nominum closes the loop with ‘security as a service’ - a
TRANSCRIPT
Networks and Service Platforms
July2017SueRudd
email:[email protected]
ServiceProviderAnalysisNetworksandServicePlatforms
Report Snapshot Cyberthreatshaveevolvedandbecomecostly.Anewapproachisneeded.Hackersandcybercriminalsnolongersimplyattackwebsitesandspreadmalwareandvirusesdirectly.Phishingattackscaptureuserdataandsoftwareforfutureuse;botnetstakecontrolofuserdevicestomakethemactiveparticipantsinathreatnetwork;andcompromisedIoTdevicesparticipateinDistributedDenialofService(DDoS)attackssodiffusethattheylooklikeusertraffic-untilitistoolate.
ThelatestWannaCryandPetyabasedransomwareattacksarejustsomeofmanythatexemplifythecostofSMBattacksthathasmorethantripledoverthelast4years.
To‘ClosetheSecurityLoop’weneedanewParadigm.
A‘NetworkCentric’paradigmthatdetectsthreatsandprotectsbothSmallandMediumBusinesses(SMBs),PublicWi-Fiusersandthenetworkitself.
DNSbasednetworksolutionscanblockthegrowthofbotnetsandthespreadofransomwarecentrallyratherthanrelyingonbusySMBendusers-whohavenoITin-housestaff-tokeepsoftwareuptodate.ForCSPManagedSecurityasaService(SECaaS)canpre-emptattacksbeforeSMBendusersareevenawaretheyhaveaproblem.
WhileDomainNameSystems(DNS)havelongbeenusedtoblockDDoSandnetwork-basedthreats,theycannowbethebestwaytooffer‘SECaaS’tosafeguardSMBsfromcyberthreatsastheyemergeinrealtime.
NowCSPscanleveragetheirCAPEXInvestmentoftheirinstalledDNSinfrastructure
Nominum Closes the Loop with ‘Security as a Service’ - A Network-based Paradigm
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 2 of 16
ExecutiveSummarySMBSecurityDemandsanew‘Network-centric’ParadigmCyberthreatshaveevolvedandbecomecostly.Anewapproachisneeded.Hackersandcybercriminalsnolongersimplyattackwebsitesandspreadmalwareandvirusesdirectly.Phishingattackscaptureuserdataandsoftwareforfutureuse;botnetstakecontrolofuserdevicestomakethemactiveparticipantsinathreatnetwork;andcompromisedIoTdevicesparticipateinDistributedDenialofService(DDoS)attackssodiffusethattheylooklikeusertraffic–untilitistoolate.
TheMay2017‘WannaCry’andJune2017Petya-basedransomwareattacksarejustafewofmanythathaveescalatedthecostofSmallandMediumBusiness(SMB)attacksbymorethanthreefoldoverthelastfouryears.
WeneedaNewParadigmthatClosestheSecurityLoopAnew‘Network-centric’paradigmcoulddetectthreatsandprotectbothSmallandMediumBusinesses(SMBs),SmallOfficeHomeOffice(SOHO)usersandthenetwork;andinaddition,blockthegrowthofbotnetsandthespreadofransomwarecentrally.SMBswillneverbefullyprotectediftheyrelyonbusyuserstoalwayskeepsoftwareuptodate.
NewOpportunityforCSPstoofferSMBsSecurityasaService(SECaaS)Exacerbatedsecurityattacksandtheneedforanetwork-basedsecurityapproachhavecreatedanopportunityforCommunicationsServiceProviders(CSPs)toofferSecurityasaService(SECaaS)topreemptthreatsbeforeendusersareevenawaretheyhaveaproblem.WhileDomainNameSystems(DNS)havelongbeenusedtoblockDistributedDenialofService(DDoS)andnetwork-basedthreats,theycannowoffer‘SECaaS’tosafeguardSMBsfromcyberthreatsastheyemergeinrealtimewhilepreventingunprotectedSMBdevicesfromjoiningnetwork-basedattacks.
CSPscanleveragetheirexistingCAPEXInvestmentinDNSinfrastructuretooffermanagedSECaaSatapricepointthatisattractivetomillionsofSMBsubscribers.
Thispaperdescribes:• Dynamicthreatlandscape• Requirementstoaddresssecuritythreats• Network-basedsolutionstomeetnetwork-basedthreats• DNS-basedsolutionsthatleverageCSPstrengths• SMBmarketopportunityforCSPManagedSecurityService• HowCSPsarepositionedtoofferSMBSecurityasaService(SECaaS)
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 3 of 16
TableofContentsExecutiveSummary 2
SecurityDemandsanew‘Network-centric’Paradigm 2Cyberthreatshaveevolvedandbecomecostly.Anewapproachisneeded. 2To‘ClosetheSecurityLoop’weneedanewparadigm. 2
NewOpportunityforCSPstoofferSecurityasaService(SECaaS) 2TableofContents 31. Introduction 42. DynamicThreatLandscape 63. Network-basedSolutionstoMeetNetwork-basedThreats 74. RequirementstoAddressToday’sAttacks 85. DNS-basedDefensesEnableClosedLoopProtection 9
FiveStepstoaClosedLoopSolution 10DeployingtheSECaaSinCSPCloud 11
6. SMBMarketsOfferSignificantManagedServiceOpportunityforCSPs 137. CSPsWell-positionedtoOfferClosedLoopSecurity 14
Sixoutof10userswouldlooktoCSPsforasecuritysolution 148. Conclusion-BusinessBenefitsforCSPsandtheirSMBCustomers 15
SignificantbenefitsforCSPs 15SMBsbenefitfrommanagedSecurityasaService(SECaaS) 15Overallbenefitsofdeliveringsecurity‘fromthenetwork’ 15Thebottomline 15
AppendixA.DifferentiatorsforDNSNetwork-based‘SecurityasaService’ 16Sixkeydifferentiators 16
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 4 of 16
1. IntroductionCompetitivepressuresareforcingCommunicationsServiceProviders(CSPs)toevolvebeyondconnectivityandofferincrementalvalue-added,hostedandmanagedservicestosustainrevenuegrowth.SecurityservicesarenowbecomingacandidateforaCSPmanagedserviceasawarenessoftheneedforsecurityprotectionhasskyrocketedfollowingrecentInternetattacks.
ThreattrendsandstrongalignmentwithlargecustomersegmentshavecreatedanopportunityforCSPstoofferafoundationallayerofwebprotectionforeveryInternetaccess.CSPscanprovideapreviouslyunavailablelevelofwebsecuritytoreducetherisktheircustomersface,withoutimposinganynewconfigurationormanagementburden.
Storiesaboutransomwareandmachinesthatinfiltratesystemstodestroydatahavespreadrapidlyaroundtheworld.Thenumberofphishingattacksreachedanall-timehighin2016accordingtotheAnti-PhishingWorkingGroup.1Phishingisthebasisforunwantedsoftwaredownloadsthatleadtomonetaryordatalosses.Botnetsareescalatingtoo;botslurkingondevicesaretrainedtofindvaluabledatalikecreditcardinformation,loginorothercredentialsforfinancialtransactions,andcanquietlyexportthoseinputsfor‘monetization’.2
TraditionalsecuritysolutionssuchasendpointclientsoftwareorexpensiveUniversalThreatManagement(UTM)appliancesarechallengedtokeepupwithdynamicwebthreatsthatchangeconstantlytoavoiddetection.Thoseapproachesarenotwell-suitedforprotectingtherapidlyexpandingbaseofbotnetsandInternet-connected‘things‘thatarebeinginstalledeverywhere.Therightendpointprotectionsareoftennotevenavailableformanydevicesandhardware.Asaresult,anumberofOvertheTop(OTT)cloud-basedsecuritycompanieshaveemergedtooffertheircloudnetworkformanagedsecurityservices.
CSPsareinfactexceptionallywell-positionedtooffercloud-basedsecuritysolutionsthemselvessincenetwork-basedsolutionsleverageaCSP’sdeploymentandoperatingstrengths.CSPservicesalsoalignwellwithCSPcustomersegmentslikeSmallandMediumBusinesses(SMBs)thatcanbepoorlyservedbylargeenterprisefirewallandotherenterprisesecurityvendors.
CSPsnowhaveanopportunitytoleverageexistingrelationshipstotargettwomarkets:• SmallandMediumBusinesses(SMBs)oftenlackITresourcesandsecurityexpertise,yet
nearlythree-quarters(73%)ofseniormanagersinthesecompaniesreportcybersecurityasahighpriority3andarelookingforwaystoreducetheirrisks.Capitalconstraints,however,limitwhattheycanspend,butasubscriptionmodelwithamodestincrementalmanagedsecurityservicefeeonamonthlybillcouldovercomethesebudgetarybarriers.
1Anti-PhishingWorkingGroupGlobalPhishingSurvey:TrendsandDomainNameUsein2016http://docs.apwg.org/reports/APWG_Global_Phishing_Report_2015-2016.pdf2Botnetsovershadowedbyransomware(inmedia)https://www.welivesecurity.com/2017/06/07/botnets-overshadowed-ransomware-media/3CyberSecurityBreachesSurvey2017https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2017
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 5 of 16
• PublicWi-FihotspotsalsowanttoensureWi-Fiusersaren’texposedtowebthreatsorundesirablecontentwhenworkingremotely.PublicWi-Fihotspotdeploymentsareusuallyremotefacilities,e.g.storefronts,withthesameconstraintsasSMBs,i.e.noITexpertise,limitedbudgets,etc.
Thenewnetwork-basedsecurityapproachdescribedinthispaperwillallowCSPstodeliveranessentialfoundationallayerofprotection‘asaservice’fortheseusecases.CSPscantodaycreatenetwork-basedsubscribersecurityserviceexperienceandoutflanktheOTTcloud-basedsecurityplayers.Becauseitislightweight,easytouse,andcost-effective,newDNS-basedmanagedsecurityservicescanbepositionedasnecessaryforeveryInternetaccessconnection.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 6 of 16
2. DynamicThreatLandscapeToday’scyberthreatsarecharacterizedbyinnovation,andaredesignedtopropagate,andbypassdetectionandcontrolsbycontinually‘changingtheircomplexion.’Nooneisimmunebecausetheyspreadrandomlyusingsoftwareflawsorsocialnetworks.SMBsareespeciallyvulnerablebecausetheyfrequentlydonothaveadedicatedITprofessionalonsite.AsofJune2016thePonemonInstitutereportedthat“55percentofSMBssaytheyexperiencedacyberattackinthepast12monthsand50percentofSMBshadadatabreachduringthepastyear.”4
TheInternetofThings(IoT)isemergingandthereiseveryreasontobelievemoreandmore’things’willget’smart’and’connected’.IoTdeviceshaveawiderangeofcapabilitiesthatcanbe‘hijacked’tocreatediversesecurityvulnerabilities.Theseinclude:
• Intelligence-processor/memory/networkingstack• Instrumentation–cameras,microphones,speakers,sensors• Susceptibilitytocompromise–NATed(NetworkAddressTranslation)-always-onorpolled• Accessibility-openportsandagents,unpatchedvulnerabilities
ThismassivepoolofIoTdevicescreatesanewplayingfieldforattackers.ThepotentialforharmwasdemonstratedinOctober2016whenaMiraibotnetdeliveredthelargestDDoSattackinhistoryleveragingarelativelysmallnumberof‘dumb’devices.5AttackershavebeguntoexploreIoTvulnerabilitiesaspartofthe‘weaponizationofIoTdevices’.6
ThecostoftheseattacksforSMBsisescalating.TheFBIestimatedthatthetotalcostofransomwareintheU.S.was$24millionin2015andincreasedto$209millioninjustthefirstthreemonthsof2016.7Thosenumberscouldbeconservativesincemanytransactionsareneverreportedduetobusinessconcernsaboutpublicdisclosure.TheSmallBusinessAssociationsurveyreferencedabovealsoshowedthatattackcostsforSMBsaveragednearly$9,000withlossesfromhackedbankaccountsaveragingslightlylessthan$7,000.SinceSMBcostofcapitalisoftenhigh,theselossesareevenmorepainful.
4http://www.ponemon.org/blog/smbs-are-vulnerable-to-cyber-attacks5https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html6https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03128USEN&7http://www.reuters.com/article/us-usa-cyber-ransomware-idUSKCN0X917X
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 7 of 16
3. Network-basedSolutionstoMeetNetwork-basedThreatsTomeetthesenewnetwork-basedthreatsandtherisksintroducedbymobiledevices,anewstrategyisneeded.SMBscannotwaituntilanattackreachesenduserPCs,tabletsorsmartphonedevicesandhopethateachterminationwillrespondappropriatelytopromptlyblockathreat,stopanattackorrefusetojoinabotnet.SMBsneedtopreemptthreatsbeforetheyjeopardizeenduserdevices,applicationsorcorporatedatabases.Anewapproachthathandlestheproblemfromthenetworkperspectiveisrequired,SMBscannotrelyonmillionsofbusyenduserstoupdatesoftwarethatwouldclassify,isolateorredirecttheincomingfloodofattacksoneverydifferentdevice.
ITsecurityprofessionalsandtheirInternetandCommunicationsServiceProviders(ISPsandCSPs)needtoworktogetherto:
• Stopattacksatadistanceastheydevelop• Blockemergingthreatsandattackswithinsecondsofidentifyingthem,e.g.byrejecting
unregisteredphishingURLsasfastastheypopupratherthanrelyingonenduserstoavoidclickingonbadlinks
• Assumethatsomeuserswillalwaysbecomeinfectedandautomaticallypreventthemfromspreadinganinfection,virusorransomwaresoftwareacrossthenetwork
• Preventunknowinguserswhoseresourceshavebeenhijackedfromparticipatinginbotnetsandbecomingthreatsthemselves
Network-basedthreatsdemandwescanproactivelyforthreatsandattacksastheyarriveinthenetwork.ServiceprovidersoperatingDNSnetwork-basedsecurityservicescanseeeverythingthatiscominginrealtimeandwiththerightsoftwareinstantaneouslytriggernetwork-basedsolutionstofightbothnetwork-andenduser-originatedattacks.
DNSisthe‘alwayson’threatprotectionmechanismthatcanclosethesecurityloopbydetectingandpreemptingthreatstoSMBsorotherendusersevenbeforetheyareawaretheyhaveaproblem.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 8 of 16
4. RequirementstoAddressToday’sAttacksAsattackersinnovate,CSPandSMBdefensesmustadaptinparallel.Thisdemandsfourkeyrequirements:1. Defensesmustrespondfasttofast-changingmalware
SMBsneedsimplewaystoreducetheirexposuretowebattacks.Enforcementpointsmustbenetwork-basedsothattheyarealwaysavailableandupdatedinrealtime–i.e.no“Decline”or“Later.”Threatfeedsshouldbestreamedsothatthelatestprotectionsarealwaysactive.Real-timeenforcementisessentialtonarrowthewindowofviabilityforattacksandreducethesuccessrateofattackers.
2. Defensesmustbedevice-agnosticThediversityofindividualdevicesrendersclient-basedsecuritysoftwareprotectionimpossibleorimpractical.Acommonlayerofprotectionisrequiredtoinsulatethemultitudeofdiversedevicesthatareconnectedtonetworkstominimizeriskexposure.Thiscommonlayerofdefensecannotonlyblockthreats,butalsooffersausefulbaselinesothatsubtledeviationsfromnormalbehavioraredetectedinstantlyacrossallcategoriesofdevices.
3. Securityupgradesneedtobesimplified,automatedoreliminatedEndusersfrequentlyignore,defer,ordisableautomatedclientorapplicationupdatesthatmayimpacttheirsecurity.EvenSMBstaffchargedwithmanagingsecuritymaydelaythoseeffortsinfavorofurgentrevenue-generatingbusinessactivity.Businessapplicationsandserversmustallhavespecializedprotectionsandmanagement,butminimizingdependenciesonenduserandIoTdeviceswillreduceSMBstaffloadandensuremorerobust,continuouslyupdatedprotection.Usersmustbemadeawareofmaliciousactivitythatiswithintheir‘spanofcontrol.’Wheninfectionsarediscoveredonenduserdevices,orusersattempttonavigatetoknownmaliciousdestinations,e.g.websitesthatdownloadmalware,theyneedtobewarnedinstantlyofthedangersofproceedingandpromptedwithsuggestionsforremediation.Messagesnotonlyalertsubscribersbutmotivateappropriateimmediateaction.
CSPsareuniquelypositionedtomeettheserequirementswithDNStoenable‘ClosedLoop’Security.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 9 of 16
5. DNS-basedDefensesEnableClosedLoopProtectionDomainNameSystem(DNS)canprovidethe‘foundationallayerofprotection’toaddresstheSMBandpublicWi-Fiwebsecuritychallengesdescribedabove.NominumhasrecentlyannounceditsClosedLoopsolutionforCSPsandtheirSMBcustomersthatcanbedeployedinfixed,mobile,andconvergednetworksaswellasonpublicWi-Finetworks.Thissolution–showninthediagrambelow–reliesonintelligentfiltersandpoliciesthatareappliedtoDNSqueriesgeneratedbySMBsubscribersequippedwiththeservice.
SincebothmaliciousandlegitimateapplicationsusetheDNSitisessentialtoidentifythepresenceofmaliciousactivitywithreal-timethreatintelligencefeedsandtoprocesslegitimateDNSqueriesnormally.AsmaliciousqueriesareflaggedbytheNominumsolution,specialtreatmentisimmediatelyapplied.Forexample,auserquerytoaphishingdomainwillberedirectedtopreventtheuserfromgoingtothatphishingsite.Alternatively,abotnetCommandandControl(C&C)querywillbeimmediatelyblockedtopreventbotnetmalwarefromgettinginstructions.VirtuallyeverydeviceandapplicationusestheDNSsonearlyalldevicesandapplicationscanbeprotectedwithminimaluseraction.BecauseDNSisalreadyinthereal-timeflow,noadditionallatencyisintroducedforthesecurequeryprocessingandtheuserexperienceismaximized.
Exhibit1.DNSistheMostEfficientPlacetoMatchQueriestoThreatIntelligence
Source:Nominum
Asindicatedinthechartabove,managingsecurityviaDNSqueriessentfromapplicationsanddevicesisthemostefficientandeffectivewaytoidentifymaliciousactivity.SincealltrafficrequiresaDNSlookup,maliciousactivitycanbedetectedbycomparingincomingDNStrafficagainstallknownthreatfeedsinrealtime.Blockingmaliciousqueriesstopsattacksdead.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 10 of 16
ThecompleteClosedLoopsolutionisdepictedinthediagrambelow.ItconsistsoftightlyintegratedapplicationsthatprotectSMBsandWi-Fiusersfromwebthreatswhileaparallelmessagingapplicationkeepstheminformedandengaged.
Exhibit2.CompleteSecurityDemandsaClosedLoopSolution
Nominum’sDNS-basedClosedLoopsolutionoffersanewfoundationallayerofprotectionforeverySMBInternetaccessconnection.TightlyintegratedapplicationslikethisthatleverageexistingDNSinfrastructurearecost-effectiveforCSPstodeployandenduserstouse,whiletheykeepsubscribersinformedandengaged.
FiveStepstoaClosedLoopSolutionBelowwesummarizewhatoccursateachofthestepsshowninthechartabove.
Exhibit3.Five-stepProcessStep Functionality Description1. Protectthe
NetworkSMBsorpublicWi-Filocationsareprovisionedwitheithercloud-basedoronpremiseDNSserversandintegratedtoconnecteachnewsite.
2. DiscoverandBlockInfections
ActivatedsubscribersareprotectedasallDNSqueriestheysendaspartoftheirnormalwebbrowsing/internalITexperienceareevaluatedbyaNominumDNSresolver.DNStracksmalwareorbotsthatstealvaluablepersonalinformationinrealtime.• Protectionsarenetwork-basedsothereisnoclientsoftwaretobeinstalled.• Completelyautomated,everydeviceinbusinessiscoveredandsubscribers
neverhavetodealwithupdates.• Serviceisalways-onwithup-to-the-minutethreatinformation.• SMBsandpublicWi-Fiadministratorscanuseagraphicalportaltoset
preferencesoncontentallowedatworkplacesandremotelocations/homes.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 11 of 16
Exhibit3.Five-stepProcess(Continued)Step Functionality Description3. AlertInfected
UsersIfadeviceisidentifiedasinfected,e.g.,aftervisitinganunprotectednetwork,anintegratedapplicationwillnotifytheinfecteduser.CSP-brandedin-browsermessagespersonalizedforeverySMBorpublicWi-Ficustomeraresenttoreflectspecificdetailsoftheinfection.Toolsformanagingthesemessagesarebuiltintothesoftware.
4. ProvideRemediationOptions
Linkstoremediationtoolsandadviceincludedinendusermessages.Providerspresentbrandedwebpagesrecommendingtoolsfrompartners.Messagepagespointtoadviceandotherinformation.
5. PreventFurtherInfectionsProactively
Todeteremailorweb-drivenphishing,usersarenotifiedwithanin-browsermessagebeforetheyattempttonavigatetomaliciousdestinationswheremalwareorransomwaremaybelurking.Messagingsenttoenduserswhilethey’reactivelyengaged.Preventativeapproachsavestimeandmoneyandreducesstress.
Source:Nominum
AutomateddynamicthreatlistsfortheseClosedLoopservicesarebasedonintelligentalgorithmsdevelopedbyDataScienceexpertsatNominumandupdatedinrealtimeasthreatsareidentifiedaroundtheglobe.Additionallistscanbecreatedtoautomaticallyfilterunwantedcontent.
Nominumprocessesover100billionDNSqueriesperdayandappliesanalyticstoidentifynewthreatsquicklyandtoderiveuniqueinsightsforalgorithmdevelopment.Asophisticated,multi-stepvalidationprocessminimizesfalsepositivesthatcansignificantlyincreaseoperationaloverheadandreducesubscribersatisfaction.
DeployingSECaaSinCSPCloudCSPscandeploytheinfrastructureneededtosupporttheservicewithintheirownfacilities,inthecloud,orhostedasamanagedservice.DNSserversusedbySMBsonthecustomerpremiseoratpublicWi-Fisitescanbeoperatedinthecloudaspartofthemanagedservice.
ThealternativesforCSPsthatdonotoffersubscribersa‘ClosedLoop’securitysolutionarelessefficient,lesseffectiveandmorelimitedinscope.Forexample,onemajordrawbackoftoday’sendpointsecuritysolutionsisthatprotectionmustbeappliedtoeveryindividualdevice,ratherthantotheentirenetworkandallassociateddevices.Endpointsolutionsleaveholesinthenetworkandfirewallsexplicitlyallowmany‘portholes’thatcybercriminalscantakeadvantageof.Ontheotherhand,networklevelDNSsecurityrequiresnosoftwaredownloads,noportconfigurationandnouser-initiatedupdates–andstilleverydeviceonthenetworkisautomaticallyprotected.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 12 of 16
Exhibit4.DNS-basedSecurityCoversEveryDeviceAutomatically
Source:Nominum
Nominum’sClosedLoopDNS-basedapproachthereforedeliversanewfoundationallayerofprotectionforeveryInternetaccessconnection.CSPsthatdeployitwillhaveasustainablecompetitiveadvantagethatis:
• Lightweight-Noclientsoftwaremeanseverydeviceisprotectedautomatically.Noon-premisehardwaremeanslessCAPEXandOPEXforCSPs.
• Personalized-EachworkplaceorpublicWi-FiadministratorcancustomizetheservicetomatchuniqueneedswithoutanymajorconfigurationoroperationalburdenontheCSP.
• Simplicity-SMBsorWi-Fiadministratorscansetuptheserviceinminutesviaaportal.• Engaging-Integratedmessagingappcreatesopportunitiestoinformandengagesubscribers.• Agile–DNS-enhancedplatformensuresrapidtimetomarketwithcontinuingupgradesfor
CSPsbasedontightlyintegrated,software-onlyapplications,deployableinthecloud,‘asaservice’orasacombinedCPEand‘asaservice’solution
• Automated-Threatdetectionandprotectionenforcementpointsareautomaticallyandinstantaneouslyupdatedwiththereal-timeinputs.
• Scalable-DNScontrolplane-basedprocessinganalyzesallquerieswithoutintroducingadditionallatencyandwasdesignedfromthestartforcarrier-scaleoperations.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 13 of 16
6. SMBMarketsOfferSignificantManagedServiceOpportunityforCSPsAsCSPsmovetooffercloud-basedmanagedservices,onesourceestimatesthattheglobalopportunityforTelecomsManagedServices,includingManagedDataCenters,Networks,DataandInformation,Mobility,CommunicationsandManagedSecurity,islikelytobealmost$12billionin2017andwillgrowataCompound Annual Growth Rate (CAGR)of13.7percenttoover$22billionby2022.8
Separately,itisestimatedthatthetotalmarketforManagedSecurityServices(MSS)couldgrowtoalmost$41 billion by 2022, increasing at a CAGR of 16.6 percent from last year.9Eveniftelecomscapturelessthanone-thirdofthetotalMSSmarket,thisrepresentsahugeopportunity.Andcloud-basedMSSareexpectedtobeespeciallyattractivetoSMBsthathavethepotentialtodriveasubstantialshareofthatrevenue.
SMBsNeedManagedSecurityServices(MSS)AJuly2016reportbyOstermanResearch‘ITSecurityatSMBs:2016BenchmarkingSurvey’describestheresultsofasurveyofSMBsecuritymanagersandindicatesthat55percentofSMBshaveanITstaffofthreeorfewerpeople,and29percenthaveanITstaffofoneorless.ThismeansSMBseithercontractforexpensiveITsecuritypeopleorpurchasesecurity-as-a-serviceorforgoprotectionsaltogether.Thereportnotesthat“whileaslightmajorityofSMBsreportedtheircurrentwebsecuritycapableofstoppingmalwareinfiltrations,fewerthanhalfofrespondentsexpressedconfidenceintheirabilitytoprotectagainstthemostadvancedthreatslikeransomware,phishingandtargetedattacks,orstoppingabreachofsensitivedata.”ThetablebelowshowsITmanagers’levelofconcerncomparedtotheirassessmentoftheircurrentprotections.Italsoindicatesconcernsaboutmanagingaccesstocontentatworkthatcanundermineproductivity,consumebandwidth,andcreateHRexposure.
Exhibit5.ComparisonofSMBConcernsvs.PerceivedLevelofProtection
Source:OstermanResearchInc.‘ITSecurityatSMBs:2016BenchmarkingSurvey’
8ResearchandMarkets:http://www.businesswire.com/news/home/20170524005464/en/9AlliedMarketResearch:https://www.alliedmarketresearch.com/managed-security-services-market
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 14 of 16
7. CSPsareWell-positionedtoOfferClosedLoopSecurityRecentattackshavegreatlyincreasedawarenessofsecurity,andasSMBsrecognizetheyneedoutsidehelp,ManagedSecurityServices(MSS)willbecomeasignificantmarket.
CSPs–bothtelecomsandcableoperators–areabletoservicealargenumberofrelativelysmallcustomersveryefficiently,andanattractivebundleofhigh-speedbandwidth,mobileservicesWi-FiandMSSshouldallowthemtodominatetheSMBmarketforSECaaS.
MobileUsersWanttoBuySecurityServicesfromtheirServiceProviderArecentsurveybyAllotindicatesthat61percentoftheirglobalenduserrespondentssaidtheywouldliketobuyamobilesecurityservicefromtheirserviceprovidereventhoughonly11percentcurrentlypayformobileprotection.“ThegapbetweendemandandfulfillmentformobilesecurityservicespresentsasignificantandimmediateopportunityforCSPs.”SeeExhibitbelow.
Exhibit6.MobileSecurityBuyer’sgapbyRegion
Source:Allot
SixOutof10UsersWouldLooktoCSPsforaSecuritySolutionWhenaskedwhotheywouldliketobuyasecuritysolutionfrom,sixoutof10optedfortheirCSP.
Exhibit7.PercentageofEndUsersWhowouldBuyMobileSecurityServicesfromtheirCSP
Source:Allot
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 15 of 16
8. Conclusion-BusinessBenefitsforCSPsandtheirSMBCustomersDNS-basedmanagedsecuritysolutionsnotonlyprovidesignificantITbenefitsforCSPsandtheirSMBcustomers,theyalsodeliversignificantbusinessandoperationalbenefitstobothparties.Thesearesummarizedbelow:
SignificantBenefitsforCSPsTheDNS-basedSECaaSofferssignificantbenefitsforCSPoperationsandservicedeliveryincluding:
• Controlofacompletesecuritysolution• Real-timemonitoringandcontroloflivesecuritythreats• ConfigurableandflexibleoptionsthatcansupportvariableCSPserviceoffers• Fullvisibilityintobothuserandnetworkevents• ManagedServiceOptionforSMBsandSoHousersandevenconsumers• OngoingsupportfromNominumDataScienceexpertsforupdatesonmalicioussites/activities
SMBsBenefitfromManagedSecurityasaService(SECaaS)SECaaSensuresthatSMBshave:
• Instantaneoususercommunicationsandinteraction• ‘Inherent’security• Simpleactivationandupdates-‘NoAssemblyRequired’andnosoftwaretoinstallorupdate
repeatedly• Protectionforalldevicesandallnetworkaccessconnections
OverallBenefitsofDeliveringSecurity‘FromtheNetwork’Severaluniqueoverallbenefitsaccruefromthisnetwork-centricapproach.
� BreadthofSecurityCoverage:Allusersandalldevicesanywhereoveranyaccesstechnologyareautomaticallyprotectedbysoftwarethatisinstantaneouslyupdatedforthelatestthreats.
� DepthofProtection:Moretimely,reliableandrobustthantraditionaldeviceappsoftwarethatdependsonusersforupgrades.
� Cost-effectiveforbothCSPsandtheirSMBCustomers:NoexpensivesecurityplatformorseparateprobesarerequiredfortheCSPs.SMBswillavoidpayingexpensiveITstaff/contractorsaswellassaveonthecostofacquiring,maintainingandupdatingexpensiveCPEsoftware.Costsareprojectedtobeat40-50percentoftraditionalcustomer-basedsolutionstocreatethemostaffordablepremiumSMBsolutionavailable.
TheBottomLineDNS-basedSecurityasaServiceallowsCSPstodeliver‘AlwaysOn,’instantlythreat-aware,highlyreliableyettotallytransparentproactiveprotectionforSMBs.
Networks and Service Platforms
Copyright©
Strategy Analytics 2017 | www.strategyanalytics.com 16 of 16
AppendixA.DifferentiatorsforDNSNetwork-based‘SecurityasaService’SixKeyDifferentiators-Simplicity,Scalability,ServiceOffer,‘SeeThrough’,SeamlessandSimultaneousCommunicationBelowwesummarizethesixkeydifferentiatorsthatmakeDNS-basedSECaaSthepreferredsolutionforaCSPmanagedserviceforSMBs.
ExhibitA.1.DNS-basedSECaaS-SixDifferentiatorsthatDeliverUniqueBenefitstoCSPsandSMBs SixDifferentiators DeliveredBenefitforCSP DeliveredBenefitforSMB1. Simplicity § ReducescomplexityofcloudandSMB
securitypackagesolutions§ Makespersonalcontrolandlightweightsolutionsimpleyetpowerful
2. Scalability § Reduceslinearlyincreasingfirewallcosts
§ Scalescomplexnetworksecuritymechanismsandnumberofeventsprocessedseamlessly
§ Scalesthreatandattacksupportdynamicallyasneeded‘ondemand’
3. ServiceOffer § Servicebundleoptionsmakeservice‘sticky’andreducechurnforCSPs
§ SecuritybundleisattractiveforSMBsthatcanaddoptionsinfuture-e.g.customer/guestWi-Fisecurity&HTTPSproxytermination
4. ‘SeeThrough’ § CSPshave‘seethrough’visibilityandbigdataanalyticsforthreatandattackhandlingaswellassubscriberawarenessandpersonalprofileanalytics
§ EverythingistransparenttotheSMBanditsendusers
§ ‘Opt-in’foranalyticsoptions
5. Seamless § SECaaSoperatescrossfixed,mobileandWi-Fiaccessnetworks
§ Authenticationandblockingoperateanywherelocally,regionallyandpotentiallyglobally
§ SecureWi-Fi/hotspotaccessforSMBandshared/publicWi-Fisites
§ SecureguestWi-Fionbusinesssites§ (Future)SecureroamingforemployeesonuntrustedWi-Fioracrossserviceproviders-withDNSroamingagentand/orredirectiontomonitorinputsfromotherDNSplatforms
6.SimultaneousComm-unication
§ Two-wayInteractioncanbeinitiatedwithcustomersassoonasthreatisdetected
§ SMBhastoolsforproactiveinteractiveproblemresolutionandcommunicationwithCSP
Source:StrategyAnalyticsNetworksandServicePlatforms
ThesesixkeydifferentiatorsallowbothtelecomsandcableCSPstocompetenotonlywithtraditionalappandfirewall-basedcompetitorsbutalsowithOTTandcloudmanagedserviceproviders.