《電信管理論壇：2023網絡安全戰略報告：風險管理成電信行業關注焦點（英文版）（33頁）.pdf》由會員分享，可在線閱讀，更多相關《電信管理論壇：2023網絡安全戰略報告：風險管理成電信行業關注焦點（英文版）（33頁）.pdf（33頁珍藏版）》請在三個皮匠報告上搜索。

1、September 2023|www.tmforum.orgAuthor:Patrick Donegan,Principal Analyst,HardenStanceEditor:Dawn Bushaus,Contributing Editor,TM Forumsponsored by:Sponsored by:Author:Patrick Donegan Principal Analyst HardenStanceEditor:Dawn Bushaus,Contributing Editor TM Forum REPORTrisk management moves firmly into t

2、he telco spotlightcybersecurity strategies:September 2023|URL TBCrisk management moves firmly into the telco spotlightCybersecurity strategies:contents03 the big picture07 section 1:threat intelligence-led risk management is driving security strategy 12 section 2:risk management responsibilities are

3、 driving change in the CISOs role17 section 3:better visibility and use of threat intel drives spending on new tools 24 section 4:make it happen strategies for optimizing cyber risk management 27 additional resourcesWe hope you enjoy the report and,most importantly,find ways to use the ideas,concept

4、s and recommendations detailed within.You can send your feedback to the editorial team at TM Forum via editortmforum.orgbigpicturethe3inform.tmforum.orgIn June 2023,TM Forum carried out an online survey of CSPs about how they are formulating cybersecurity strategy and putting it into effect.This rep

5、ort draws on insights from 59 individuals from 40 unique operating companies around the world.Nearly all respondents were at director level and above,with significant knowledge of their companys approach to cybersecurity.As well as our survey,interviews were carried out among executive-level decisio

6、n-makers to gauge sentiment in the industry.All sectors of industry are grappling with heightened risks to their business operations.Cybersecurity risk is just one,alongside climate change,geopolitical risk,AI risk and the possibility of another pandemic.Our survey paints a picture of the approach C

7、SPs are taking to protect their organizations and their customers against cybersecurity risk.Cybersecurity is evolving from a highly technical discipline to one that is focused on managing broader business risk.Once the preserve of a small team of technical experts,cybersecurity is evolving to requi

8、re organization-wide engagement by all stakeholders from the board room A new TM Forum survey yields critical insights into how communications service providers(CSPs)around the world are evolving their cybersecurity posture for the challenges of an evolving cyber threat ecosystem,more prescriptive g

9、overnment regulations,and the risks that accompany the shift to cloud operating models.4inform.tmforum.orgCybersecurity is evolving from a highly technical discipline to one that is focused on managing broader business risk.down to every individual employee.Its also evolving toward rapidly detecting

10、 and mitigating the subset of threats that will inevitably get past protective defenses rather than counting on those defenses to keep them all out.As one among an elite group of industries that are defined as critical infrastructure,the telecoms sector has some unique attributes that affect how CSP

11、s determine their target cybersecurity posture.Telco networks are the nervous system of the digital economy.In addition,CSPs are more impacted than most sectors by cyber threats arising from growing geopolitical tensions,whether those threats take the form of adversaries spying on customers communic

12、ations or other malicious activities.For these two reasons CSPs are also more susceptible than most including most other critical industries to more stringent cybersecurity regulation.Operators also face unique technology-related risk in cybersecurity as they undertake the disruptive migration of ol

13、d and new network services,and old and new networking protocols,to less familiar cloud-native architectures.5inform.tmforum.orgFrameworks,roles and spendingThis report explores several key aspects of the goals and supporting frameworks that are driving cybersecurity.Because CSPs are regulated entiti

14、es,cybersecurity is inevitably driven in part by regulatory compliance.That,however,should typically be viewed as no more than a bare minimum baseline.Hence our survey sought to understand where compliance fits as a factor and which other frameworks,metrics or other considerations if any are being u

15、sed to augment or exceed basic compliance requirements.We also look at the roles of individual leaders and other stakeholders within the CSP organization in terms of formulating and executing on cybersecurity strategy,including identifying spending priorities.The survey sheds light on which individu

16、al leaders tend to call the shots as well as the interdependencies between stakeholders.Key to this is understanding the role of the chief information security officer(CISO)or chief security officer(CSO).As the cybersecurity discipline has evolved,these roles have evolved with it.The survey looks at

17、 how the role of telco CISOs and CSOs has changed in the last 18 months and explores what is driving those changes in the context of an environment where cybersecurity spans the unique operations environment of a telco network as well as a more generic enterprise IT environment.Cybersecurity risks f

18、or CSPsTM Forum,2023CSPS ARE VULNERABLE TO ATTACKS AGAINST ENTERPRISE IT,NETWORK INFRASTRUCTURE AND OPERATIONSRISK TO TELECOMS SERVICES FROM NATION STATE CYBER THREAT ACTORS IS INCREASING WITH HEIGHTENED TENSIONS AMONG KEY GEOPOLITICAL ADVERSARIES SUCH AS THE US,THE EU,RUSSIA,CHINA AND IRANAS WITH A

19、NY MAJOR CHANGE IN ARCHITECTURE OR OPERATIONAL PRACTICE,THE MOVE TO CLOUD ARCHITECTURES INTRODUCES NEW CYBERSECURITY RISKAS PROVIDERS OF CRITICAL INFRASTRUCTURE CENTRAL TO THE FUNCTIONING OF THE DIGITAL ECONOMY,GOVERNMENTS ARE IMPOSING STRINGENT NEW REGULATIONS PRESCRIBING HOW CSPS MUST MANAGE THEIR

20、 CYBERSECURITY POSTURERAPID INNOVATION IN THE CYBER THREAT ECOSYSTEM DEMANDS AN APPROACH TO CYBERSECURITY THAT IS AGILE,OPTIMIZED FOR REDUCING RISK THROUGHOUT THE ORGANIZATION AND TAILORED TO MINIMIZING HARM WHEN ATTACKS GET THROUGH 6inform.tmforum.orgThe role of the telco security officer is changi

21、ng to span both enterprise IT and network domains.We look at how spending on cybersecurity tooling is being prioritized in the context of budget constraints,and which features and value propositions are most likely to help distinguish security tools as critical rather than just“nice to have”.The sco

22、pe extends to the balance between spending on protective or defensive tools on one hand,and detection and response tooling on the other.We also discuss hot-button value propositions from the different perspectives of security analysts investigating incidents and security engineers responsible for bu

23、ilding,operating and maintaining the CSPs security operations center(SOC)infrastructure.Finally,we examine the adoption of software-as-a-service(SaaS)in the context of telco security operation.Read this report to understand:Whats driving cybersecurity strategy in CSPs What cyber risk management is a

24、nd why CSPs are adopting it Why the role of the telco CISO is changing to a more business-oriented focus throughout the telco organization,spanning both enterprise IT and network domains Rates of adoption of SaaS in CSPs SOCs The types of cybersecurity tooling that CSPs are prioritizing for investme

25、nt and why.threat intelligence-led risk management is driving security strategy section 17inform.tmforum.orgCybersecurity strategy is influenced by many competing factors,claims,considerations and requirements from outside as well as within the telco organization.But which ones carry the most weight

26、 and why?We asked CSP respondents to rank the most important factors driving telco cybersecurity strategy.As shown in the graphic,the most critical by far is understanding and mitigating risk arising from the cyber threat landscape.It scored 3.5 out of 4.0,with about two thirds of respondents rankin

27、g it as their top choice.This reflects the threat posed by change and innovation in the cyber threat ecosystem.It also reflects the importance of an organization being able to rapidly interpret change in terms of risk for the organization and then adapt to it.Government regulation is also a signific

28、ant driver,but only 17%of respondents ranked it as the number-one factor.On one hand this suggests that while compliance with cybersecurity regulations is recognized as critical and non-negotiable,traditional tick-box compliance is no more than a minimum baseline for defining telco security strategy

29、.That said,the much lower score may also imply that most CSPs are not yet feeling the full force of the new wave of cybersecurity regulations set to impact them.Many of these go well beyond tick-box compliance relating to specific products,features or certifications.New regulations are prescribing i

30、ncreasingly detailed processes for how telcos should execute on a wide range of cybersecurity issues.8inform.tmforum.orgMost important factors driving CSPs security strategyTM Forum,202335%24%22%19%Risks arising from changes in the cyber threat landscapeGovernment regulationRisks introduced with clo

31、ud-native network transformationCustomer demand9inform.tmforum.orgIn many cases,these are processes that regulators have previously addressed with a light touch or not addressed at all,such as more detailed and more stringent requirements relating to incident detection,management,mitigation and repo

32、rting in CSPs SOCs(see sidebar).Customer demand doesnt score highly as a driver of telco security strategy because the primary objective is to protect the CSP organization itself protecting customers is just one aspect of that.Responses to our survey question about security spending reinforce this(s

33、ee graphic on page 10).From the perspective of a security team,the customer is typically an internal business unit rather than the end customer.However the customer is defined,most just want to buy secure services.Most customers tend not to be very involved in prescribing how they are secured.So,whi

34、le customers are central to telco security strategy,theyre generally not all that active in directly driving it.Risk management is keyOne of the most significant survey findings is illustrated in the graphic on the next page,which identifies risk management as the most important factor determining h

35、ow telco cybersecurity spending is prioritized.More than 60%of respondents identified risk management as one of the two most important factors compared with half who chose regulatory compliance.The following examples illustrate the regulatory wave that is building globally but has yet to fully break

36、 in many countries.Estonia and Germany implemented the EUs European Electronic Communications Code(EECC)into national law in 2018 and 2020,respectively.However,Ireland didnt implement it until 2023.The EUs Network and Information Services Directive(NIS2)impacts telcos among other critical industry s

37、ectors but doesnt have to be implemented in national law until October 2024.The UKs Telecommunications Security Act the most prescriptive new legislation to come into effect,allowing for fines of up to 10%of revenues to be imposed for non-compliance came into force at the end of 2021.Paul MacKenzie,

38、Head of Security for Hyperoptic,a leading internet service provider(ISP)or altnet in the UK,says of the Telecommunications Security Act:“There are few areas of our operations that are untouched by this legislation.”In the US,the Federal Communications Commission(FCC)has proposed more stringent requi

39、rements for how telcos report data breaches.The Notice of Proposed Rule Making issued in December 2022 seeks to eliminate a mandatory waiting period for notifying customers of a breach,requires that customers be notified of inadvertent breaches and requires operators to notify the Commission,the FBI

40、 and the Secret Service of all reportable breaches.The FCC is soliciting comments on the proposal.Advanced markets may be leading on this,but other countries are also following suit.“In Thailand we have a Cybersecurity Act applicable to all critical infrastructure,”says Pepijn Kok,CISO for AIS in Th

41、ailand.“The regulator started with the banks,now we are the second industry they are turning their attention to.As part of this new process,for the first time at the start of this year,weve had to submit an internal audit report and risk assessment.Now they are planning to circle back and do a deep

42、dive into our infrastructure.”Stricter government regulation is a rising global trend10inform.tmforum.orgEmbracing cyber risk management implies a relatively high level of cybersecurity maturity.An approach driven by risk management denotes a more advanced cybersecurity posture than one that is more

43、 compliance driven.Cyber risk management typically forms part of a broader risk management strategy for managing legal,commercial and other types of business risk.Risk management does,nevertheless,overlap with compliance because risk management strategies take account of risk associated with non-com

44、pliance.THE ORGANIZATIONS LEARNINGS FROM OTHER BREACHESMost important factors in prioritizing security spending Crucially,risk management relies on quantifying risk.At a high level,a potential cybersecurity incident that is assessed as having an estimated cost of$100 million,with a 40%chance of happ

45、ening in any one year,is considered a$40 million-a-year risk.Its because these types of assessments require such a detailed understanding of ones own risk exposure and cybersecurity posture and because such quantifications can generate alarmingly high numbers that embracing cyber risk management imp

46、lies a relatively high level of cybersecurity maturity.Cyber risk management is being explicitly incorporated into some of the new wave of cybersecurity regulations.For example,the EUs NIS2 Directive specifies that“a culture of risk management,involving risk assessments and the implementation of cyb

47、ersecurity risk management measures appropriate to the risks faced,should be promoted and developed”.Such a high profile for cyber risk management in telco security circles is to be expected.That said,its important to recognize that embracing it is a journey;it can be adopted in phases.For example,c

48、yber risk management can be factored into some decisions or all decisions.It can be no more than one factor in decision-making,or it can lead decision-making.Hence the high score in the survey doesnt necessarily mean a large proportion of CSPs are already at an advanced stage of using cyber risk man

49、agement as of today.62%51%RISK MANAGEMENTREGULATORY COMPLIANCE35%THE ORGANIZATIONS OWN EXPERIENCE OF BREACHES33%THE DIRECTION OF THE BUSINESS AND ITS SUPPORTING IT REQUIREMENTS 18%COST15%TM Forum,202311inform.tmforum.orgAt 51%,regulatory compliance isnt that far behind risk management.This reinforce

50、s how traditional compliance remains a key factor determining how security spending is prioritized.While compliance is increasingly subordinate to cyber risk management,some telcos may still be more heavily influenced by traditional compliance.Risk introduced with cloud-native network transformation

51、 is likely to increase in importance as CSPs move more support systems applications and network functions to the cloud.The scope for hackers to break out of a Kubernetes container to compromise other containers or the underlying infrastructure is just one example.As Anil Pawar,SVP and Head of Techno

52、logy,Architecture and Strategy,Rakuten Mobile,puts it:“Cloud native is small decomposed microservices in a software-driven architecture,so security became a huge,huge challenge for us.”Who calls the shots?In common with all businesses that are dependent on large investments in operations technology,

53、several stakeholders have input into a telcos cybersecurity strategy.The weighting of the influence that each has on a scale of 1 to 5,where 1 is little influence and 5 is a lot,is depicted in the graphic opposite.Predictably,survey respondents identified the chief security officer(CSO)or chief info

54、rmation security officer(CISO)as holding the most influence over how telco cybersecurity requirements are prioritized,with 56%of respondents rating their influence a 5.Respondents rated security directors and security architects as exerting greater influence over security requirements than the CEO o

55、r board of directors.In many cases,this delta probably does not reflect the relative influence of these stakeholders in terms of prioritization of spending.In some cases,it may reflect respondents addressing prioritization of technical requirements from among competing approaches for executing on pr

56、iority objectives.The next section explores how the role of the CISO or CSO has changed and continues to evolve,as well as the role of other stakeholders.Who influences prioritization of cybersecurity requirements most?TM Forum,202343%CISO/CSO41%40%37%36%34%31%Security director(head of SecOps)Securi

57、ty architectsCEOBoard of directorsCIOLine of business leadersrisk management responsibilities are driving change in the CISOs rolesection 212inform.tmforum.orgAcross all sectors of industry,the CISOs role has had to evolve at pace to keep up with cybersecurity risk.Heres how those changes are playin

58、g out in the context of the telecoms sector and how telco CISOs are going about protecting their organizations and their customers.A full 71%of respondents to our survey said their organization has a single CISO or CSO across both enterprise IT and network domains.To give a few specific examples,the

59、 CISOs of Telefnica,KPN and Telus all have responsibility across both domains today.Speaking at HardenStances Telecom Threat Intelligence Summit in June 2023,David Rogers,Chair of GSMAs Fraud and Security Group(FASG),reaffirmed that“CISOs are now becoming responsible for cybersecurity covering all o

60、f the IT and telco network security.”Only 29%of survey respondents said different individuals are still responsible for the security of each domain.This convergence has gathered pace in recent years.In some cases,it has happened at the level of both a formal job description and in day-to-day practic

61、e.In others,the CISO that presides over both domains is less hands-on with the network than they are with enterprise IT.This reality is implied in answers to our survey question asking which individual is responsible for the cybersecurity of the telco organizations public telecoms network assets(see

62、 graphic opposite).13inform.tmforum.orgWhos responsible for cybersecurity of public network assets?TM Forum,202314%14%43%12%9%9%CIO CSO CISO CTO Head of network security Other(examples cited:CTO,security director,director of risk)14inform.tmforum.orgCloser look at network securityGoing back several

63、years,the starting point in the evolution of the telco CISOs role was a focus on enterprise IT security.The security of the telecoms network tended to be largely separate,hence assigned to the CTO and/or one or more in their team.There were good reasons for this bifurcation.Since employees have a le

64、gitimate need for direct access to internal operational systems and sensitive corporate data,misbehavior by them,whether benign or malicious,is a bigger cybersecurity risk to CSPs than customers.Hence a CISO was expected to focus on the CSPs internal enterprise network.In addition,the enterprise IT

65、and telecoms technology environments were fundamentally different.Most CISOs knew more about enterprise IT than telecoms technology.Several factors are extending the CISOs responsibilities further into the telco network domain.Perhaps the most important is broader and ongoing changes in the CISO rol

66、e(see graphic on page 15).This is evolving away from a narrow technical focus on trying to prevent attacks from breaching IT systems to a broader one that is more focused on high-level business requirements and minimizing harm once preventive defenses are breached(as they inevitably will be).These f

67、actors are forcing telco CISOs to engage more extensively throughout the organization.This requires greater engagement up and down the organizational hierarchy from the board and senior leadership team at the top to the lowest rank of employees at the bottom(as well as third-party contractors and su

68、pply chain partners at any point in between).It also requires greater engagement across the organizations many units,departments and domains including CSPs enterprise IT and network domains.The convergence of all the telco organizations security under a single CISO is also being driven by convergenc

69、e throughout the telecoms security landscape:As shown with network functions virtualization(NFV)and cloud-native 5G standards,telecoms technologies,architectures and protocols increasingly are borrowing from the IT world.Telco CISOs with an IT background are therefore starting to find telecoms secur

70、ity challenges more familiar than in the past.Whether theyre financially motivated criminal gangs,politically motivated hacktivists or nation state threat groups focused on disinformation,espionage or disruption of services,some cyber threat actors are dynamically adjusting their motives and busines

71、s models as well as intersecting,allying and converging with one another.A threat group targeting a telcos IT may change its goals and its supporting tactics,techniques and procedures to target network operations next time.And just as borrowing from the IT world makes defending telecoms networks mor

72、e accessible to CISOs,it also makes them more accessible to cyber threat actors.The CISO role is evolving from a narrow technical focus to broader high-level business requirements.15inform.tmforum.orgMany aspects of telcos cybersecurity best practices are converging too.Many advanced telcos such as

73、Deutsche Telekom,KPN and Telefnica have already converged their internal IT,network and SOCs into a general or unified SOC.Tunisie Telecom will converge its three separate SOCs under a single general SOC by the end of 2023.Expanding incrementallyJust as cyber risk management can be adopted in phases

74、,the same is true of extending a CISOs responsibilities into the telco network domain.Take the example of a radio access network(RAN)or transport network upgrade.Upon taking responsibility for telecoms security and then for a period of time after a CISO may expect no more than to start signing off o

75、n the exact same long-standing security requirements that were previously signed off on by,say,the CTO.Our survey may capture this nuance,where only 57%of respondents point to the CSO or CISO as responsible for cybersecurity of the network.This appears inconsistent with the 71%who said those roles h

76、andle both enterprise IT and network cybersecurity.The journey some telco CISOs are on in terms of assuming responsibility for the network incrementally may explain this slight discrepancy.The survey asked respondents to choose the two most important ways the role of CISO has changed in the last 18

77、months.Most strikingly,and strongly echoing the surveys findings about the drivers for cybersecurity,65%of respondents pointed to a greater focus on risk management(see graphic above right).Clearly,CISOs are aligning with the organizations focus on cyber risk management or driving this change themse

78、lves(or both).The other response options also scored highly chosen by just under half of all respondents.Closer alignment with business-level objectives continues to be important moving away from making technology-driven decisions to decision-making thats driven by minimizing harm to the business.Mo

79、re stringent regulation,such as new incident reporting rules,increases accountability on the part of the board.Thats driving a tendency to forego passively delegating cybersecurity decisions to the CISO,as in the past,in favor of engaging more directly and more often.How has CISO/CSO role changed in

80、 past 18 months?65%A greater focus on risk managementTM Forum,202349%47%47%2%Closer alignment with business-level objectivesMore security evangelism throughout the organizationMore engagement with the boardOther(example cited:deeper focus on native security engineering)16inform.tmforum.orgCISOs need

81、 to be chief security evangelistsIncreasing demands are also being placed on the CISO to serve as the lead cybersecurity evangelist throughout the telco organization.The role has long ceased to be confined to leading a team of cybersecurity specialists.It increasingly requires engaging all the organ

82、izations stakeholders in aligning with the principle of cybersecurity being“a team sport”.As an example,the CISO team should be training and supporting cybersecurity champions within different teams and departments so as to embed security awareness and best practice throughout the telco organization

83、.Independent of how it is created,who leads it and which guiding frameworks it uses,cybersecurity strategy always comprises a combination of people,processes and technology.The next section looks at key criteria that tend to determine prioritization of spending on new cybersecurity tools.Cybersecuri

84、ty strategy always comprises a combination of people,processes and technology.better visibility and use of threat intel drives spending on new toolssection 317inform.tmforum.orgWithin their cybersecurity budgets,telcos must prioritize tools for spending.Survey responses yielded valuable insights int

85、o what makes investment in new cybersecurity hardware,software and services critical versus merely“nice to have”.18inform.tmforum.orgWhether its in IT or on the network side of the house,SaaS tools represent both opportunity and risk for CSPs.Just over half of survey respondents say SaaS is already

86、being used in their organizations security operations.One obvious example is endpoint security software which is often delivered using a SaaS model.Some telcos also include SaaS in the mix of the DDoS(distributed denial of service)protection software they use.Among those that have yet to deploy SaaS

87、 in security operations around two thirds intend to over the next two years.Only 17%of respondents say SaaS deployment is not on their organizations roadmap for security operations.The graphic on p.19 points to the main drivers of SaaS adoption.Almost two thirds of respondents believe its business a

88、gility.With SaaS,CSPs no longer need to make a significant upfront investment;rather they can fail fast without incurring significant losses.They can also scale investment up or down according to demand rather than having to invest up front for peak expected capacity.Higher security efficacy emerges

89、 as joint second among drivers for SaaS adoption,chosen by 44%of respondents.This suggests that while some security CSPs use of SaaS tools in security operations TM Forum,2023 We have already deployed SaaS security products We are likely to deploy SaaS within the next 12 months We are likely to depl

90、oy SaaS within the next 24 months SaaS deployment is not currently on our roadmap54%20%9%17%19inform.tmforum.orgconcerns about placing additional trust in third-party vendors using a SaaS model are still in play,CSPs remain aware of the inherent risk in traditional procurement models.Spending priori

91、tiesAt a simplified level,any organizations cybersecurity can be viewed in terms of two domains.The first is where cyber risk is defined and protections are put in place to prevent breaches from happening.The second is where breaches get past those initial protections,hence where threat detection an

92、d response measures are needed to minimize damage and allow for a rapid and robust recovery.Its a basic tenet of cybersecurity that a security posture is only as strong as its weakest link,so in one sense the two are of equal importance.However,at any one point in time,depending on the stage of the

93、investment lifecycle for different parts of an organizations cybersecurity tooling,spending priorities may favor one more than the other.This reality is reflected in the graphic below.In the context of the telecoms network,a couple of factors may have affected how respondents answered the question.A

94、s 5G standalone(SA)is rolled out,3GPP prescribes several new security features that are embedded in the architecture.These largely can be thought of as being on the preventative or protective side of the ledger.24/7 threat monitoring lackingIn the case of cyber threat monitoring,detection and respon

95、se capabilities,investment in telecoms infrastructure is generally considered to be less advanced than in enterprise IT environments.“One Main drivers for adopting a SaaS model in security operationsCybersecurity tools most likely to require substantial upgrade within 3 years 64%44%44%29%24%Business

96、 agilityHigher security efficacyLower total cost of ownershipLess network complexityAccountability on the part of software vendorTM Forum,2023Dont know20%20%56%4%Preventative or protective tools that keep cyber threats outDetection and response tools that mitigate and remediate cyber threats that ge

97、t inBoth equallyTM Forum,202320inform.tmforum.orgIve yet to find any vendor that knows of anyone monitoring their telco infrastructure 24/7 for security violations.Pepijn Kok,CISO,AISof our main challenges is we are required to be able to monitor for security violations 24/7 in our telecom network i

98、nfrastructure,”says Kok at AIS.“Ive asked around and Ive yet to find a peer telco here in Asia or any telco vendor that knows of anyone monitoring their telco infrastructure 24/7 for security violations.We have started to import logs into our SOC and are starting to assemble our own approach to doin

99、g this.”Hence there is a clear need to invest in re-tooling.Two additional drivers are the rollout of 5G SA with all the new risk it introduces,and the focus of a lot of new government regulation on prescribing more stringent requirements for incident management and reporting.The progress a given te

100、lco has already made with these investments and how much further it plans to go and how quickly are just two factors that determine the balance of priorities.As shown in the graphic opposite,within the detection and response domain 90%of respondents state that extended detection and response(XDR)and

101、 security orchestration and response(SOAR)are a medium or high priority.Many already have endpoint detection and response(EDR)deployed in their internal enterprise IT environment.The general direction of travel with XDR is two-fold.The first is to evolve endpoint-based frameworks to ingest,normalize

102、,correlate and act on data from the network as well as many other sources.The other is to extend the XDR framework from the enterprise IT domain into the network.TM Forum,2023CSPs investment priorities for XDR and SOAR in the next 2 years2%High Medium Low Not a priority at all51%40%7%21inform.tmforu

103、m.orgJustifying spendingThe graphic opposite depicts the factors that make it easiest to justify spending on new security tools in a telco SOC.Echoing the surveys findings about the top drivers for cybersecurity,enabling security posture to be more threat intelligence driven is perceived as the most

104、 valuable feature.Close behind is improving visibility across network assets.Its a lot easier to protect your assets effectively when you have granular visibility into exactly what(and where)they are.Telcos tend to have limited,if not poor,visibility into their assets,especially the vast sprawling e

105、state of their telecoms network assets.They may only have partial visibility incomplete information into many of their assets.They may have none at all into some of them.And the visibility they do have may not be centralized and viewable in any one place.In third place in terms of justifying spendin

106、g are tools that can drive a reduction in mean time to detection(MTTD)or mean time to respond(MTTR).Lowering these metrics is key to reducing the impact or“blast radius”of a cyberattack.These top justifications for investing in new tooling align well with the paramount importance of cyber risk manag

107、ement frameworks identified throughout the survey.For example,they all help to enable realistic quantifications of the probability and costs associated with specific incidents.Easiest way to justify investment in a new security tool in the SOCTM Forum,2023Enable security posture to be more threat in

108、telligence driven58%55%53%40%27%25%22%18%Increased threat complexityGrow revenuesSimplify the security architectureReduce costsIncreased automationReduce mean time to detection(MTTD)or mean time to respond(MTTR)Improve visibility across network assets22inform.tmforum.orgDesired tool featuresWithin a

109、 CSPs security organization,its useful to separate the function of SOC analysts,who look into specific threats,and the function of SOC engineers,who are responsible for the efficient operation of the SOC infrastructure.SOC analysts value extensive cross-platform visibility above all other enabling c

110、haracteristics of new security tools(see graphic).Its a baseline that they work from when investigating incidents a key building block in determining how much confidence they can have in the conclusions they reach.The second most popular feature is automating responses to low-risk threats.Alert fati

111、gue having to spend time manually addressing alerts that pose a low-level risk to the organization is a common barrier to efficiency in cybersecurity operations.It keeps security analysts from prioritizing higher-risk threats as effectively as they otherwise could and therefore undermines job satisf

112、action,which drives up analyst churn rates in a market where talent is scarce.The more the SOC can automate low-risk threats,the better it can be at detecting and mitigating higher-risk threats as well as retaining key security analysts.Integration of up-to-date threat intelligence features prominen

113、tly again.This time it shares third place with reduction of false positives alerts which incorrectly suggest a threat when there isnt one.Features SOC analysts value most60%EXTENSIVE,CROSS-PLATFORM VISIBILITYAUTOMATED RESPONSE TO LOW-RISK THREATS REDUCTION OF FALSE POSITIVES51%44%INTEGRATION OF UP-T

114、O-DATE THREAT INTELLIGENCE35%EXTENSIVE INGESTION&NORMALIZATION OF DATA THROUGHOUT THE ENVIRONMENT 44%31%USE CASE CUSTOMIZATION29%AI/MACHINE LEARNING 13%INTUITIVE USER EXPERIENCETM Forum,202323inform.tmforum.orgSimplification of the SOC architecture and ease of integration were identified as the feat

115、ures SOC engineers most value in new security tools.Simplification of the SOC architecture refers to factors such as the number of different vendors deployed in security operations by large organizations like CSPs.These often run into the several dozens,and more than a hundred is not uncommon.Its no

116、t uncommon,either,for architectural simplification requirements to result in the retirement of two legacy security tools being mandated as a condition for investing in one new one.Ease of integration refers to factors such as just how open a given vendors APIs are,hence how easy or not they are to i

117、mplement.The next section outlines some key steps operators can take to optimize cyber risk management and improve cybersecurity posture.Features SOC engineers value mostLOW CAPEX64%CONTRIBUTION TO SIMPLIFYING THE SOC ARCHITECTURE 62%EASE OF INTEGRATION35%EASE OF MAINTENANCE31%FLEXIBLE TOOLS ADOPTIO

118、N15%TM Forum,2023make it happen strategies for optimizing cyber risk managementsection 424inform.tmforum.org25inform.tmforum.orgRisk management is central to building a roadmap of people,processes and technology to harden a CSPs cybersecurity posture over time.Here are some key steps operators shoul

119、d take:Put risk management front and centerBuild a multi-phase roadmap for aligning cybersecurity strategy with risk management principles.Ensure tight alignment between the organizations capabilities and the goals targeted with each phase as well as with current and expected iterations in cybersecu

120、rity regulations targeting the telecoms sector.Engage with regulators and peersWork with government to ensure maximum possible alignment between the organizations goals and future regulations and to ensure that proposals that prescribe the means of achieving goals are well suited to achieving them i

121、n practice.Collaborate closely with CSP peers to both reduce the investment of time in navigating regulatory requirements as well as present a common industry position to regulators on key issues.Integrate cyber threat intelligence everywhereCyber threat intelligence should be pervasive throughout t

122、he organization,and this needs to go well beyond simply improving the flow of relevant and up-to-date threat intelligence in day-to-day cybersecurity operations.Collaborative threat modeling requires that business leaders engage cybersecurity leaders early in the cycle of launching a new product,ent

123、ering a new market or engaging with a new business partner.This allows for a granular risk assessment at the outset of the project,when its easiest to minimize risk,rather than halfway through when adjustments tend to be more complex and costly.Cyber threat intelligence should be pervasive throughou

124、t the organization.26inform.tmforum.orgEnsure alignment of the CISOs role with cyber risk management principles.Align the CISO role with risk management goalsA CISO shouldnt be reporting to a technology leader like a CTO or CIO these days because their reporting line should focus on the goal of miti

125、gating cybersecurity risk to the business.Whatever the reporting line,ensure alignment of the CISOs role with cyber risk management principles.Consider the wider impact of new security toolsEnsure adequate consideration of how new tools contribute to the organizations broader security posture as wel

126、l as their effectiveness for the specific role assigned to them to maximize return on investment(ROI).The contribution that security tools make to broader network visibility and a cybersecurity posture thats led by threat intelligence are good examples.tm forum open digital framework27inform.tmforum

127、.orgThe TM Forum Open Digital Framework provides a migration path from legacy IT systems and processes to modular,cloud native software orchestrated using AI.The framework comprises tools,code,knowledge and standards(machine-readable assets,not just documents).It is delivering business value for TM

128、Forum members today,accelerating concept-to-cash,eliminating IT and network costs,and enhancing digital customer experience.Developed by TM Forum members through our Collaboration Community and Catalyst proofs of concept and building on TM Forums established standards,the Open Digital Framework is b

129、eing used by leading service providers and software companies worldwide.Core elements of the Open Digital FrameworkThe framework comprises TM Forums Open Digital Architecture(ODA),together with tools,models and data that guide the transformation to ODA from legacy IT systems and operations.Open Digi

130、tal Architecture Architecture framework,common language and design principles Open APIs exposing business services Standardized software components Reference implementation and test environmentTransformation tools Guides to navigate digital transformation Tools to support the migration from legacy a

131、rchitecture to ODAMaturity tools&data Maturity models and readiness checks to baseline digital capabilities Data for benchmarking progress and training AIGoals of the Open Digital FrameworkThe Open Digital Framework aims to transform business agility(accelerating concept-to-cash from 18 months to 18

132、 days),enable simpler IT solutions that are easier and cheaper to deploy,integrate and upgrade,and to establish a standardized software model and market which benefits all parties(service providers,vendors and systems integrators).A blueprint for intelligent operations fit for the 5G eraLearn more a

133、bout collaborationIf you would like to learn more about the project or how to get involved in the TM Forum Collaboration Community,please contact George Glass.28inform.tmforum.orgtm forum research reports29inform.tmforum.org30inform.tmforum.orgAuthor Mark Newman,Chief AnalystEditor Ian Kemp,Managing

134、 EditorSponsored byREPORTNext-generation telcoREPORT COVERCALL TO ACTIONAuthors and editors:xxxxxxknowledgeREPORTSponsored by:for integrationsetting new standardsDIGITAL ECOSYSTEMSImage used on tileReport CoverKey WordsBridging boundaries with common standardsWorking together Handing over common sta

135、ndards to each otherLogistics chainsCooperationJune 2022|www.tmforum.orgAuthor:Dr.Mark H.Mortensen,Contributing AnalystEditor:Dawn Bushaus,Contributing EditorDIGITAL ECOSYSTEMS setting new standards for integrationsponsored by:on theedgeREPORTMEC:operatorsAuthors:Sponsored by:Rob van den Dam,Contrib

136、uting AnalystAnne Morris,Contributing AnalystEditor:Ian Kemp,Managing EditorJune 2022|inform.tmforum.orgREPORTSponsored by:Author:Annie TurnerEditor:Dawn BushausISBN:978-1-955998-27-7can telcos the into the future:August 2022|www.tmforum.orgAuthors:Annie Turner,Contributing AnalystDean Ramsay,Princi

137、pal AnalystEditors:Ian Kemp,Managing Editor Dawn Bushaus,Contributing EditorREPORTAuthors:Sponsored by:Dean Ramsay(Principal Analyst)Editor:Ian KempISBN:000 from toautonomous networks:August 2022|www.tmforum.orgAuthor:Dean Ramsay,Principal AnalystEditor:Ian Kemp,Managing Editorsponsored by:August 20

138、22|www.tmforum.orgAuthor:Ed Finegold,Contributing AnalystEditor:Dawn Bushaus,Contributing Editorsponsored by:Ed Finegold,Contributing Analyst,TM ForumIan Kemp,Managing Editor,TM ForumAnnie Turner,Contributing Analyst,TM ForumEditors:Author:Sponsored by:September 2022|www.tmforum.orgAuthor:Ed Finegol

139、d,Contributing AnalystEditors:Ian Kemp,Managing EditorAnnie Turner,Contributing Editorsponsored by:Ed Finegold,Contributing Analyst,TM ForumIan Kemp,Managing Editor,TM ForumAnnie Turner,Contributing Analyst,TM ForumEditors:Author:Sponsored by:BENCHMARKAuthors:Sponsored by:Mark Newman,Chief Analyst,T

140、M ForumDean Ramsay,Principal Analyst,TM ForumEditor:Ian Kemp,Managing Editor,TM Forumgrowth:taking it tothe next leveltelco revenueTM Forum|October 2022October 2022|www.tmforum.orgAuthor:Teresa Cottam,Contributing AnalystEditor:Dawn Bushaus,Contributing Editorsponsored by:from transformationDIGITAL

141、OPERATIONS MATURITY:achieving business valueREPORTAuthors:Dean Ramsay,Principal Analyst Rahul Gupta,Senior AnalystEditor:Ian Kemp,Managing EditorSPONSORED BY:November 2022|inform.tmforum.org5Gcore:exploring CSPapproachesREPORTAuthor:Mark Newman,Chief AnalystEditor:Ian Kemp,Managing EditorSponsored b

142、y:Supported by:evolvingfor future servicesbusiness support systems December 2022|inform.tmforum.orgREPORTAuthor:Joanne Taafe,Editor in Chief,InformEditor:Ian Kemp,Managing Editor,TM ForumSponsored by:thesustainable telco:engineeringnetworks for net zeroDecember 2022|inform.tmforum.orgOctober 2022|ww

143、w.tmforum.orgAuthor:Rahul Gupta,Senior AnalystEditor:Ian Kemp,Managing Editorsponsored by:mainframemodernization:charting a course to cloud nativeREPORTAuthors:Mark Newman,Chief Analyst,TM ForumDawn Bushaus,Contributing Analyst,TM ForumSponsored by:Editor:Ian Kemp,Managing Editor,TM Forumestablishin

144、g links:platform models in the Open API economy March 2023REPORTAuthor:Sponsored by:Teresa Cottam,Contributing AnalystDawn Bushaus,Contributing Editorcounterusing AI to improve customer experienceintelligenceBENCHMARKAuthors:Mark Newman,Chief Analyst,TM ForumDawn Bushaus,Contributing Analyst,TM Foru

145、mJoanne Taafe,Editor in Chief,InformEditor:Ian Kemp,Managing Editor,TM ForumSponsored by:a roadmap fortelecomsgrowthTM Forum|March 2023Asia-PacificREPORTAuthor:Ed Finegold,Contributing AnalystDawn Bushaus,Contributing EditorTM Forum|May 2023who does what and can CSPs compete for more?partner ecosyst

146、ems:REPORTEditor:Author:Sponsored by:Dean Ramsay,Principal Analyst,TM ForumIan Kemp,Managing Editor,TM Forummakingwaves:the future for Open RAN technologyJune 2023|inform.tmforum.orgREPORTDigital Transformation Tracker 7 with automation and Author:Dawn Bushaus,Contributing EditorEditor:Ian Kemp,Mana

147、ging EditorSponsored by:TM Forum|June 2023cutting complexity AICSPs take key steps to modernize network inventoryREPORTAuthor:Mark MortensenEditor:Dawn BushausISBN:Sponsored by:June 2023|www.tmforum.orgAuthor:Dr.Mark H.Mortensen,Contributing AnalystEditor:Dawn Bushaus,Contributing Editorsponsored by

148、:Sponsored by:Author:Editor:ISBN:REPORTtransformingBSS:racing to a flexible,customer-focused futureJune 2023|www.tmforum.orgAuthor:Teresa Cottam,Contributing AnalystEditor:Ian Kemp,Managing Editorsponsored by:Sponsored by:Author:Editor:ISBN:REPORTstandout strategies:how telcos are innovating in a cr

149、owded marketJune 2023|www.tmforum.orgAuthor:Mark Newman,Chief AnalystEditor:Ian Kemp,Managing Editorsponsored by:REPORTSponsored by:leveling up:Author:Mark Mortensen,Contributing AnalystEditor:Dawn Bushaus,Contributing Editor achieving Level 3 autonomous networks and beyondAugust 2023September 2023|

150、www.tmforum.orgAuthor:Dr.Mark H Mortensen,Contributing Analyst,TM ForumEditor:Dawn Bushaus,Contributing Editor,TM Forumsponsored by:REPORTSponsored by:leveling up:Author:Mark Mortensen,Contributing AnalystEditor:Dawn Bushaus,Contributing Editor achieving Level 3 autonomous networks and beyondAugust

151、2023BENCHMARKAuthors:Mark Newman,Chief AnalystDean Ramsay,Principal AnalystEditor:Ian Kemp,Managing EditorTM Forum|September 2023telcorevenuegrowth:time foroperators toplace new betsReignitingtelecoms growthAugust 2023|www.tmforum.orgsponsored by:Authors:Sangeet Paul Choudary,Platform Thinking LabsN

152、ik Willetts,CEO,TM ForumAnthony Rodrigo,CIO,AxiataDean Ramsay,Principal Analyst,TM Foruma Playbook for CEOsSeptember 2023|www.tmforum.orgAuthor:Mark Newman,Chief AnalystEditor:Dawn Bushaus,Contributing Editor sponsored by:wholesalechanges:rethinking support systemsfor new fiber operatorsSponsored by

153、:Author:Mark Newman Chief Analyst Editor:Dawn Bushaus,Contributing Editor REPORTrethinking support systems for new fiber operatorsSeptember 2023|URL TBCwholesalechanges:Sponsored by:Author:Mark Newman Chief Analyst Editor:Dawn Bushaus,Contributing Editor REPORTrethinking support systems for new fibe

154、r operatorsSeptember 2023|URL TBCwholesalechanges:August 2023|www.tmforum.orgAuthor:Ed Finegold,Contributing AnalystEditor:Ian Kemp,Managing Editorsponsored by:how software-as-a-serviceis reshaping business support systemsmeet the research&media team31inform.tmforum.orgPublished by:TM Forum 181 New

155、Road Suite 304 Parsippany,NJ 07054 USAwww.tmforum.orgPhone:+1 862-227-1648 ISBN:978-1-955998-66-6 Report Design:Paul Martin 2023.The entire contents of this publication are protected by copyright.All rights reserved.The Forum would like to thank the sponsors and advertisers who have enabled the publ

156、ication of this fully independently researched report.The views and opinions expressed by individual authors and contributors in this publication are provided in the writers personal capacities and are their sole responsibility.Their publication does not imply that they represent the views or opinio

157、ns of TM Forum and must neither be regarded as constituting advice on any matter whatsoever,nor be interpreted as such.The reproduction of advertisements and sponsored features in this publication does not in any way imply endorsement by TM Forum of products or services referred to therein.32inform.

158、tmforum.orgMeet the Research&Media teamReport Author:Patrick Donegan Principal Analyst HardenStanceChief Analyst:Mark Newman mnewmantmforum.orgPractice Lead:Dean Ramsay dramsaytmforum.orgHead of Operations:Ali Groves agrovestmforum.orgCommercial Manager:Tim Edwards tedwardstmforum.orgDigital Media C

159、oordinator:Maureen Adong madongtmforum.orgReport Editor:Dawn Bushaus Contributing Editor TM Forum Managing Editor:Ian Kemp ikemptmforum.org Editor in Chief,Inform:Joanne Taaffe jtaaffetmforum.orgGlobal Account Director:Carine Vandevelde cvandeveldetmforum.orgSponsor Success Manager:Maryssa Ramsey mramseytmforum.orgMarketing Manager:Ritika Bhateja rbhatejatmforum.org For more information about TM Forums Open Digital Architecture please contact George Glass