Securing Semtech’s (Formerly Sierra Wireless)Managed Connectivity Services and Mobile Virtual Network with Defense in Depth
As a leading provider of Managed Connectivity Services and a Mobile Virtual Network Operator (MVNO), Semtech (Formerly Sierra Wireless) oversees the secure operation of a complex critical infrastructure platform relied on by customers around the world. With customers relying on connectivity to maintain data communications with endpoints ranging from critical infrastructure, to mobile-connectivity for first responders, to border-crossing cargo shipments that require asset tracking our teams take this responsibility seriously. We are proud to share some insight into some of the key measures we take to keep our customers safe, secure, and connected, as well as how those measures fit into our broader strategy. First, some background.
What is a Mobile Virtual Network Operator?
A Mobile Virtual Network Operator, or MVNO, is a mobile communications provider that offers service to their customers using infrastructure owned and operated by a traditional Mobile Network Operator (MNO). Through this model, MVNOs can provide customers with additional value on top of mobile connectivity. As MVNOs can partner with multiple MNOs, they can offer customers one-stop connectivity that spans the operating areas of more than one MNO without the customer needing to manage each of the different carriers. This means that an MVNO can provide transparent service on a global scale, giving customers unmatched flexibility and efficiency. MVNOs can also offer customers a range of additional services for managing connectivity that go beyond what individual MNOs make available to customers.
What security threats do MVNOs face?
Due to an MVNO’s reliance on their partner MNOs for the infrastructure used for underlying connectivity, they are not responsible directly for the security of that telecommunications infrastructure. That responsibility falls to the MNO. Nonetheless, MVNOs face a threat landscape. To deliver their services, MVNOs need significant access to their MNO partner’s infrastructure, and attackers see MVNOs as a path to attempt to compromise the underlying mobile telecommunications infrastructure. Further, an attacker who can disrupt the operations of an MVNO can have a significant impact across the MVNO’s customers that exceeds the impact of affecting a single MNO. Examples of threats faced by an MVNO include:
Tampering with data in transit, impacting the integrity of information
Theft or disclosure of sensitive information transiting the MVNO
Disruption and interruption of services, denying communications to critical customers
Theft of customer and subscriber information from the MVNO, or destruction of customer data
How has Semtech responded to these threats?
Semtech has implemented a robust cybersecurity and resilience program across our MVNO footprint with focused investment in tools, technologies, strong practices, and training. Combined with around-the-clock monitoring, layered resilience, and business continuity practices, this gives Semtech the depth of defense needed to combat today’s threats and tomorrow’s.
Semtech’s Strategy for Protecting Our Customers and MVNO Infrastructure
Defense in Depth
Semtech recognizes that there is no single measure or practice that is going to ensure that our MVNO operates with the level of security our customers need and expect. Reflecting the myriad types of threats previously described, we employ a Defense in Depth strategy built on a range of different technologies. Our cybersecurity partners, all industry leaders, provide us with the tooling and systems we need, and enable the following capabilities:
24x7 Managed Endpoint Detection and Response (EDR) – monitoring and actively responding to threats within our infrastructure
Web Application Firewalls – Intelligently monitoring network traffic and actively preventing high risk or suspicious activity
Telecommunications-specific cybersecurity appliances designed to protect cellular-related network protocols
Vulnerability Scanners – Ongoing, regular scanning of internal and externally facing infrastructure for vulnerabilities and risks
Active Asset Detection & Management – Centralized aggregation of asset data with a wide range of data sources from across our footprint, supporting risk detection and asset management
Secure Practices
Cybersecurity, particularly for complex entities like MVNOs, is not solely about the use of industry leading technologies. Secure practices must be leveraged during the design, implementation, and operation of the infrastructure to provide robust protection and to get the maximum security value from technical controls and capabilities. Some of the key operational and architectural practices used by Semtech’s MVNO include:
Workload isolation and segregation – Zero-trust VLAN design using leading-edge firewall protection to isolate workloads
Data Encryption – Use of Virtual Private Networks (VPN) to encrypt partner and carrier connectivity, as well as encryption of data at rest
System Hardening - Operating System and Shell Hardening following Center for Internet Security (CIS) Version 8 guidance
Lifecycle Management – Workflows and practices in place to ensure that systems and infrastructure remain current and supported
Vulnerability and Patch Management – regular operational practices to monitor for vulnerabilities and threats, and applying patches and mitigation measures in a timely manner
Reducing Human-Vulnerability
Recognizing that well-trained employees are a key part of keeping infrastructure secure, Semtech requires all employees to participate in mandatory cybersecurity training annually. Further advanced cybersecurity training is available for employees in cybersecurity-specific or sensitive roles. All workstations used by employees to interface with sensitive systems, including customer-facing platforms, are also deployed with security measures including 24x7 Managed EDR monitoring and response, network layer web filtering and threat prevention, and advanced Multi-Factor Authentication (MFA). These measures help our employees do their jobs in the most secure way possible.
Business Continuity and Resilience
Physical data centers are all Tier 2 data center compliant. To achieve high availability, multiple geographically dispersed data centers run in an active-active configuration with multiple instances of underlying services similarly configured. This provides continuous services to our customers in a disaster or cyber event.
A robust backup strategy is a key part of the Semtech data protection policies. Backup and restoration centers around a combination of on- and off-premise data storage using data archiving techniques supporting immutability. Semtech policies further require regular testing of our backups to ensure the recoverability of data in the event of a disaster of any size. All backup solutions include rollback solutions.
Audits and Penetration Testing
Even after implementing all the technologies, operational practices, and policies referenced in this document, it is still critical to know if all your capabilities are operating as anticipated and with the expected operational impact. Semtech relies on regular security assessments and red team testing by recognized third parties to evaluate not just the presence of our controls but their effectiveness. Lessons learned from each successive testing engagement flow back into the workflows noted here, reinforcing strengths and ensuring any weaknesses are quickly addressed.
We engage a 3rd party security services provider at least once per year to perform an Internet facing vulnerability and penetration test.
MVNO-specific security audits are performed by a third party specializing in the unique and advanced infrastructure, protocols and architectures used by an MVNO to deliver services.
Semtech performs regular internal audits and security assessments as well, in addition to tracking our alignment with our selected industry security benchmarks.
Conclusion
Semtech is committed to delivering secure Managed Connectivity Services to our customers through the responsible operation of our MVNO infrastructure. Recognizing the numerous threats faced by MVNOs, Semtech employs a defense-in-depth security strategy built on industry-leading tools and recognized practices supported and verified by third-party assessments and audits. Together with security training and robust asset management, Semtech delivers efficient, reliable operation for our customers built on a secure foundation. As customer needs, telecommunications technologies, and threats continue to evolve, Semtech is resolved to continue maturing and evolving to keep pace and remain a trusted partner and provider for our customers.
- |
- +1 赞 0
- 收藏
- 评论 0
本文由FY转载自Sierra Wireless Blogs,原文标题为:Securing Semtech’s Managed Connectivity Services and Mobile Virtual Network with Defense in Depth,本站所有转载文章系出于传递更多信息之目的,且明确注明来源,不希望被转载的媒体或个人可与我们联系,我们将立即进行删除处理。
相关推荐
Sierra Wireless(司亚乐)通信模组/Wi-Fi & 蓝牙模组/GNSS模组选型表
型号- WP7608-1 GPS Q-M2M,1104197,1103383,HL7800 M1/NB1,EM7565 M2M,1104196,1104195,HL7845,1104194,1103783,1105043,1104198,1104231,EM7590,EM系列,XM1210,1104193,WP7702 GPS Q-M2M,WP7609 GPS Q-M2M,1104192,BC127-EXT-APTX,1103706,WP7607 R2C Q-M2M,1104918,1103708,WP7607-1 R2C GPS Q-M2M,1104912,RC7620 Q-M2M,RC7611 DO Q-M2M,1104186,WP7609 Q-M2M,1105036,WP7608 GPS Q-M2M,1105030,1103892,1103891,WP7610 GPS Q-M2M,WP系列,1104904,EM7511,1104628,1104903,WP7702 R2C GPS OCTAVE,BC127-APTX,EM7590 Q-M2M,1104743,1104742,EM7565 Q-M2M,1104902,1105039,1104866,WP7607 R2C GPS Q-M2M,1105023,1105024,1105025,EM7431 Q-M2M,1105026,1105020,EM9191 5G SUB6 FULL,1105021,RC7611,HL7802 M1/NB1/2G R2C,1105022,RC7611-1 DO Q-M2M,RC7630 R2C Q-M2M,RC系列,WP7610 Q-M2M,1105027,1104681,RC7620 GNSS Q-M2M,1104680,1104201,1104200,1104287,XS1110,EM7511 M2M CBRS,WP7611 R2C GPS Q-M2M,1103917,1104324,HL7800 R2C,1104686,1104323,XA1110,1104846,1104208,1104207,1104328,HL7800,RC7630-1 R2C GNSS Q-M2M,1104274,1104795,WP7608 Q-M2M,1104277,WP7611-1 R2C Q-M2M,1104671,BC127 V3,EM9291,HL7800-M,BC127,WP7605 GPS Q-M2M,RC7630 R2C GNSS Q-M2M,WP7611 R2C Q-M2M,1104557,1104314,1104796,EM7511 Q-M2M,1104715,1104956,1103746,1104559,1104558,1104263,MC系列,1104262,1104020,WP7611 DO R2C GPS Q-M2M,1103574,EM9191 5G SUB6,1104662,RC7611-1 DO GNSS Q-M2M,1104264,RC7611-1 DO R2C Q-M2M,RC7620-1 R2C GNSS Q-M2M,BC127-CVC,1104828,WP7607-1 R2C Q-M2M,WP7608-1 Q-M2M,1104826,BX3105,1104268,1104308,1104307,1104306,1104668,1105067,1105068,1104893,1104892,RC7620-1 Q-M2M,1105060,1105061,EM7690,1105062,1104818,1104938,1104937,RC7620-1 GNSS Q-M2M,1104898,EM7411 Q-M2M,EM7421 Q-M2M,1104895,1104813,1104812,HL7810,RC7611 DO GNSS Q-M2M,HL7812,1104486,RC7630-1 R2C Q-M2M,WP7702 R2C GPS OCTAVE Q,EM9190 5G SUB6,1104886,EM9190 5G SUB6 + MMWAVE,1104885,1104125,1104924,1104528,1104889,1104405,1104888,1104129
Semtech Corporation完成对Sierra Wireless的收购
Semtech Corporation收购,交易将LoRa®的超低功耗优势与蜂窝网络的更高带宽能力结合在一起,打造出全新的物联网云到芯片系统领导者,预计其物联网市场机会到2027年将增长约10倍,达到100亿美元。
Sierra Wireless LPWA模块 选型表
Sierra Wireless LPWA模块选型:Dimensions(mm):15mmx18mmx2.4mm和22mmx23mmx2.5mm;Bands:多种Bands;峰值下载率(Mbps/Gbps/Kbps):Cat-M 300Kbps,Cat-NB1 27Kbps,Cat-M1:300kbps,Cat-NB1:27kbps,Cat-M:590kbps,Cat-NB2:127kbps,Cat-M1 590Kbps,Cat-NB2 127Kbps;峰值上传速率(Mbps/Gbps/Kbps):Cat-M 375Kbps,Cat-NB1 65Kbps,Cat-M1:375kbps,Cat-NB1:65kbps,Cat-M:1100kbps,Cat-NB2:158kbps,Cat-M1 1100Kbps,Cat-NB2 158Kbps
产品型号
|
品类
|
Dimensions(mm)
|
Bands
|
Peak Download Rate(Mbps/Gbps/Kbps)
|
Peak Upload Rate(Mbps/Gbps/Kbps)
|
HL7800 M1/NB1_1104937
|
LPWA IoT Modules
|
15mmx18mmx2.4mm
|
LTE:B1,B2,B3,B4,B5,B8,B9,B10,B12,B13,B17,B18,B19,B20,B25,B26,B27,B28,B66
|
Cat-M 300Kbps,Cat-NB1 27Kbps
|
Cat-M 375Kbps,Cat-NB1 65Kbps
|
选型表 - Sierra Wireless 立即选型
Sierra Wireless 智能模块选型表
Sierra Wireless 智能模块选型:Dimensions(mm):22mmx23mmx2.5mm和51mmx30mmx3.6mm;Bands:多种Bands;峰值下载率(Mbps/Gbps/Kbps):10Mbps和150Mbps;峰值上传速率(Mbps/Gbps/Kbps):5Mbps和50Mbps
产品型号
|
品类
|
Dimensions(mm)
|
Bands
|
Peak Download Rate(Mbps/Gbps/Kbps)
|
Peak Upload Rate(Mbps/Gbps/Kbps)
|
RC7611 DO GNSS Q JVN._1105020
|
4G IoT Modules
|
22mmx23mmx2.5mm
|
LTE:B2,B4,B5,B12,B13,B14,B25,B26,B66,B71
|
150Mbps
|
50Mbps
|
选型表 - Sierra Wireless 立即选型
Sierra Wireless(司亚乐)GL系列IoT网关选型指南
型号- GL SERIES,GL7500,GL7600,GL7611,GL7812,GL7605
Sierra Wireless 移动宽带模块选型表
Sierra Wireless 移动宽带模块选型:Dimensions(mm):30mmx52mmx2.38mm,42mmx30mmx2.3mm和51mmx30mmx3.6mm;Bands:多种Bands;峰值下载率(Mbps/Gbps/Kbps):150Mbps~5.5Gbps;峰值上传速率(Mbps/Gbps/Kbps):50Mbps~3Gbps
产品型号
|
品类
|
Dimensions(mm)
|
Bands
|
Peak Download Rate(Mbps/Gbps/Kbps)
|
Peak Upload Rate(Mbps/Gbps/Kbps)
|
EM7411 Q-M2M_1104680
|
Mobile Broadband Modules
|
42mmx30mmx2.3mm
|
LTE:B2,B4,B5,B7,B12,B13,B14,B25,B26,B41,B42,B43,B48,B66,B71
|
300Mbps
|
150Mbps
|
选型表 - Sierra Wireless 立即选型
Sierra Wireless与世强控股的代理协议
描述- In August 2022, SIERRA WIRELESS, INC. and Sekorm Limited signed a DISTRIBUTION AGREEMENT.
AVIWEST Selects Sierra Wireless 5G New Radio Module for Mobile Ultra-High-Definition Video Encoders
Sierra Wireless announced that it‘s EM9191 5G New Radio module(5G NR module) has been integrated into mobile video encoders from AVIWEST, a leading provider of life and recorded video contribution systems.
Welcome the New Canadian Local Instance for Semtech (formerly Sierra Wireless) AirLink® Management Service (ALMS)
Sierra Wireless is thrilled to unveil the latest advancement in our suite of router solutions — the launch of a new Canadian local instance for the AirLink® Management Service (ALMS) platform. This is an expansion of the commitment to provide our Canadian customers with the most flexibility, security and control over their AirLink routers.
HIVE-ZOX Selects Sierra Wireless LPWA Module for Global Cold Chain Monitoring Solution
Sierra Wireless HL78 Series module integrated into HIVE-ZOX tracking solution, providing seamless global connectivity and real-time visibility of COVID vaccine shipments.
Sierra Wireless®MC系列嵌入式模块迷你卡外形尺寸数据表中的高速连接
描述- Sierra Wireless AirPrime® MC Series嵌入式模块提供高速连接,支持北美、欧洲和亚洲的最新4G和3G网络。这些模块适用于低功耗移动计算、网络和工业物联网应用。MC74xx系列允许设备制造商在板上存储多达三个不同的固件版本,而MC73xx则通过主机下载实现相同功能,简化了物流和供应链管理。
型号- MC7350,MC SERIES,HL7588,MC7304,MC7455,MC73XX,MC7354,MC7430
Rethinking Routers: A Fresh Take from Sierra Wireless
From the trailblazing XR series to the versatile RX55, Sierra Wireless introduced advanced 5G routers and 4G routers to the market. And let‘s not forget the favorites like the RV55 – a stalwart in the industrial sector – and MP70, a pioneer in mobile applications.
Sierra Wireless®HL系列嵌入式模块紧凑、灵活、经得起未来考验的2G、3G、4G和LPWA基本模块产品介绍
描述- Sierra Wireless AirPrime HL系列嵌入式模块提供紧凑、灵活且具有未来证明的2G、3G、4G和LPWA连接解决方案。该系列模块具备小型化设计,适用于各种无线移动网络,并支持无限空中固件更新服务。
型号- HL8549,HL8528,HL7648,HL7538,HL7549,HL7548,HL8548,HL7688,HL7588,HL7518,HL6528,HL7749,HL7528,HL7539,HL7748,HL8518,HL8529,HL7718,HL7618,HL SERIES,HL7692,HL7650,HL7690
EarthCam Selects Sierra Wireless AirLink® XR80 5G for World’s First Multi-Network 5G Camera System
Sierra Wireless AirLink® XR80 5G router integrated into new EarthCam solution enabling advanced live-streaming, safety and security analytic applications.
Experience the Sierra Wireless Refreshed AirLink® Router Portfolio of Mission-Critical Cellular Networking Solutions
All Sierra Wireless Pro routers are designed to operate reliably in harsh environments with high security and high performance. Pro routers come equipped with remote and real-time monitoring and access to expert technical support through Sierra Wireless AirLink services.
电子商城
现货市场
登录 | 立即注册
提交评论