Security is becoming a new B2B and B2C business model that SPs are driving towards. Yasser Najeeb Alswailem, Cyber Security VP, stc, detailed more the top security services that are in demand today and what are stc’s top priorities in terms of deploying these services in a panel of Infoblox dedicated to designing next-generation service providers’ network.
“At stc, we have a strategy for the coming years to expand aggressively in this scope. The company has recently established a new cyber security entity to complement the different digital services of stc and to be the enabler of the digital ecosystem network in the Kingdom and in other territories where we are available as well.”
When it comes to the most demanded services, there are core services like the managed security service, monitoring services and security operations service. However, during the pandemic, a lot of organizations shifted their investments from security technologies to the Opex model where they started outsourcing most of their security services to the major security service providers. Giving that fact, Alswailem said that it is considered both an opportunity and a challenge at the same time. It’s an opportunity for the local players because stc is based in Saudi Arabia and is serving Saudi local customers and other customers as well in Kuwait and Bahrain through its arms there, and a bit challenging for the multinational companies serving in the local market in Saudi Arabia due to local regulations.
“The other emerging services that we’ve seen recently is the NTD DoS service. It became a trend officially nowadays when the pandemic brought an opportunity for the service providers to enable the economies of the countries to surpass this period. We have witnessed many attacks targeting service providers themselves as well as the critical national infrastructure. This is where the investment in the NTD DoS started paying off. We have the capacity to mitigate up to 4 Terabit of malicious traffic which gave us the ability to save not only the government but even the large enterprises in Saudi.
In addition, we started investing in the large amount of data that we have, giving the fact that 60 to 70% of the traffic are passing through stc. We wanted to understand what sort of threats are targeting the nation and what differentiate those kind of threats. So what we did was monetizing the large amount of data and started producing what we call “indicator of compromises” where we started feeding different subsidiaries across the region with those indicators of compromises, blocking lots of command controls to enables the digital ecosystem and the country to have clean traffic passing through the DNS which is getting this kind of intelligence from our threat intelligence platform which in its turn is getting the data from the monetized data from our partners as well.”
Moderator Jay Srage, CEO of Centrigent, highlighted that the more services the higher security risks are imposed on the network. In this view, he asked Alswailem to detail the top measures that stc is taking in its strategy to secure that infrastructure.
Alswailem said, “Telecom in the past was the least priority for most of the attackers. Most of the attacks went to applications, operating system, databases, and then came to the telecom network. Nowadays, there are lots of similarities between the telecom industry and the IT industries. What we are doing is promoting our telco team to learn IT skills and vice versa, but it is necessary that telecom people understand how the IT architecture is being built. These similarities between IT and Telecom make the telecom infrastructure and the ecosystem exposed to more threats than before especially with the adoption of 5G. So, there are three different tracks when it comes to security one should take into consideration:
- Security is the responsibility of the service providers themselves by building multi tearing security architecture;
- The customers themselves have to add their additional measures to secure their use cases;
- Security measures have to be applied on 5G equipment manufacturers. They have the responsibility to make sure that the end-to-end product line is being secured and doesn’t have any kind of backdoors that mark the use as an entry point to harm either the customer or the service provider’s network.
