AI-powered security in telecom: The use cases that can win

External network security attacks are more likely to succeed as attacker sophistication increases.

Modern malware is polymorphic and programmed to evade common signatures, rules and perimeter-based defense mechanisms. Once hackers make it into the network, they can stealthily navigate it, compromising accounts, seeking out valuable assets and gradually stealing data.

As manual rules-based approaches to address this evolving threat age, AI is emerging as a must to stay a step ahead of intruders.

In telecom, operators generate tidal waves of data spanning logs, metrics, traces, event records and much more. These structured and unstructured data can form the foundation for descriptive, predictive and prescriptive analytics that deliver business value using powerful AI or ML algorithms. This value includes reduced manual efforts by SOC engineers and the capability to expand usage of technologies and algorithms to other domains like application performance monitoring, where it is possible to proactively detect abnormal app behavior and its cause.

Understanding these patterns and flagging possible anomalies, threats and fraud attempts to the right teams before they impact network security, user identity and data privacy is a critical element of modern security postures. The goal is to mitigate and contain disruption, losses, reputational fallout and negative subscriber experiences, including information theft.

AI and ML can proactively detect, analyze and respond to various threats across a range of telecom-specific scenarios, including:

• Fraud detection and prevention. The network is continuously monitored to detect unusual patterns in traffic and restrict access.
• Threat intelligence and network security. Malware is detected early enough to predict potential threats and implement DDoS attack countermeasures.
• Spam and phishing detection. Internal users get real-time support to avoid phishing attacks as ML algorithms filter fraudulent emails.
• Data privacy and compliance. Sensitive subscriber data is anonymized and protected.
• User identity and authentication. User behavior is analyzed for abnormal activities.
• Predictive maintenance. Potential network device failures are predicted.

Ultimately, operators want to achieve better efficiency and effectiveness with timely responses to security incidents and AI-powered approaches make this possible.

AI’s role in protecting subscriber data

Rakuten Mobile is rolling out AI-powered subscriber data protection approaches through detailed analysis of security logs for indications of anomalous usage, made possible by a User Entity Behavior Analytics (UEBA) cybersecurity tool we developed.

This approach significantly reduces false positives, decreasing unwanted alerts and allowing security engineers to focus on actual threats. As a result, bandwidth that would have otherwise been spent investigating numerous alarms will be significantly reduced. The in-house development of this UEBA tool is replacing a third-party vendor solution, leading to additional annual savings.

The tool logs as a data source, parses these log streams for meaningful information and applies advanced AI and ML algorithms to detect anomalies for network users, routers, servers and endpoints from any network. Its capabilities allow us to take a structured approach to protecting sensitive subscriber data:

1. Detailed analysis. Rakuten Mobile analyzes behavior of users, devices, system accounts and privileged accounts, constantly scanning for abnormal accesses, frequently accessed resources, unusual active directory change time, user password resets and account changes.
2. Anomaly detection. User Entity Behavior Analytics (UEBA) captures the footprint of these threats and anomalous behavior and then runs them through advanced machine learning algorithms to continuously baseline, detect deviations and find anomalies.
3. Pattern detection. The findings are stitched into meaningful sequences over time using pattern detection and advanced correlation. This reveals the actual kill chains, which become comprehensible and immediately actionable.

Unlike alerts triggered by violations of known thresholds, behavior-based threat detection uses machine learning with extreme context awareness to maximize the probability of finding true, hidden threats. The rate of false positives also drops dramatically in the process.

A key component of automated threat mitigation

The UEBA tool is not a substitute for existing monitoring, log management or security orchestration, automation and response (SOAR) tools.

Rather, it sits at the intersection of the network domain stack, integrating information across all log streams and traces. Here, it can identify potential risks, correlate them and push the gathered intelligence back to a SOAR/Orchestration platform for automated mitigation.

In this context, the tool has proven a comprehensive and scalable solution to increase the security posture of any Security Operations Center (SOC) design.

Specifically, its contextual awareness helps distinguish between legitimate and unusual behavior. It has learned to recognize real threats, providing personalized security policy for the individual user risk profile.

The adaptive machine learning algorithms that power the UEBA tool analyze and ultimately understand user behavior over time to anticipate even potential insider threats. This powerful, intelligent security incident management feature augments the SOC team remits with issue context at the right time to help accelerate mean time to resolution (MTTR).

For any enterprise, security is every individual’s responsibility. With the right awareness and limitless capabilities of AI in operations, it is becoming easier to predict fraudulent activities and prepare teams with a proactive defense mechanism.

‍