Whodunit? Know Your Network Attackers

Terry Young


Mobile network operators – you need better visibility into current threats to your networks. You may know “what,” and you may even know “when,” but often you don’t know “where,” “who” or “why.” So how can you act with confidence using incomplete information?

Here’s a common scenario many MNOs face. You may have information about the malware involved, and you may even suspect it slipped past the internet firewall to infect some of your mobile subscribers. But if you don’t have visibility into which devices, peering points or subscribers are involved, or the context of the attack, and you have few enforcement tools beyond the internet firewall policy, what can you do when your network is threatened?

Mobile security needs are unique because mobile devices are … well … mobile. Unlike enterprise data centers or fixed-line service providers, mobile network operators cannot rely upon static IP addresses to identify devices or subscribers so they can quarantine or block. And security systems are quite separate from the systems that house subscriber and device identification, so that makes matching threat traffic session logs to devices or subscribers a manual, cumbersome and time-consuming task.

When an attack is looming, mobile network operators need complete information, and they need it quickly.

Palo Alto Networks Next-Generation Security Platform provides all the pieces to the security data puzzle, allowing MNOs to quickly pinpoint the attack source and understand the malware context so they can take appropriate action or prevent it altogether. Our technology provides full application-layer visibility to all mobile peering points, including RAN, roaming or Wi-Fi access – network areas that, in the past, may have needed little protection. Advanced GTP inspection functions provides IMSI/IMEI identification correlated to specific malicious sessions, displayed on one management GUI, which eliminates the frantic rush to manually match logs to identify who is attacking your network.

So, the next time malware like Mirai or ransomware like WannaCry is perusing your subscriber base looking for innocent victims, you’ll be able to see it coming – no matter where it’s coming from – and you’ll have complete information and context to decide what the appropriate enforcement action should be.

Now you can know what, when, where, why and – most importantly – who.

For more information, watch our recent webinar with “Heavy Reading” analyst Jim Hodges, “Open Innovation – the Key to Service Provider Network Security.”

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS