• Log in
  • About Us
  • Privacy Policy
  • Contact us
Telecoms IT News - VanillaPlus
  • Home
  • News
  • Verticals
    • 4G
    • 5G News
    • Big data analytics
    • Bill & Charge
    • CEM
    • Companies
    • Digital transformation
    • Fraud prevention
    • Managed services
    • Network optimisation
    • NFV Hub
    • OSS
    • People
    • Policy
    • Revenue assurance
    • Revenue management
    • Service assurance
    • Service Provisioning
    • Test & measurement
  • Digital Edition
  • Events
    • Events diary
    • Webinars
  • Videos
  • VP Featured
    • Webinars
    • Podcast
    • Editorial advisory board
    • Expert opinions
    • Hot List
    • Operator View
    • Press releases
    • Reports & whitepapers
    • Special reports
    • Talking Heads
    • Troubleticket
    • Digital Talking Heads
  • Directory
  • Tech Trends
  • Subscribe
 

You are here:

  • Home
  • Companies
  • How machine learning might save your telco data

How machine learning might save your telco data

15 March, 2017 at 7:00 AM

How machine learning might save your telco data
Andy Heather, vice president, Centrify EMEA

Telecommunications companies face greater security and privacy challenges. Attackers are becoming more sophisticated, and regulations are tightening. Telcos must think differently about security to cope with these mounting pressures – and that means changing the way that their security software operates.

The Centre for Economic and Business Research has found that as stewards of sensitive information, telco companies are among those most vulnerable to attack. They are among those with the most to lose should they be successfully breached. The General Data Protection Regulation (GDPR), which comes into force in May 2018, enables privacy officers to fine telco companies up to 4% of global revenue should a breach occur.

Preventing attacks involves understanding how they happen. Sensitive information is often accessed using compromised employee accounts, says Andy Heather, vice president, Centrify EMEA.

In 2015, Canadian firm Rogers Communications blamed “human error” on the theft of dozens of enterprise contracts and emails that were published online. An attacker fooled an enterprise sales employee into giving up their login credentials, and then used them to access data from Rogers’ systems.

Enhancing access protection with AI

VanillaPlus has covered how machine learning can reduce fraud traits among telco customers, but it can also help protect employee accounts from these attacks when combined with an existing class of security software: identity and access management (IAM).

IAM software combines several techniques to ensure that only authorised employees get access to specific applications. It uses techniques such as two-factor authentication to grant access to the right people while keeping imposters out. It also manages account privileges, so that employees only have access to the applications and data that they need.

IAM only goes so far in protecting accounts from compromise, though. If an employee gives away his or her account data, or if malware steals the employee’s login credentials, then an attacker gains the employee’s access privileges. That is exactly what happened to Rogers.

Machine learning can help to spot intruders trying to impersonate employees. Its appeal lies in how it processes data. It operates entirely differently to conventional software, which makes it good at analysing unpredictable things like employee behaviour.

Instead of following an explicit set of ‘if-then’ rules, machine learning systems are more implicit in their thinking. Rather than relying on an explicit rule to cover every eventuality, they analyse mounds of historic data and look for patterns in it, to help identify what’s normal. Machine learning algorithms use statistical modelling to help do this, enabling them to model things that conventional programs can’t.

IAM systems are evolving to use machine learning as an extra layer of defence when authenticating employee accounts. Machine learning goes beyond simple password authentication to model historical behavioural data such as what applications and data an employee accesses, when the employee does so, and where from.

A machine learning module can then analyse access attempts via the IAM software, comparing it against the normal baseline to identify any abnormalities.

If an employee’s username and password is stolen, an attacker will use them to try and login as that employee. The employee will usually access systems in a certain time window, from certain places. The employee is also likely to use the same device most of the time.

The attackers are unlikely to know these patterns, and will try to access from their own location, using their own device, and perhaps at an unusual time. This is likely to raise a flag with the machine learning module, which will identify abnormal behaviour. It can then decide in real time what to do.

Because it is probabilistic in nature, machine learning doesn’t have to simply grant or deny access. If it detects unusual conditions that aren’t too suspicious, it may decide to grant access, but only to specific applications, and only with an extra layer of authentication that the employee wouldn’t normally have to provide. In this way, it balances security and convenience. It’s a technology that always offers a measured response.

Machine learning won’t completely replace other forms of authentication and identity management. What it does offer is another layer of defence that works in real time to thwart attackers hoping to use stolen employee accounts as weak points in the system.

That can only be a good thing, because in the battle for telco customers’ data, attackers are constantly innovating. Telcos should do the same.

The author of this blog Andy Heather, vice president, Centrify EMEA

Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus


category: Companies, Devices and Modules, Fraud, Security, Telco Cloud, Troubleticket

Tags: AI, applications, authentication, Centrify, data, employees, GDPR, IAM, Machine Learning, Rogers Communications, Telco

VanillaPlus Q3 Magazine
 

VanillaPlus Magazine Issue 1 2022: Why IT must catch up with OT to enable 5G monetisation

Is creativity a bridge too far for CSPs? As communications service providers (CSPs) engage in new digital value chains, collaborate with partners and participate in multi-directional business models, George Malim shares a tale of two bridges

READ NOW

Comments are closed.

  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
  • Subscribe
Relax time
Read the new novel by J.J. Cowan on Africa’s conflict minerals trade and forced labour. 5* Reviews on Amazon.co.uk Paperback & Kindle

Check out on Amazon

X

Be the first to know!

  • The top telecom IT news stories of the minute
    in your inbox
  • Exclusive offers for entry into hundreds of
    events worldwide
  • Free access to a huge selection of the latest
    analyst reports and whitepapers
Subscribe now so you don't miss out
Don’t show me this again
Please check your email
x
Vanillaplus - The Global Voice of Telecoms IT
The Global Voice of Telecoms IT

VanillaPlus is the world-leading resource covering digital transformation for the communications industry. VanillaPlus brings you exclusive News, Expert Views, and Event Reviews. See Interviews from CEOs, CTOs, and COOs who are successfully transforming their business today.

Connect

Facebook Twitter YouTube LinkedIn

NEWS

  • Latest Telecoms IT news

DIGITAL EDITION

  • Latest Editions

OTHER

  • Newsletters [Archive]

KNOWLEDGE CENTRE

  • Webinars
  • Special Reports
  • Talking Heads
  • Editorial Advisory Board

COMPANY

  • About
  • Contact Us
  • Terms & Conditions
  • Privacy Policy

PARTNERS

  • IoT News

© 2014-2022 VanillaPlus - The global voice for telecoms IT. All rights reserved.