NetScout hones network assurance, threat detection for telcos

NetScout, a provider of application performance management and network security products, is helping telcos and cable operators better monetize their network upgrades, whether it’s DOCSIS 4.0, distributed access architecture (DAA) or some other technology.

Vikram Saksena, chief solutions architect in NetScout’s CTO Office, told Fierce broadband penetration in North America has reached a point where it’s difficult to grow just through subscriber gains alone and voice and video services are already fairly mature. As operators pour billions of dollars into upgrading their infrastructure and “redesigning the last mile,” Saksena said NetScout’s role is to ensure the companies are getting their money’s worth.

“Without us, whatever they roll out – if the quality or reliability is not good, then the customers are not going to buy it, and they won’t get the return on their investment,” he stated.

By upgrading their networks, cable companies will be able to roll out new services for existing subscribers as well as go after small and mid-sized businesses that need more bandwidth for cloud-based applications.

“It increases their addressable market, both on the consumer side as well as the enterprise side,” said Saksena. “This gives them an opportunity to increase their top line growth. That’s the driver, otherwise they’re pretty much saturated in their current businesses.”

NetScout’s product arsenal primarily falls under two categories: assurance and security. On the assurance side, NetScout uses its Adaptive Session Intelligence (ASI) technology to capture packets, or user traffic in a network, and then extract metadata to determine which applications are running on the network, the performance of those applications and other components.

In addition to service assurance, NetScout leverages the metadata for business analytics and notably, automation, all of which helps operators identify the “protection bottlenecks” of the network.

“What we’re trying to do is take all this data and be able to reduce it to understand the main outliers in your network, the main things that may be problematic…and automate the processing, extraction and filtering of unnecessary events,” Saksena explained. “Because what customers don’t want to see is a lot of data that’s creating false alarms.”

As for security, NetScout is striving to combat distributed denial of service (DDoS) attacks, which are increasingly targeting telcos, per a Lumen report from February.

“The attacks are getting more and more sophisticated, because the hackers are figuring out what people are able to detect and stop,” said Saksena. “So, they are coming up with new techniques to create what are called direct-path attacks for specific components.”

Another threat “that can take an entire infrastructure down” is carpet bombing, in which a DDoS attack can target multiple IP addresses of an organization in a short period of time.

NetScout has a threat analysis technology called ASERT, which Saksena said monitors the entire internet and captures the threat vectors that come up, enabling the vendor to “stop the attacks on the fly.”

“We’re also using our packet technology to be able to look at these attacks in more granular terms,” he said. “To figure out where the bad actors are, how they get into the network and where they’re actually moving in the network.”

Using continuous packet monitoring, Saksena said NetScout aims to detect the onset of a DDoS attack and before it disrupts service. And, as network deployments continue, cybersecurity is poised to remain a key area of focus for telcos.

“Anytime you disaggregate the network, you’re opening up new attack services,” he added. “When you virtualize the CMTS or the CCAP, whichever case it happens to be for a cable network, you are opening up components to cloud native technologies, [which provide] a whole new attack surface that can be exploited by hackers to bring down the network.”