In Search of New Streams Parviz Iskhakov March, 2016

The Digital Telecom Security Services

• Growth in traditional telecom in developed and developing markets is stagnant with declining ARPU and prices.

• The OTT players are long affecting CSPs by substituting voice and messaging services, placing significant strain on the CSP data networks and grabbing consumer mind share, and thus weakening the CSPs’ relationship with their user communities.

• Thus, CSPs find themselves under increasing pressure, they not only want to protect their core business and their relationship with consumers, but have to seek new revenue opportunities in nontraditional markets.

• CSPs are beginning to partner with alternative partner types to fill gaps in their service portfolios and accelerate the time to market of new services. In contrast to aggressive, competitive and alienating tactics to address OTT vendor threats, CSPs can benefit substantially from pursuing these more collaborative approaches.

SMS and OTT Messages

New Digital Domains CSPs are Focusing on

The figure is approximate and is based on Gartner’s research- Market trends: Eight

innovative CSPs embark on digital service transformation

- CSPs’ market trends and digital transformation strategy

82%of U.S. business executives are

worried that cyber threats could impact their companies’ growth

prospects

10%of organizations are fully

confident that their connected devices secure

Source: AT&T

Security in the Smartphone Era

• Market research firm Gartner says global spending on IT security is set to

increase 4.7 percent in 2015 to $75.4 billion, and the world will spend $101

billion on information security in 2018.

• The cyber security market is estimated to grow to $170 billion (USD) by 2020, at

a Compound Annual Growth Rate (CAGR) of 9.8 percent from 2015 to 2020,

according to a report from Markets and Markets. The aerospace, defense, and

intelligence vertical continues to be the largest contributor to cybersecurity

solutions.

$101 BnIT Security Spendings

$170 BnMarket

• The British insurance company Lloyd’s estimates that cyber attacks cost

businesses as much as $400 billion a year, which includes direct damage plus

post-attack disruption to the normal course of business. Some vendor and media

forecasts put the cybercrime figure as high as $500 billion and more.

• Сyberattacks could cost up to $90 trillion by 2030 if cybersecurity fails to

advance at a rapid pace. Atlantic Council and the Zurich Insurance Group

$90 TnDamage till 2030

$400 BnDamage a year

Security Concerns Rise Across the World with Rise of Scale of Cyber Threats

TechSci Research says the banking and financial

services sector has been the prime target of

cyber criminals over the last five years, followed

by IT & telecom, defense, and the oil and gas

sector.

No vendor or user of computer technology is

immune from a potential cyber security incident

The Essential Guide to Industrial Cyber Security, Honeywell

Recent large-scale cases include Sony’s breach,

attacks on Lenovo and other companies such

as JPMorgan Chase and Home Depot.

Most businesses think they are too small to be

the victims of a cyber attack. But that is not the

case since they are victims of hacking either for

their own data or because they are the weakest

point of entry in a digital information supply chain.

Days of Just Securing the Perimeter are Over

• Wireline operators tend to suffer the greater

exposure, particularly when they host IT

infrastructure or provide managed security

services for enterprise customers.

• So do mobile operators with their huge customer

bases. CSP’s customers are exposed to data

exfiltration, denial of service, fraud and all the

other attack vectors.

• Cloud and IoT services significant growth is

putting even more pressure on service providers

that have to craft their strategies in the age of

cyber insecurity.

It’s Time for the Secure Pipe

• The standard service-level agreement for years allowed

that CSPs just push the traffic in and out. To pass traffic,

not pass judgment. CSPs didn’t usually touch it.

• Some CSPs however has been quietly getting permission

from its customers to stop certain kinds of traffic altogether.

Number of businesses have signed up to have the CSP to

filter out spam, viruses, DDoS attacks and other malicious

activity behind the scenes, before the traffic touches their

enterprises.

• The “productization” of security services will take time

though to catch up with vertical leaders. The final task will

be the “clean pipe” with fewer risks with a bill attached. This

will force transformation from “dumb pipe” to smart one.

CSP’s Security Services Portfolio

92%of the 100K security incidents

studied from the past ten years can be described by just nine

basic patterns

1. POINT OF SALE INTRUSIONS2. DENIAL OF SERVICE ATTACKS3. CRIMEWARE4. WEB APPLICATION ATTACKS5. INSIDER MISUSE6. MISCELLANIOUS ERRORS7. PHYSICAL THEFT/LOSS8. CARD SKIMMERS

Source: Verizon

Mobility and End-Point Security

Hybrid cloud security

Next Generation Perimeter Solutions

Application Threat Protection

Advanced Malware Protection

Discovery Security Analytics

Social Engineering

Protect the network and endpoints from both known and zero-day malware

The ability to protect hybrid cloud environments and identity business risks associated with SaaS usage

Deploying next generation network perimeter solutions to identify and mitigate application threats

Detect and remediate application vulnerabilities and prevent malicious hacks and attacks

State-of-the-art sandboxing technology helping protect against hacks that bypass signature-based controls

Correlating a diverse set of security, network and application event data to improve understanding of normal and discover first seen problems – the unknown unknown

Ensuring adequate security awareness in-house and appropriate procedures in place

CSPs Security Services Value Chain

• Endpoint Security

(including mobile security)

• Server Security

• E-mail Security

• Network Security

• Cloud Security

• Anti-Phishing, Anti-

malware, Antivirus

• Perimeter Solutions

• Application Security

• Security Analytics

• Monitored or managed firewalls or

intrusion prevention systems (IDS/IPS)

• Cloud, mobile and web assets (DDoS

protection, email security, web filtering)

• Security information and event

management (SIEM)

• Need more advanced services such as

real-time and batch security analytics

• Reporting associated with

monitored/managed devices and

incident response

• Security compliance

and consulting

services

• Security design and

architechture services

• Security audit and

assessment services

• Professional services

• Managed services

• Cyberdefence

solutions

Point Products Managed Security ServicesInformation Security

Consulting Services

Consumer

Ad hoc Security

Services

Security Services

Bundle

Network Security

ServicesFully Managed

Security Environment

Level of

Strategic

Partnership

with the

Customer

Why MSSP solutions are good for Businesses?

• Managed security services are the network security services that have been outsourced to a service

provider. A company providing such a service is a managed security service provider (MSSP).

• According to recent industry research, most organizations (74%) manage IT security in-house, but 82%

of IT professionals said they have either already partnered with, or plan to partner with, a managed

security service provider.

• MSSPs offer better resources, scalability, and talent - all for a cheaper price. So cost is the major

reason. Chief Information Security Officers looking to security services cite cost reduction as a top

factor, with 62% of CISOs listing this as an important or very important reason.

• Other important issues include flexibility, expertise, global coverage and advanced technology.

• CISOs want trusted, strategic partners. Information security is an activity built on trust. MSSPs that

understand this develop strong supporting partnerships with their clients and help them overcome their

biggest security challenges.

• Forrester believes that the relationship between CISOs and MSSPs will continue to deepen. As the

MSSP demonstrates competency and even proficiency in certain areas, the partnership will quickly

develop from an ad hoc relationship to a fully managed security IT environment.

• Advanced technologies, such as threat intelligence and correlation, drive future demand.

Sophistication of new threat intelligence technology to detect intrusions with a rapidly changing threat

landscape discover a need for solutions capable of detecting suspicious activity and need to receive

alerts in near real time. Forrester believes those MSSPs that get this right will have a huge advantage

in the market during the next two to five years

Trust

Global Coverage Flexibility

CostReal-time DetectionAdvanced

Technology

82%Of Chief Information and

Security Officers partnered or plan to partner with MSSPs

Why MSSP solutions are good for Businesses?

Source: Trustwave

Global Leading CSPs Clearly Show the Potential for CSPs in Security Domain

• Verizon is a top telecommunications provider with a very large North American

presence, with more than 2,000 unique clients in the region. Verizon employs one of

the largest security teams in the market with an aggressive recruiting strategy.

• Verizon emphasizes the business value and cost-controlling aspects that it delivers

through managed security services and helps clients allocate resources to the most

critical assets through its enhanced risk-based correlation engine.

As a large, North American telecommunications provider, AT&T has one of the largest

customer bases, with more than 1,200 unique customers in the region. AT&T has an

aggressive threat intelligence program and scans more than 25 petabytes of data

travelling over its networks daily. AT&T focuses on threat detection with strong network

infrastructure and perimeter defense offerings, including robust log monitoring and

analysis features. Areas of improvement were its customer portal and reporting features.

• BT's MSS offerings include monitoring and management of customer premises

deployed devices and network-based security controls as part of its larger portfolio of

telecommunications and IT services. BT uses self-developed technology for log and

event collection, correlation, query, reporting, and device management.

• NTT has a global presence as well as a broad range of security service

offerings and delivery options, in addition to broader telecommunications and

IT infrastructure service offerings.

• Headquartered in Paris, with offices in Atlanta and Singapore, Orange offers a broad

range of telecommunications and cloud-based IT infrastructure services, security

consulting and integration services, and MSSs. Orange MSSs are based on

commercial SIEM technology for data collection, correlation and analysis, reporting,

and log management, with self-developed technology for workflow.

Gartner

Forrester Wave: Information Security Consulting Services, Q1 ‘13

But Still Much in CSPs To-Do-List to Gain Leadership in Information Security Consulting Services Though

Only two CSPs were included in Forrester Wave Information Security Consulting Services.

• Verizon demonstrates strong incident response skills, but lack of global coverage is

restrictive.

• Verizon has battled to gain brand awareness within the security consultancy space and

has succeeded thanks to its incident analysis and strong PCI practice. Although some of

the company’s higher-level solutions (for GRC and strategy, for example) may not be as

sophisticated as those of larger competitors.

• The company does offer a wide range of solutions, including strong offerings in

application security, biometrics, DLP, and IAM, many of which it will also subsequently

operate.

• Client feedback stressed the flexibility of the Verizon consultants and its strength in

incident response; areas of potential improvement included Verizon’s comparatively low

number of consultants (just over 400) and weak global coverage, as well as challenges

with internal collaboration and communication.

• BT Global Services delivers pragmatic solutions, with a focus on technology.

• BT was the other organization that stood out because of its unique perspective and

approach to client engagement; the company’s spokespeople come across as very

honest and candid, suggesting that clients are likely to receive straightforward advice,

even if it meant BT recommending a course of action that BT could not support.

• BT focuses on the delivery of predefined security service packages and does not offer

regulatory- or compliance-related services.

• Although BT’s staff is relatively small and inexperienced (with an average of fewer than

five years of experience), the company has a strong presence in the UK and continental

Europe.

• BT plays to these strengths, ensuring that the customers receive high-value consulting

using strong security technology solutions.

Forrester Wave: Information Security Consulting Services, Q1 ‘13

Approaches to Unlocking the Cyber Security Potential

Build

Buy• Orange – Atheos

• Singtel – Trustwave

• Telstra – Bridgepoint and O2 networks

• Telstra – Docusign

• Telefonica - Blueliv

• DT – Cyphercloud, Zenguard, Lockout

• Network Security – Fortinet, F-Secure

• Endpoint Security – Lookout, McAfee,

Symantec

• Cloud Security – Symantec, Akamai

• Cyberdefence – FireEye, AllienVault

• Professional Services – IBM, HP

CAPEX

consumption

OPEX

consumptionTime-to-Market

Partner

Market Cases

Security Services Portfolio and Partnerships leveraged. AT&T Case

• AT&T has partnered with Cisco for the home

controller, plus other specialist vendors for service,

components, and installation. Service Innovation

Digital Life is AT&T’s new consumer

home security and home automation service.

• AT&T partners with Juniper for Mobile Security. It

will help to manage personal or enterprise-owned

devices, enable anti-virus, anti-malware, and

application monitoring and control.

• At the center of AT&T's partnership with AWS is its

NetBond offering, which the company describes as

a "network-enabled cloud solution.

• AT&T also partners with security app provider

Lookout in order to protect AT&T Android devices

from app-based threats. Lookout's

Mobile Security software is expected to be installed

on most AT&T Android phones moving forward.

• AT&T Government Solutions selected Aviat

Networks as its microwave communications partner.

AT&T Government Solutions is a proven solutions

integrator, with expertise in areas such as

Cyber Security, Network Solutions, Application.

AT&T Security Services Portfolio

The Digital Telecom Security Services

In Search of New Streams

Thank you!Should you have any questions or feedback please contact me,

Parviz.Iskhakov@gmail.com