role when subscribers call in to report performance degradation among other connection issues, oblivious to the reason why their computers seem sluggish or are behaving anomalously.

With the increase in more evasive attacks, broadband providers need greater visibility into their network traffic in order to shut down attacks before they affect subscriber’s quality of experience and the potential for costly network outages. It’s not sufficient to employ only signature-based detection to mitigate today’s attacks. Using a combination approach that also includes behavioral detection and network telescoping is critical to preventing zero-day attacks while cleansing the network from incoming and outgoing attacks. With per-subscriber visibility in the network, a captive portal can be integrated to unfailingly warn infected subscribers that malicious agents have compromised their computers and their performance may be suffering as a result. Links to removal tools (i.e. Microsoft updates) can also be provided to make it fast and easy for to them to cleanse their systems. This often becomes part of a service provider’s proactive strategy to educate subscribers on how to protect themselves going forward.

What is Network Telescoping?

Sandvine Security Operations Services team provides ongoing analysis to guarantee optimal network health for service providers and early warning in the event of an attack. Sandvine’s visibility into a wide, global deployment of service provider networks acts as a 'network telescope' collecting and uncovering malicious traffic threats at the earliest opportunity and before they spread across the world. Sandvine's Security Operations Services protect the capability of the network to deliver services, protect subscribers from attack and ensure their quality of experience - all backed by an industry-first service level guarantee.

What is Combination Behavior and Signature-based Detection?

Sandvine’s behavioral or anomaly-based engines look at network usage behavior in real-time and historically, to identify attack threats. This allows for malicious traffic identification and mitigation before a pattern signature can be applied and long before the attack is even known within the wider security community. This technique counters new and emerging 'zero-day' attacks pro-actively and before a pattern signature needs to be reactively developed. Sandvine also applies signature-based detection to counter the latest known attacks by identifying the specific malicious packet instances and flows as they appear on the network.

To learn more about how the Sandvine solution can characterize, control and protect your network traffic, contact us.