Network Threat Intelligence Boosts Enterprise Communications Security

ARCHIVED
3 June 2024 - ID G00781795 - 11 min read
By Jon Dressel
Communications service providers should use their unique network threat intelligence data to differentiate their security service offerings. This research shows how CSP product leaders are using proprietary data for enhanced managed security services portfolio and proactive threat detection.

Overview


Key Findings

  • CSPs with global or regional networks have an opportunity to differentiate themselves against managed security service provider and systems integrator competitors. They can do this by utilizing the massive amount of data points on their network to provide customers with enhanced network security and higher-fidelity threat detection and faster response outcomes.
  • Maximizing the potential of network threat intelligence services allows CSPs to develop value-added advanced security services which can be a key differentiator in a competitive market.
  • CSPs contribute to regulatory insight compliance challenges faced by customers which results in weakening their position as a trusted advisor and diminishes the value they can provide. Improvement in this area will assert the CSP as a trusted advisor and improve value.

Recommendations

  • Deliver continuous monitoring and rapid response to emerging threats by implementing a centralized network threat intelligence platform with real-time threat feeds and automated threat detection capabilities.
  • Provide differentiated advanced security solutions by developing managed security services packages incorporating network threat intelligence to create new business opportunities.
  • Demonstrate adherence to relevant regulations to foster trust with customers and regulators by leveraging network threat intelligence data and insights to generate compliance reports and evidence of proactive security measures and risk mitigation strategies.

Strategic Planning Assumption


Thirty percent of security operations (SecOps) that fail to adequately assess and report threat intelligence metrics in 2024 will experience budget cuts in 2025.

Introduction


End-user customers are increasingly interested in threat intelligence capabilities. However, they struggle to put these capabilities in place themselves. According to the SANS 2023 Cyber Threat Intelligence Survey:1
  • 44.3% of the surveyed organizations cited the lack of trained staff or lack of skills needed to fully utilize threat intelligence as the No. 1 inhibitor to implementing threat intelligence effectively.
  • 38.3% report not having the time to implement new processes.
  • 36.7% lack the technical capability to integrate threat intelligence tools into their environment.
These responses illustrate the strong opportunity for CSPs to deliver network threat intelligence services to end-user organizations.
Network threat intelligence offers a differentiating opportunity for CSP product leaders to strengthen their security posture, improve operational efficiency and gain a competitive edge in the digital evolution (see Figure 1). Network threat intelligence is a subcategory of cybersecurity threat intelligence, which is a more comprehensive threat intelligence service CSPs can aspire to grow into after leveraging the vast amount of data on their network.
CSPs can leverage network threat intelligence to build a more secure and resilient future for their networks, customers and security landscape by:
  • Investing in the right tools
  • Developing a robust strategy
  • Fostering collaboration
Figure 1: Network Threat Intelligence Model
Network threat intelligence model filters malicious traffic from the internet and cloud through a communication service provider network, ensuring only secure, nonmalicious traffic reaches the customer edge. This effective threat filtering enhances network security.
Due to the large amount of native network threat data points available to them, CSPs have a unique opportunity to become consolidated cybersecurity providers by incorporating network threat intelligence services for their customers in addition to their managed security services portfolio. Here’s how this approach can benefit both parties:
  • Unmatched threat visibility: CSPs analyze network traffic to generate comprehensive threat intelligence reports, offering insights into global and customer-specific threats. This empowers customers to prioritize security efforts and proactively address vulnerabilities, and other exposures, such as security control gaps.
  • Enhanced security services: Network threat intelligence serves as a foundation for upselling advanced managed security services (MSS). CSPs recommend tailored solutions based on the customer’s threat landscape, such as advanced firewall configurations, intrusion detection system (IDS)/intrusion prevention system (IPS) or security information and event management (SIEM). This improves customer protection and generates additional recurring revenue.
  • Simplified compliance: Network threat intelligence data helps generate compliance reports, demonstrating adherence to data privacy and security regulations. CSPs reduce the compliance burden for customers and establish trust as a security partner.
  • Quantifiable value: Network threat intelligence helps identify and mitigate threats, resulting in cost savings for customers. Metrics like reduced incidents and improved network performance demonstrate the ROI of network threat intelligence services, making CSPs an attractive choice.

Analysis


Implement a Centralized Network Threat Intelligence Platform (TIP)

In the constantly evolving world of telecommunications, data grows at exponential rates. The ability to extract valuable insights from this vast information stream is crucial for CSPs and their end-user organizations, and can significantly differentiate them from non-CSP competitors like systems integrators (SIs), managed service providers (MSPs) and managed security service providers (MSSPs). Network threat intelligence serves as a cornerstone by:
  • Empowering informed decision-making
  • Shaping security strategies
  • Ensuring a safer digital landscape for all stakeholders2
CSP leaders such as AT&T Business, Verizon, Orange and Lumen are including threat intelligence services as part of their security offerings to customers using a centralized TIP.3 They are utilizing internal security tools combined with external threat feeds and their own network threat data points to collect the data and protect their networks while extending network threat intelligence out to their customers. They generally provide insights for customers into specific threats to each customer, as well as an overview of the threats trending across all customers. This may include removing those threats prior to them ever getting to the customers own network edge. However, one of the difficult things for most providers embarking on this service is how to monetize this effectively.
AT&T has recently launched this service with multiple packages to provide these services while monetizing the value to their customers.

Case in Point: Secure Customer Connectivity Through Threat Intelligence (AT&T Business)

Embedded within AT&T’s connectivity offerings is opt-in secure connectivity with AT&T Dynamic Defense, which leverages its own global network’s threat intelligence as a foundation of protection while layering other security controls on top of that for additional security.
In the past, traditional CSPs, with their connectivity services, viewed their job as connecting customers with internet resources and did not consider securing those connections as their responsibility. That is significantly changing now, and AT&T’s Dynamic Defense represents the evolving role of the CSP in protecting customer assets.
Depending on the package selected by the customer, services:
  • Start with dynamic blocking of malicious IP addresses.
  • Extend to services like monitoring and detecting all traffic states on their global network and what is reaching the customer network edge.
  • Layer on additional next-gen firewall security services like network virus, spyware and vulnerability protection.
AT&T’s approach takes global network data of over 680 petabytes of data every day analyzed through their threat intelligence to produce threat detection and mitigation to lower security risks while simultaneously reducing threat traffic arriving at the customers network. This has the potential to reduce the amount of capacity needed for customer premises equipment (CPE) potentially elongating the life of the equipment due to reduced capacity requirements.3

Offer Advanced Security Solutions to Customers Incorporating Network Threat Intelligence

CSP product leaders should go beyond threat intelligence: By offering a comprehensive security posture for their customers and incorporating modern security operations center (SOC) services, CSP leaders enhance their upsell and cross-sell security opportunities. Table 1 breaks down some key services that complement threat intelligence and elevate a CSP’s security portfolio.

Advanced Security Solutions to Complement Network Threat Intelligence

Security Service
Key Elements
Managed detection and response (MDR)
  • Goes beyond monitoring by offering a team of security analysts who can actively hunt for threats within a customer’s network
  • Leverages threat intelligence feeds and advanced analytics so security incidents can be proactively identified and responded to
  • Leverages vast CSP network data
Managed security information and event monitoring (MSIEM)
  • Can act as the central nervous system of an MSS offering
  • Leverages threat intelligence data to prioritize alerts and identify suspicious activity more effectively.
  • Offers 24/7 monitoring and expert analysis of security events
Managed extended detection and response (MXDR)
  • Extends the capabilities of SIEM by ingesting data feeds from a broader range of sources including endpoints, cloud applications and user activity
  • Provides further insights into advanced threats
  • Enables a more holistic view of customer security posture when leveraged alongside existing network visibility and threat intelligence.
Managed security orchestration, automation and response (MSOAR)
  • Automates routine security tasks, freeing up security analysts to focus on complex incidents
  • Provides automated incident response including containment, investigation and mitigation through integration of threat intelligence and SIEM data
Vulnerability management (VM)
  • Leverages threat intelligence to assess vulnerabilities and prioritize remediation efforts based on factors such as exploitability and potential impact
  • Enables customers to mitigate security vulnerabilities before they become targets for exploitation by malicious actors
Source: Gartner
CSP product leaders should differentiate themselves in a competitive market by offering a comprehensive suite of SOC-based security services to:
  • Establish themselves as trusted security advisors.
  • Generate recurring revenue beyond basic network connectivity and threat intelligence services.
CSPs have an opportunity here to also embrace a co-managed security service model, which can include MDR and SOC services, to enhance the possibility of serving larger enterprise clients. The co-managed security service approach enables them to partner with larger clients that have internal security operations but struggle with a 24/7 delivery. For clients that prefer using their existing technology but lack the in-house expertise to implement specific security use cases, co-managed security monitoring offers a valuable solution. This service can also assist with data collection or even the setup of dashboards and reporting.
Leveraging their network visibility and threat intelligence, CSPs can customize these services to meet diverse security requirements. Modern SOC security offerings empower customer organizations with advanced threat detection, faster incident response and proactive security measures, enhancing overall telecommunications security (see Figure 2).
Figure 2: Threat Intelligence in the Modern SOC
A representation of a modern security operations center model (SOC) consisting of monitoring and detection, incident response and hunting, threat intelligence, and detection and automation engineering is given. It helps organizations prepare for their own unique threat landscape and bolster their prevention capabilities.

Use Network Threat Intelligence Data and Insights to Generate Compliance Reports

Regulations around data privacy and security are becoming increasingly stringent. Network threat intelligence data can be instrumental in generating compliance reports for customers. By analyzing network traffic for suspicious activity, CSPs can help clients demonstrate their adherence to relevant regulations such as the U.S. Health Insurance Portability and Accountability Act (HIPAA), payment card industry data security standard (PCI DSS) and the EU’s General Data Protection Regulation (GDPR). This not only reduces a customer’s compliance burden but also positions the CSP as a trusted security partner, and can improve the value and monetization potential of the threat intelligence service for customers needing to demonstrate compliance.

Derive Compliance Insights From Network Threat Intelligence Data

Leveraging the use of extracted network threat intelligence data, CSPs can drive compliance reporting that promotes better GRC decisions by end-user organizations.4 Network threat intelligence data provides valuable information on cyberthreats in a CSP’s network, including identifying unusual traffic patterns, suspicious IP addresses, and known indicators of compromise. It can also detect threat actor activity such as exploiting vulnerabilities, launching phishing campaigns, and spreading malware. Additionally, network threat intelligence solutions can identify and categorize malicious software trying to infiltrate the network.
CSPs have a prime vantage point for proactive security for identifying and analyzing potential threats and turning those threats into evidence.
Raw network threat intelligence data, while useful, needs further analysis for regulatory compliance. CSPs can derive actionable insights through:
  • Regulation threat mapping: Understand the specific regulations applicable to customers and align relevant network threat intelligence data points with these compliance requirements. These regulations may vary in terms of data privacy, security controls and incident reporting.
  • Data enrichment: Enhance network threat intelligence data with additional context from both internal security tools and external threat feeds. This not only gives a more complete view of the threat landscape but also bolsters the evidence in compliance reports.
  • Data standardization and normalization: As network threat intelligence data formats can differ based on the source, standardizing this data ensures smooth integration and analysis with SIEM solutions or other tools that generate compliance-relevant data.
Effective network threat intelligence-based compliance reporting should use three key pillars:
  • Develop compliance expertise: Security teams skilled at analyzing network threat intelligence data may require additional training to translate their insights into reports addressing specific compliance mandates. Consider establishing internal expertise or partnering with specialists who understand the intricate mapping of network threat intelligence data to relevant regulations.
  • Invest in data integration tools: Data silos can hinder the creation of comprehensive compliance reports. Invest in tools that streamline data integration from various security systems, including network threat intelligence, SIEM, and other relevant sources. This allows for a more holistic view of the customer’s security posture and adherence to regulations.
  • Leverage generative AI (GenAI) and automation: Manual report generation can be time-consuming and prone to errors. GenAI and their LLMs can offer summaries of collected threat intelligence with further curation as needed by security staff through access to the raw data to avoid any potential AI hallucinations. Explore automation tools that can format reports based on predefined templates and incorporate relevant network threat intelligence data points aligned with specific compliance requirements. This streamlines the process and ensures consistency across reports.

Conclusion

Harnessing network threat intelligence data for compliance reporting allows CSPs to provide a valuable service to their customers, leading to several customer advantages. It eases the compliance burden by providing detailed reports that show regulatory adherence, saving customers’ time and resources on internal audits.
The analysis of network threat intelligence data not only aids in compliance but also bolsters the customer’s network security by identifying threats and vulnerabilities, enabling proactive risk mitigation. Moreover, the effective use of network threat intelligence data for compliance reporting builds trust and strengthens the CSP-customer relationship. It showcases the CSP’s commitment to security and data privacy, giving customers the assurance that their compliance needs are being met.
By leveraging this data for compliance reporting, CSP product leaders can not only fulfill a critical customer need but also contribute to a safer digital landscape for everyone.

Evidence


1 SANS 2023 CTI Survey: Keeping Up with a Changing Threat Landscape SANS Institute (registration is required to download this report).
This research is also based on Gartner client inquiries, data from client interactions and previously published Gartner research.
Disclaimer: The organization (or organizations) profiled in this research is (or are) provided for illustrative purposes only, and does (or do) not constitute an exhaustive list of examples in this field nor an endorsement by Gartner of the organization or its offerings.