Securing Semtech’s (Formerly Sierra Wireless）Managed Connectivity Services and Mobile Virtual Network with Defense in Depth

时间： 2024-04-20 来源：Sierra Wireless Blogs

技术问答

选型帮助

研发客服

商务客服

As a leading provider of Managed Connectivity Services and a Mobile Virtual Network Operator (MVNO), Semtech (Formerly Sierra Wireless） oversees the secure operation of a complex critical infrastructure platform relied on by customers around the world. With customers relying on connectivity to maintain data communications with endpoints ranging from critical infrastructure, to mobile-connectivity for first responders, to border-crossing cargo shipments that require asset tracking our teams take this responsibility seriously. We are proud to share some insight into some of the key measures we take to keep our customers safe, secure, and connected, as well as how those measures fit into our broader strategy. First, some background.

What is a Mobile Virtual Network Operator?

A Mobile Virtual Network Operator, or MVNO, is a mobile communications provider that offers service to their customers using infrastructure owned and operated by a traditional Mobile Network Operator (MNO). Through this model, MVNOs can provide customers with additional value on top of mobile connectivity. As MVNOs can partner with multiple MNOs, they can offer customers one-stop connectivity that spans the operating areas of more than one MNO without the customer needing to manage each of the different carriers. This means that an MVNO can provide transparent service on a global scale, giving customers unmatched flexibility and efficiency. MVNOs can also offer customers a range of additional services for managing connectivity that go beyond what individual MNOs make available to customers.

What security threats do MVNOs face?

Due to an MVNO’s reliance on their partner MNOs for the infrastructure used for underlying connectivity, they are not responsible directly for the security of that telecommunications infrastructure. That responsibility falls to the MNO. Nonetheless, MVNOs face a threat landscape. To deliver their services, MVNOs need significant access to their MNO partner’s infrastructure, and attackers see MVNOs as a path to attempt to compromise the underlying mobile telecommunications infrastructure. Further, an attacker who can disrupt the operations of an MVNO can have a significant impact across the MVNO’s customers that exceeds the impact of affecting a single MNO. Examples of threats faced by an MVNO include:

Tampering with data in transit, impacting the integrity of information
Theft or disclosure of sensitive information transiting the MVNO
Disruption and interruption of services, denying communications to critical customers
Theft of customer and subscriber information from the MVNO, or destruction of customer data

How has Semtech responded to these threats?

Semtech has implemented a robust cybersecurity and resilience program across our MVNO footprint with focused investment in tools, technologies, strong practices, and training. Combined with around-the-clock monitoring, layered resilience, and business continuity practices, this gives Semtech the depth of defense needed to combat today’s threats and tomorrow’s.

Semtech’s Strategy for Protecting Our Customers and MVNO Infrastructure

Defense in Depth

Semtech recognizes that there is no single measure or practice that is going to ensure that our MVNO operates with the level of security our customers need and expect. Reflecting the myriad types of threats previously described, we employ a Defense in Depth strategy built on a range of different technologies. Our cybersecurity partners, all industry leaders, provide us with the tooling and systems we need, and enable the following capabilities:

24x7 Managed Endpoint Detection and Response (EDR) – monitoring and actively responding to threats within our infrastructure
Web Application Firewalls – Intelligently monitoring network traffic and actively preventing high risk or suspicious activity
Telecommunications-specific cybersecurity appliances designed to protect cellular-related network protocols
Vulnerability Scanners – Ongoing, regular scanning of internal and externally facing infrastructure for vulnerabilities and risks
Active Asset Detection & Management – Centralized aggregation of asset data with a wide range of data sources from across our footprint, supporting risk detection and asset management

Secure Practices

Cybersecurity, particularly for complex entities like MVNOs, is not solely about the use of industry leading technologies. Secure practices must be leveraged during the design, implementation, and operation of the infrastructure to provide robust protection and to get the maximum security value from technical controls and capabilities. Some of the key operational and architectural practices used by Semtech’s MVNO include:

Workload isolation and segregation – Zero-trust VLAN design using leading-edge firewall protection to isolate workloads
Data Encryption – Use of Virtual Private Networks (VPN) to encrypt partner and carrier connectivity, as well as encryption of data at rest
System Hardening - Operating System and Shell Hardening following Center for Internet Security (CIS) Version 8 guidance
Lifecycle Management – Workflows and practices in place to ensure that systems and infrastructure remain current and supported
Vulnerability and Patch Management – regular operational practices to monitor for vulnerabilities and threats, and applying patches and mitigation measures in a timely manner

Reducing Human-Vulnerability

Recognizing that well-trained employees are a key part of keeping infrastructure secure, Semtech requires all employees to participate in mandatory cybersecurity training annually. Further advanced cybersecurity training is available for employees in cybersecurity-specific or sensitive roles. All workstations used by employees to interface with sensitive systems, including customer-facing platforms, are also deployed with security measures including 24x7 Managed EDR monitoring and response, network layer web filtering and threat prevention, and advanced Multi-Factor Authentication (MFA). These measures help our employees do their jobs in the most secure way possible.

Business Continuity and Resilience

Physical data centers are all Tier 2 data center compliant. To achieve high availability, multiple geographically dispersed data centers run in an active-active configuration with multiple instances of underlying services similarly configured. This provides continuous services to our customers in a disaster or cyber event.
A robust backup strategy is a key part of the Semtech data protection policies. Backup and restoration centers around a combination of on- and off-premise data storage using data archiving techniques supporting immutability. Semtech policies further require regular testing of our backups to ensure the recoverability of data in the event of a disaster of any size. All backup solutions include rollback solutions.

Audits and Penetration Testing

Even after implementing all the technologies, operational practices, and policies referenced in this document, it is still critical to know if all your capabilities are operating as anticipated and with the expected operational impact. Semtech relies on regular security assessments and red team testing by recognized third parties to evaluate not just the presence of our controls but their effectiveness. Lessons learned from each successive testing engagement flow back into the workflows noted here, reinforcing strengths and ensuring any weaknesses are quickly addressed.

We engage a 3rd party security services provider at least once per year to perform an Internet facing vulnerability and penetration test.
MVNO-specific security audits are performed by a third party specializing in the unique and advanced infrastructure, protocols and architectures used by an MVNO to deliver services.
Semtech performs regular internal audits and security assessments as well, in addition to tracking our alignment with our selected industry security benchmarks.

Conclusion

Semtech is committed to delivering secure Managed Connectivity Services to our customers through the responsible operation of our MVNO infrastructure. Recognizing the numerous threats faced by MVNOs, Semtech employs a defense-in-depth security strategy built on industry-leading tools and recognized practices supported and verified by third-party assessments and audits. Together with security training and robust asset management, Semtech delivers efficient, reliable operation for our customers built on a secure foundation. As customer needs, telecommunications technologies, and threats continue to evolve, Semtech is resolved to continue maturing and evolving to keep pace and remain a trusted partner and provider for our customers.

发送到邮箱 |
+1 赞 0
收藏
评论 0
| 转发至：

本文由FY转载自Sierra Wireless Blogs，原文标题为:Securing Semtech’s Managed Connectivity Services and Mobile Virtual Network with Defense in Depth，本站所有转载文章系出于传递更多信息之目的，且明确注明来源，不希望被转载的媒体或个人可与我们联系，我们将立即进行删除处理。

全部评论（0）

暂无评论

Sierra Wireless（司亚乐）通信模组/Wi-Fi & 蓝牙模组/GNSS模组选型表

描述- Sierra Wireless simplifies the IoT, delivering you the Connectivity, Modules, and Router Solutions you need to accelerate your data-driven transformation. For almost 30 years Sierra Wireless has led the cellular technology space, bringing a robust set of IoT Solutions to customers across the globe.

型号- WP7608-1 GPS Q-M2M,1104197,1103383,HL7800 M1/NB1,EM7565 M2M,1104196,1104195,HL7845,1104194,1103783,1105043,1104198,1104231,EM7590,EM系列,XM1210,1104193,WP7702 GPS Q-M2M,WP7609 GPS Q-M2M,1104192,BC127-EXT-APTX,1103706,WP7607 R2C Q-M2M,1104918,1103708,WP7607-1 R2C GPS Q-M2M,1104912,RC7620 Q-M2M,RC7611 DO Q-M2M,1104186,WP7609 Q-M2M,1105036,WP7608 GPS Q-M2M,1105030,1103892,1103891,WP7610 GPS Q-M2M,WP系列,1104904,EM7511,1104628,1104903,WP7702 R2C GPS OCTAVE,BC127-APTX,EM7590 Q-M2M,1104743,1104742,EM7565 Q-M2M,1104902,1105039,1104866,WP7607 R2C GPS Q-M2M,1105023,1105024,1105025,EM7431 Q-M2M,1105026,1105020,EM9191 5G SUB6 FULL,1105021,RC7611,HL7802 M1/NB1/2G R2C,1105022,RC7611-1 DO Q-M2M,RC7630 R2C Q-M2M,RC系列,WP7610 Q-M2M,1105027,1104681,RC7620 GNSS Q-M2M,1104680,1104201,1104200,1104287,XS1110,EM7511 M2M CBRS,WP7611 R2C GPS Q-M2M,1103917,1104324,HL7800 R2C,1104686,1104323,XA1110,1104846,1104208,1104207,1104328,HL7800,RC7630-1 R2C GNSS Q-M2M,1104274,1104795,WP7608 Q-M2M,1104277,WP7611-1 R2C Q-M2M,1104671,BC127 V3,EM9291,HL7800-M,BC127,WP7605 GPS Q-M2M,RC7630 R2C GNSS Q-M2M,WP7611 R2C Q-M2M,1104557,1104314,1104796,EM7511 Q-M2M,1104715,1104956,1103746,1104559,1104558,1104263,MC系列,1104262,1104020,WP7611 DO R2C GPS Q-M2M,1103574,EM9191 5G SUB6,1104662,RC7611-1 DO GNSS Q-M2M,1104264,RC7611-1 DO R2C Q-M2M,RC7620-1 R2C GNSS Q-M2M,BC127-CVC,1104828,WP7607-1 R2C Q-M2M,WP7608-1 Q-M2M,1104826,BX3105,1104268,1104308,1104307,1104306,1104668,1105067,1105068,1104893,1104892,RC7620-1 Q-M2M,1105060,1105061,EM7690,1105062,1104818,1104938,1104937,RC7620-1 GNSS Q-M2M,1104898,EM7411 Q-M2M,EM7421 Q-M2M,1104895,1104813,1104812,HL7810,RC7611 DO GNSS Q-M2M,HL7812,1104486,RC7630-1 R2C Q-M2M,WP7702 R2C GPS OCTAVE Q,EM9190 5G SUB6,1104886,EM9190 5G SUB6 + MMWAVE,1104885,1104125,1104924,1104528,1104889,1104405,1104888,1104129

选型指南 - SIERRA WIRELESS - 2022/10/11 PDF 中文下载

Sierra Wireless 智能模块选型表

Sierra Wireless 智能模块选型：Dimensions(mm):22mmx23mmx2.5mm和51mmx30mmx3.6mm；Bands:多种Bands；峰值下载率(Mbps/Gbps/Kbps):10Mbps和150Mbps；峰值上传速率(Mbps/Gbps/Kbps):5Mbps和50Mbps

产品型号	品类	Dimensions(mm)	Bands	Peak Download Rate(Mbps/Gbps/Kbps)	Peak Upload Rate(Mbps/Gbps/Kbps)
RC7611 DO GNSS Q JVN._1105020	4G IoT Modules	22mmx23mmx2.5mm	LTE:B2,B4,B5,B12,B13,B14,B25,B26,B66,B71	150Mbps	50Mbps

选型表 - Sierra Wireless 立即选型

Semtech Corporation完成对Sierra Wireless的收购

Semtech Corporation收购，交易将LoRa®的超低功耗优势与蜂窝网络的更高带宽能力结合在一起，打造出全新的物联网云到芯片系统领导者，预计其物联网市场机会到2027年将增长约10倍，达到100亿美元。

厂牌及品类发布时间 : 2023-02-07

Smart Grid Solution Provider Connects High-Profile Deployments with AirPrime® Embedded Modules A Sierra Wireless® Smart Grid Solution

成功案例 - SIERRA WIRELESS - 2016 . 07.14 PDF 英文下载

Sierra Wireless 移动宽带模块选型表

Sierra Wireless 移动宽带模块选型：Dimensions(mm):30mmx52mmx2.38mm,42mmx30mmx2.3mm和51mmx30mmx3.6mm；Bands:多种Bands；峰值下载率(Mbps/Gbps/Kbps):150Mbps~5.5Gbps；峰值上传速率(Mbps/Gbps/Kbps):50Mbps~3Gbps

产品型号	品类	Dimensions(mm)	Bands	Peak Download Rate(Mbps/Gbps/Kbps)	Peak Upload Rate(Mbps/Gbps/Kbps)
EM7411 Q-M2M_1104680	Mobile Broadband Modules	42mmx30mmx2.3mm	LTE:B2,B4,B5,B7,B12,B13,B14,B25,B26,B41,B42,B43,B48,B66,B71	300Mbps	150Mbps

选型表 - Sierra Wireless 立即选型

Sierra Wireless（司亚乐）GL系列IoT网关选型指南

描述- Essential IoT gateways that enable you to securely connect new or existing systems to any cellular network in the world and remotely monitor them in the field.

型号- GL SERIES,GL7500,GL7611,GL7600,GL7812,GL7605

选型指南 - SIERRA WIRELESS - V2 - March 23, 2022 PDF 英文下载

HIVE-ZOX Selects Sierra Wireless LPWA Module for Global Cold Chain Monitoring Solution

Sierra Wireless HL78 Series module integrated into HIVE-ZOX tracking solution, providing seamless global connectivity and real-time visibility of COVID vaccine shipments.

应用方案发布时间 : 2022-09-03

Sierra Wireless LPWA模块选型表

Sierra Wireless LPWA模块选型：Dimensions(mm):15mmx18mmx2.4mm和22mmx23mmx2.5mm；Bands:多种Bands；峰值下载率(Mbps/Gbps/Kbps):Cat-M 300Kbps,Cat-NB1 27Kbps，Cat-M1:300kbps,Cat-NB1:27kbps，Cat-M:590kbps,Cat-NB2:127kbps，Cat-M1 590Kbps,Cat-NB2 127Kbps；峰值上传速率(Mbps/Gbps/Kbps):Cat-M 375Kbps,Cat-NB1 65Kbps，Cat-M1:375kbps,Cat-NB1:65kbps，Cat-M:1100kbps,Cat-NB2:158kbps，Cat-M1 1100Kbps,Cat-NB2 158Kbps

产品型号	品类	Dimensions(mm)	Bands	Peak Download Rate(Mbps/Gbps/Kbps)	Peak Upload Rate(Mbps/Gbps/Kbps)
HL7800 M1/NB1_1104937	LPWA IoT Modules	15mmx18mmx2.4mm	LTE:B1,B2,B3,B4,B5,B8,B9,B10,B12,B13,B17,B18,B19,B20,B25,B26,B27,B28,B66	Cat-M 300Kbps,Cat-NB1 27Kbps	Cat-M 375Kbps,Cat-NB1 65Kbps

选型表 - Sierra Wireless 立即选型

Sierra Wireless® HL Series Embedded Modules Compact, Flexible, and Future Proof 2G, 3G, 4G, and LPWA Essential Modules Datasheet

型号- HL8549,HL8528,HL7648,HL7538,HL7549,HL7548,HL8548,HL7688,HL7588,HL7518,HL6528,HL7749,HL7528,HL7539,HL7748,HL8518,HL8529,HL7718,HL7618,HL SERIES,HL7692,HL7650,HL7690

数据手册 - SIERRA WIRELESS - 2017.11.22 PDF 英文下载

Welcome the New Canadian Local Instance for Semtech (formerly Sierra Wireless) AirLink® Management Service (ALMS)

Sierra Wireless is thrilled to unveil the latest advancement in our suite of router solutions — the launch of a new Canadian local instance for the AirLink® Management Service (ALMS) platform. This is an expansion of the commitment to provide our Canadian customers with the most flexibility, security and control over their AirLink routers.

产品发布时间 : 2024-07-04

Sierra Wireless与世强控股的代理协议

描述- In August 2022, SIERRA WIRELESS, INC. and Sekorm Limited signed a DISTRIBUTION AGREEMENT.

代理协议/证明 - SIERRA WIRELESS - 15 August 2022 PDF 英文下载

AVIWEST Selects Sierra Wireless 5G New Radio Module for Mobile Ultra-High-Definition Video Encoders

Sierra Wireless announced that it‘s EM9191 5G New Radio module（5G NR module） has been integrated into mobile video encoders from AVIWEST, a leading provider of life and recorded video contribution systems.

应用方案发布时间 : 2022-09-08

Rethinking Routers: A Fresh Take from Sierra Wireless

From the trailblazing XR series to the versatile RX55, Sierra Wireless introduced advanced 5G routers and 4G routers to the market. And let‘s not forget the favorites like the RV55 – a stalwart in the industrial sector – and MP70, a pioneer in mobile applications.

厂牌及品类发布时间 : 2023-12-22

Sierra Wireless Announces AirLink® RX55 Cellular Router Optimized for the Rapidly Expanding Industrial IoT

A new ultra-low-powered cellular router solution powered by AirLink OS enables next-generation networking capabilities for industry 4.0 applications. Sierra Wireless’ AirLink® RX55 LTE cellular router solution is expected to be available commercially in Q4 of 2022.

新产品发布时间 : 2022-09-21