IoT Infrastructure Protection
Ensuring CSP Infrastructure Resilience
Maximize the Efficiency and Security of your IoT Service Network
The goal of IoT Infrastructure Protection is to ensure resilience of the CSP infrastructure and maintain QoE for other customers that rely on the carrier’s network. As has been evident in cases of both service provider networks, a compromised IoT deployment has the power to impact the very infrastructure on which it relies for connectivity.
Delivered at Three Levels
IoT Infrastructure Protection is delivered at three levels to reduce its available attack surface, identify and quarantine infected devices and protect the infrastructure from service disruption. These are based on the following functions:
- Acceptable Usage policies to prevent unapproved communication from the IoT devices
- Stop Outbound DDoS – protect the IoT infrastructure from internally sourced DDoS attacks that threaten external networks and services
- Identify and quarantine infected IoT devices
Allot multiservice platforms enable the network operator to define Acceptable Usage Policies that control communications from the IoT devices, and police the communications channel between the IoT device and authorized servers. Acceptable Usage Policies can be defined as:
- IP addresses/Domains of IoT devices and management servers
- Type of protocols and applications allowed for communications
- Time of day/day of week for permissible communications
- Number of new connections/volume of BW permitted for communications
Stop Outbound DDoS
Mirai-infected IoT devices were used to launch some of the most devastating DDoS attacks during 2016 into 2017. The force of such attacks impacts not only the target of the attack, they also affect the connected network and transit networks, impairing service and quality of experience for customers who share the same telecommunications infrastructure. Allot DDoS Protection Solution provides advanced inline detection and mitigation against inbound and outbound DDoS attacks and can be effectively used to protect the internal infrastructure of a service provider. Allot’s DDoS Protection solution also delivers Host Behavior Anomaly Detection (HBAD) to identify bot activities initiated from within the network. This allows quick identification of infected IoT devices and effective mitigation by either limiting the traffic from those devices to minimal BW and CPS, quarantining those devices or completely blocking access.