Cyber-attacks against Digital Service Providers’ (DSPs) critical infrastructure are soaring. In 2019, massive telecommunication data breach was uncovered which was caused by a group of Chinese hackers who attacked 10 DSPs across the globe, exploiting their network’s vulnerabilities. GSMA’s Mobile Telecommunications Security Threat Landscape report 2019 says that there was a 55% increase in breaches caused by vulnerable Open-Source software. Addressing security vulnerabilities is a top priority for DSPs because a successful cyber-attack could essentially cause disruption in service for millions of customers, loss of customers’ trust, deterioration of DSP’s brand & reputation and shut-down of operations. Addressing security threats will require DSPs to establish a systematic process for vulnerability management with high levels of automation, to discover new vulnerabilities, perform a risk assessment and assign the vulnerabilities to the right support group to facilitate quicker remediation. Depending on the DSP’s size, infrastructure size & complexity and state of the configuration management database (CMDB), finding the responsible asset owner may prove to be a highly challenging and cumbersome task, resulting in lead times of up to many weeks.
This insight provides a solution approach encompassing
- Discovery scan
- Element Management Systems (EMS) integration
- Central validation & CMDB data enrichment tool
Vulnerability management involves vulnerability scanning & assigning the identified vulnerabilities to the appropriate support groups for remediation
DSP’s can reduce their vulnerability assignment lead time by up to 80% and improve their right-first-time assignment close to 75% by leveraging the solution approach unveiled in this insight.
Topics Covered:
- Vulnerability Management Process overview
- What makes Vulnerability analysis & assignment the most cumbersome task for DSPs?
- Solution approach for right-first-time vulnerability assignment
- Building a Central validation & CMDB data enrichment to ensure attributes & relationship data are correct for right-first-time vulnerability assignment
Please click the download button for free access to the complete insight
Authors:
- Reza Nanoha
- Sathya Narayanan
