Building secure and resilient telco networks


Using the National Institute of Standards and Technology (NIST) framework, ThoughtLab concluded a cybersecurity benchmark study that spanned across industries, including telecommunications. There is an urgent call to action for organizations to think about and implement cybersecurity processes and technologies more strategically. The study shed some positive light for telecom companies as compared to peer industries. But, the MTTx (detect, respond, mitigate) and threat dwell time are high enough to raise serious concerns about how well armed the industry is to protect such critical network infrastructure.

[Download the cybersecurity benchmark study here]

Synergies of 5G and cybersecurity challenges

The study calls out eight mutually reinforcing megatrends that have pushed cybersecurity to an inflection point — and 5G is one of them. But let’s take a closer look at the other trends: massive digitalization, remote work, interconnected ecosystems, and merging of the digital and the physical world. 

5G is an underpinning force behind these larger trends that span across industries, beyond telecom. And as 5G networks continue to evolve, much remains unknown about the expanding cybersecurity landscape. In fact, 31% of telecom companies confirmed that they are not well prepared to face advanced cyber threats to their networks and infrastructure. This is reflected in the industry’s average mean time to detect threats, which stands at a staggering 122 days, and the mean time to respond at an additional 45 days. 

Though these numbers are below other industry averages, given that telecom networks fall under the category of critical infrastructure, such long timelines can produce far adverse consequences.

Strengthening 5G security using the NIST framework

As the study suggests, adopting more than a single cybersecurity framework is a good strategy to meet global standards and improve cybersecurity results. The 5G security requirements broadly fall under three layers: product, network, and application security. 

The International Organization for Standardization (ISO) frameworks are excellent for international recognition and wider audit and certification, covering product and application security. The NIST framework can provide complementary coverage for product security and also address network security requirements. 

Together, these frameworks can try to provide a wider security net for a multi-vendor 5G ecosystem in an increasingly complex global regulatory environment. As Richard Rushing, CISO, Motorola Mobility, said when interviewed for the ThoughtLab study: “While 99% of our suppliers are great at their jobs and have good security practices, the 1% can still do a lot of damage to your organization. Unfortunately, the bad guys know it.”

[Related article: Boosting telecom business results with Elastic Cloud]

Continuous monitoring: An efficient and cost-effective method for real-time threat detection

In the wake of more sophisticated and insidious cyber threats, telecom providers will need to significantly up their threat detection game. At barely 41% implementation of continuous security monitoring tools, it is not surprising to see the extremely long MTTx KPIs for telecom. 

As expected, the survey found SIEM to be one of the most heavily invested security technologies in the next two years. It also found that organizations that are typically advanced in implementing the NIST frameworks have shown enhanced capabilities in detecting anomalies and security events, as opposed to the 36% implementation level among telecom companies. A C-level executive of such a US-based firm said: “Real-time monitoring and analysis of end-user activity assist our organization in detecting anomalies that depart from usual usage patterns, such as logins from previously unknown IP addresses or devices.”

So, as a telecom provider, why is it critical for your SIEM to use machine learning? One of the biggest challenges brought about by 5G is the exponential growth of data, amplified by the convergence of Cloud and 5G. In fact, cybersecurity spending on the cloud jumped by 27% year over year. 

The unprecedented data growth conundrum resonates perfectly with what Mandy Andress, CISO at Elastic®, stated: “Today’s IT environments provide a firehose of data. While traditional SIEMs can ingest a lot of data, newer XDR platforms (that unify SIEM, endpoint, and cloud security)... address broader security operations with several embedded capabilities including machine learning to draw out anomalies.” 

For a telecom provider, a unified 5G security platform with limitless detections and behavior-based rules can enable proactive action against threats to the entire network, its multiple endpoints, growing applications, and endless data.

Typically, when security practices are implemented in an ad hoc manner, it leads to unmanageable tool and data sprawl, inadvertently causing greater security threats. Telecom companies can avoid such situations by using a platform approach to observe and secure their networks. With continuous monitoring, they can enhance network performance and ensure application-specific quality of service, while proactively addressing any network or system threats and vulnerabilities.

A separate study commissioned by Forrester Consulting found that a single platform for observability and security was 10x faster at half the price of standalone, incumbent solutions.

[Related article: Why almost half of organizations want to replace their SIEM]

Democratizing machine learning and generative AI for enhanced cybersecurity

The benchmark study from ThoughtLab cites cultivating a human-centric approach as an effective long-term means to solve cybersecurity challenges. At Elastic, our vision for machine learning is to help organizations worldwide leverage ML to solve difficult problems with minimal human-intensive efforts. This approach is fundamental to our open source roots and building enterprise ready solutions. 

Elastic Security’s built-in advanced entity analytics use behavioral detections to apply sophisticated machine learning models so practitioners have a unified, refined view into their environment. 

Elastic AI Assistant, part of Elastic Security, is powered by generative AI and provides contextual awareness on alert investigation, incident response, and query generation or conversion using natural language. Within large language models (LLMs), Elastic AI Assistant has prebuilt prompts and uses proprietary data to provide answers to specific issues so analysts have context and guidance into their security workflows.

The telecom industry can tap into our free and open cybersecurity community and training resources to meet their most pressing needs toward building secure and resilient networks. Even for advanced 5G applications such as network slicing, cybersecurity continues to be a top concern. Learn how Elastic can help telecom companies adopt an observability strategy for network slicing to seek insights into networks while closing any security gaps all the way from endpoints to the cloud.

As threats become more advanced and frequent, your cybersecurity solution needs to be engineered for tomorrow’s threat landscape — a unified solution with SIEM, EDR, and cloud security — to adequately defend your organization. Download the full report, Cybersecurity solutions for a risker world, to get an in-depth understanding of the best practices, tools, and methodologies for improved cybersecurity.

Want to learn how Elastic AI Assistant can help your team respond to events more quickly and address your cyber skills shortage? Read the IDC Market Insights perspective on the Elastic AI Assistant.

Originally published June 6, 2022; updated January 24, 2024.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.

Elastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.