Professional Documents
Culture Documents
#1
Most targeted vertical – ^246%
telecommunication Increase targeting
operator satellite operators
7.7M
IoT devices are connected ^150%
to the internet every day Increase targeting
wireless operators
20:1
Estimated ratio of IoT devices 5 DAYS
behind firewall versus directly new attack vector discovery
connected to the internet to weaponization
As they provide the backbone of content delivery, Operators are prime targets for cyber attacks
• Lack visibility into unknown threats and threats coming from their own subscribers
• Limitations of most firewalls/IDS/IPS not being context aware around subscribers, devices, locations
• Ransomware attacks surging; with below the surface cost far greater than above the surface cost
• IoT devices introducing security challenges; with low level of protection & infrequent updates
Determining the origins of malicious activities and understanding the pattern of those activities
• Who’s attacking the subscribers? What’s the IP address? Where are attacks coming from? which ISP
are hosting? Who are the subscribers impacted?
East-West
Threat Actor
Tablet Mobile
Phone
• Sources of attacks are more and different
• Number and Types of devices are not controlled
• Defense is built around the perimeter to stop incoming attacks from internet
• A malicious or compromised device or an infected smartphone can impact more end-user devices
without going out of the perimeter
• Complete traffic visibility in both directions is critical to cover the complete attack surface
North-South
Attack surface is BIG
Malicious/ NR UPF
Compromised FW/CGNAT
Device
Target
Service
Botnet/Malware C&C
• Defense is built around the perimeter to stop incoming attacks from internet
• A malicious or compromised device or an infected smartphone can impact more end-user devices
without going out of the perimeter
• Complete traffic visibility in both directions is critical to cover the complete attack surface
Value Proposition: Sandvine’s Security offers CSPs a network-based solution for real-time threat detection, classification and mitigation that protects
subscriber’s QoE from cyber threats and malicious traffic using full subscriber contextual awareness and rich up-to-date cyber threat information.
Subscriber Insights
Real Time
Flexible deployment and variety of
Complete threat visibility with full Threat Visualization
actions on known and unknown threats
subscriber contextual awareness
Filtering Capabilities
Provides CSPs granular metadata, threat classification Builds on Cyber Threat Analysis capabilities to enable CSPs SIEM integration Over Kafka
and detailed statistics, malware, phishing and malicious real time mitigation policies on identified threats to protect
sites using threat intelligence databases. subscribers from networks threats and malicious traffic
Traffic Mirroring for Analysis
Real-time matching of flows > 40 Threat types detected Rich metadata classification Geo Location
• Server Hostname • Botnet participation, • Malware name • Geo-IP location properties for each
• flow
IP Addresses • Botnet C&C Communication, • Malware family
• Ports • Identifies server location: including
• Crypto Currency Theft • Malicious confidence country, region, city and owner of
• Protocol ID • Malware Activity, • MITRE and Kill Chain the IP address
• Subnets • Creates reports for locations where
• Attack Activity, • Target industries
• URL most threats are coming from
• Phishing activity • Threat actors
• Geo Location
• Fraud activity • Domain type
• Ransomware • IP address type
• Adware • Activity cluster
• etc
Detection of more than 40 threat types with millions of entries in the cyber threat intelligence database
Categorization and grouping capabilities for better visibility to the phases of an adversary attack lifecycle
Overview Dashboard
• Shows a worldwide map view of where threats are originating,
including a table sorted by the highest number of threats.
• Allows for the selection of specific threat categories, devices,
and locations using global filters.
Trends Dashboard
• Provides details on threat types and a trend view of the threats
over time.
• Stats on Mitigated Treats [with Cyber Threat Management]
Updated every five minutes and shows the last rolling hour
of data. Users may select a different time period.
Sandvine plays its due role in an ecosystem of security solution providers which will work in a
coordinated manner to thwart security threats on network operators’ networks
Multiple unique features to create a strong cyber threat analysis & management solution
• Protects subscribers from a range of network threats and malicious traffic that can
compromise equipment and data
• Minimizes such impact, resulting in CAPEX / OPEX reduction and improved overall customer
experience
• Protects and elevates the value from existing security investment
• Preserves brand reputation
Copyright ©2021 Sandvine Corporation. All rights reserved. Any unauthorized reproduction prohibited. All other trademarks are the property of their respective owners.
This documentation, including all documentation incorporated by reference herein such as documentation provided or made available on the Sandvine website, are
provided or made accessible "AS IS" and "AS AVAILABLE" and without condition, endorsement, guarantee, representation, or warranty of any kind by Sandvine
Corporation and its affiliated companies ("Sandvine"), and Sandvine assumes no responsibility for any typographical, technical, or other inaccuracies, errors, or omissions
in this documentation. In order to protect Sandvine CONFIDENTIAL and confidential information and/or trade secrets, this documentation may describe some aspects of
Sandvine technology in generalized terms. Sandvine reserves the right to periodically change information that is contained in this documentation; however, Sandvine
makes no commitment to provide any such changes, updates, enhancements, or other additions to this documentation to you in a timely manner or at all.