What do telecom security teams need from a SIEM?

More than “just SIEM”


Just within the last 30 days, the two largest telecom operators in Australia1 were hit by a data breach impacting millions of customers and compromising sensitive personal information like home addresses, drivers’ licenses, and passport numbers. The situation is not very different in the Americas, where another leading telecom provider2 cited a 13% jump in ransomware attacks in the past year. And in Europe, the latest cybersecurity report from European Union Agency for Cybersecurity (ENISA)3 that lists the major telecom security incidents from 2021 stated that 5,000+ user hours were lost — compared to just over 800 hours in 2020.

So what has changed in the past couple of years? For the telecom industry in particular, two things stand out: 5G and cloud adoption. These technologies provide the backbone for various mission critical services in public safety, healthcare, and national security in addition to enabling connectivity for millions around the world. With the backdrop of rising geopolitical tensions4 and the need to protect these services, there is a need for a completely revamped approach to security. And the journey begins with a “modern” SIEM. 

Top 3 security considerations when selecting a SIEM solution 

1) Flexible deployment models

5G networks are increasingly becoming software-driven, supporting various deployment scenarios — multi-stack public clouds, 5G private networks, and hybrid clouds. Therefore, the SIEM solution teams select should provide similar deployment flexibility. This means it should be vendor agnostic, supporting a broad range of security controls for any underlying technology in the environment. Such an approach can empower telecom companies with holistic visibility across their expansive attack surface.

[Related blog: Elastic announces Elastic Security for Cloud, delivering new posture management and workload protection capabilities]

2) Cloud-native security and beyond

5G cloud native functions (CNFs) bring scale and flexibility to 5G networks, but they simultaneously increase the attack surface area. There are new vulnerabilities at the container level, in container networks, and from the increasing use of commodity hardware in these networks. These complexities are further compounded in a multi-cloud, hybrid environment. Security teams often face the challenge of such disparate data sets, prolonging query times significantly — especially when they are analyzing petabyte scale data typical of telecom environments. A SIEM that can parse massive volumes of data almost instantaneously and leverage automated workflows can significantly accelerate incident investigations and security threat mitigation plans in security operation centers (SOCs).

From an overall security perspective, a SIEM that can unify all the data in a multi-cloud environment is foundational toward embedding DevSecOps practices, which are synonymous to cloud-native environments.

[Related blog: Building secure and resilient telecom networks]

3) Automated security

The importance of security automations cannot be overstated, and there are several underlying reasons to support it. First, the sheer volume alone makes it impossible to manually analyze every byte of data originating from these networks. Second, legacy network infrastructure will continue to coexist with 5G in the foreseeable future. That means SOCs need to correlate and analyze data from very different network elements to detect and respond rapidly. And lastly, 5G CNFs are extremely complex and ephemeral. So, the SIEM should be well supported by automated analytical models that not only simplify the analyst workflow, but also dramatically reduce the mean time to identify, detect, and respond to security threats in the network.

[Related blog: How top global CISOs protect their organizations amid rising threats]

Let’s secure the connected user experience together

Simply put, traditional SIEMs, with their limited data ingestion capabilities, lack the context and real-time situational awareness to prevent threats at scale. Analytics capabilities must be transparent (not a “trust-me black-box”) and adaptable to user’s unique telecom environments.

[Related blog: Elastic continues to gain momentum in SIEM market]

Check out the SIEM buyer’s guide to help you pick the right SIEM for your business.