In recent years, the cybersecurity landscape has evolved into something very different, something constantly changing. An increase in the number of new ransomware, phishing and DDoS attacks make it much more difficult to quickly detect and respond to cyber threats. The rapidly evolving and dynamic nature of cyberattacks requires businesses to invest a considerable amount of resources in technologies and talent —an effort already underway by AT&T in its eight security operations centers throughout the world.
AT&T’s Global Technology Operations Center (GTOC) recently hosted about a dozen members of the New Jersey Business & Industry Association’s Information Technology Network. The GTOC serves as a kind of looking glass into the company’s vast security landscape, enabling it to monitor traffic and data flow across its expansive global network.
“More than 168.1 petabytes of data cross our network every day. That data provides us a huge pool that we can analyze and feed our growing ability to help detect the presence of cyber threats,” explains Kim Bilderback, Sr. Application Sales Director at AT&T. “On average, our GTOC systems collectively assess some 30 billion vulnerability scans across our global IP network every day.”
Previously, businesses focused cybersecurity efforts on safeguarding firewalls to protect the network and endpoint security software solutions using anti-virus and anti-malware. With those tools in place, many business leaders could reasonably claim that they were doing everything necessary to defend their networks and devices from cyberattacks.
To better protect your networks, you need a system that helps address a variety of high-volume threats accurately and quickly. Our meeting at AT&T’s GTOC shed light on the company’s ability to use its global communications monitoring system to help protect not only its own network and operations, but also those of its customers.
If there’s a natural disaster or high-profile terror event of some kind, it’s normal to expect a sharp increase in network traffic. Likewise, network traffic may drop from the norm during high-profile sports events. But anomalous traffic patterns or unusual threat signatures can serve as a warning for a cybersecurity event, like a distributed denial of service (DDoS) attack or a network worm like the WannaCry ransomware attack that crippled networks worldwide in earlier this year.
Innovations such as virtual security functions and advanced analytics have become not only the latest security trends, but also the latest essentials to help protect a business and their customers. So, having the ability to scale and update security defenses in near-real time and automate threat detection has become essential to help handle the sheer volume of cyberattacks and threats.
“Both media and businesses tend to focus on new and rare cyberattacks, yet businesses today are primarily affected or breached by types of attacks we already know about,” says Bilderback. “In fact, more than 90% of attacks logged by AT&T are associated with known vulnerabilities – not zero-day attacks.”
AT&T’s Threat Manager gives businesses the ability to utilize AT&T’s data intelligence to look at threat patterns and spikes in data traffic that may hint at trouble. It also automates threat identification and protection to help resolve security issues in near-real time.
“We can do this at the connectivity, device or data/application level,” adds Bilderback. “Our Threat Manager platform helps enable us to analyze the traffic coming in and out of that device, connection or application and identify abnormalities (such as an unauthorized user in a different location), to help prevent, detect and respond.”
The sheer multitude and variations of threats and vulnerabilities make it hard for many businesses to manage on their own, and some security companies may offer a solution that only covers a piece of the problem. As a result, working with third parties may be more cost effective than trying to do it alone and may also give you access to tools and data not available anywhere else.