cpl.thalesgroup.com
Open in
urlscan Pro
54.244.122.2
Public Scan
Submitted URL: https://www.cybersecurityinformer.com/edition/weekly-penetration-testing-artificial-intelligence-2024-02-17/?open-article-id=26491929&...
Effective URL: https://cpl.thalesgroup.com/blog/encryption/telco-api-security-thales-red-hat-solutions
Submission: On February 26 via api from US — Scanned from US
Effective URL: https://cpl.thalesgroup.com/blog/encryption/telco-api-security-thales-red-hat-solutions
Submission: On February 26 via api from US — Scanned from US
Form analysis 1 forms found in the DOM
GET /search
<form method="GET" action="/search">
<input type="text" class="search-input" name="search" placeholder="Let’s find what you’re looking for...">
<button type="submit" class="btn-default">Search</button>
</form>Text Content
node/41936
* Products
* Products
* Products Overview
* Data Security
* Data Security
* Data Security Overview
* Data Discovery & Classification
* Data at Rest Encryption
* Data at Rest Encryption
* Data at Rest Encryption
* Data Security Platform
* Transparent Encryption
* Encryption for Kubernetes
* Encryption UserSpace
* Application Data Protection
* Tokenization
* Data Protection Gateway
* Database Protection
* Batch Data Transformation | Static Data Masking
* Intelligent Protection
* Selecting the Right Encryption Approach
* Ransomware Protection
* Key Management
* Key Management
* Key Management
* CipherTrust Manager
* Data Security Manager
* CipherTrust Cloud Key Manager
* Enterprise Key Management
* CipherTrust Platform for DevOps
* CipherTrust Cloud Key Management Service
* Secrets Management
* Hardware Security Modules
* Hardware Security Modules
* Hardware Security Modules
* General Purpose HSMs
* Payment HSMs
* Luna Cloud HSM Services
* Data Protection on Demand
* Data Protection on Demand
* Data Protection on Demand
* Services
* How it Works
* Partners
* Pricing
* Sign Up Now
* Network Encryption
* Secure File Sharing
Risk Management Strategies for Digital Processes with HSMs
Security architects are implementing comprehensive information risk
management strategies that include integrated Hardware Security Modules
(HSMs). Reduce risk and create a competitive advantage.
Get the White Paper
* Application Security
Secure what matters most with Thales and Imperva
Applications help to drive digital transformation but traditional security
approaches can’t keep pace with dynamic environments. See how we can help
you protection applications and APIs anywhere.
Explore Application Security
Thales and Imperva Join Forces
Together, we are creating the worldwide leader in cybersecurity,
protecting more applications, data and identities than any other company
and enabling tens of thousands of organizations to deliver trusted digital
services to billions of consumers around the world every day.
Learn More
* Access Management & Authentication
* Access Management & Authentication
* Workforce IAM
* Workforce IAM
* Workforce IAM
* SafeNet Trusted Access
* SAML Authentication
* Gig Workers Identity
* Identity-as-a-Service
* Cloud SSO
* Case Studies
* Demo
* Free Trial
* Customer IAM
* Customer IAM
* Customer IAM
* Capabilities
* Resources
* Case Studies
* Demo
* Request a Quote
* B2B IAM
* Authentication
* Authentication
* Authentication
* Authentication as a Service
* Authenticators
* Certificate-Based PKI USB Authenticators
* Certificate-Based Smart Cards
* FIDO Devices
* OTP Authenticators
* Tokenless Authentication
* On-Prem Management Platforms
* Security Apps
* Smart Card Readers
* Passwordless Authentication
Access Management Handbook
Get everything you need to know about Access Management, including the
difference between authentication and access management, how to leverage
cloud single sign on.
Get the eBook
* Software Monetization
* Software Monetization
* Software Monetization Overview
* License Management
* Entitlement Management
* Rights Management System
* Software License & Copy Protection
* All Software Monetization Products
How to get SaaS Software Licensing Right the First Time
Explore the software licensing lifecycle, and how to build a
cross-functional licensing team.
Get the eBook
How We Can Help
You can rely on Thales to help protect and secure access to your most
sensitive data and software wherever it is created, shared or stored.
2023 Data Threat Report
Perspectives and Pathways to Sovereignty and Transformation
What are the top security targets? Discover the answers in our comprehensive
annual report.
Get Your Copy Today
* Solutions
* Solutions
* Solutions Overview
* By Use Case
* By Use Case
* 5G Security
* Access Security
* Access Security
* Access Security
* Secure Remote Access
* Secure VPN Access
* Secure Cloud Access
* VDI Security Solutions
* 2FA Solutions
* Web and Cloud SSO
* Physical & Logical Access Control
* MFA for Cyber Insurance
* Blockchain
* Cloud Security
* Cloud Security
* Cloud Security
* Amazon Web Services
* Bring Your Own Encryption (BYOE)
* Cloud Data Encryption
* Cloud SSO
* Google Cloud
* Luna HSMs – Hybrid, On-Premises and Cloud HSM
* Microsoft Azure
* Microsoft Double Key Encryption (DKE)
* Multi-Cloud Security
* Oracle Cloud Infrastructure
* Your Data Their Cloud
* Data Security & Encryption
* Data Security & Encryption
* Data Security & Encryption
* Advanced Persistent Threats (APTs)
* Big Data Security
* Database Security and Encryption
* Docker Encryption
* Encryption for Kubernetes
* Encryption UserSpace
* MongoDB Encryption
* MS SQL Server Encryption
* NoSQL Encryption
* Oracle Database Encryption
* PostgreSQL Database Encryption
* SAP Data Security
* Securing Unstructured Files
* TDE Key Management
* Virtual Environment Security
* Data Sovereignty
* Digital Transformation
* IoT Security
* IoT Security
* IoT Security
* Smart Grid Security
* IoT Connected Car
* IoT Secure Manufacturing
* IoT Healthcare
* Payment & Transactions
* Payment & Transactions
* Payment & Transactions
* Secure Payments
* Point-to-Point Encryption
* Document Signing
* EMV & Payment Card Issuance
* Host Card Emulation
* Mobile Card Payments
* mPOS
* Payment Processing
* Secure Credit Card & Pin Management
* PKI Credential Management
* PKI Credential Management
* PKI Credential Management
* PKI Middleware
* PKI Authentication
* PKI Security
* PKI Security Solutions
* PKI Security Solutions
* PKI Security Solutions
* TLS/SSL Key Security
* Code Signing
* Secure Digital Signatures
* Electronic Invoicing
* DNS Security
* Email Encryption
* Quantum
* Quantum
* Quantum
Are You Post-Quantum Ready?
Although post-quantum is projected to be a few years away, an
enterprise must start planning today to be post-quantum ready. Take
this free risk assessment to learn if your organization is at risk of a
post-quantum breach.
TEST YOUR QUANTUM READINESS
* Ransomware Solutions
* Remote Workforces Challenges
* Software Monetization
* Software Monetization
* Software Monetization
* Software License Management
* Entitlement Management
* Software Packaging & Pricing
* Software Usage Tracking & Reporting
* Software Protection & Licensing
* Capture Revenue Opportunities
* Zero Trust Security
Best Practices for Secure Cloud Migration
It's a Multi-Cloud World. Thales can help secure your cloud migration.
GET THE WHITE PAPER
* By Industry
* By Industry
* Automotive
* Critical Infrastructure
* Education
* Government
* Government
* Government
* Federal Government
* State and Local Government
* Law Enforcement
* Financial Services
* Healthcare
* Insurance Providers
* Manufacturing and Industrial
* Media and Entertainment
* Retail
* SaaS Providers and Consumers
* Telecommunications
2024 Thales Digital Trust Index
The 2024 Thales Consumer Digital Trust Index Report aims to empower
individuals and organizations to own their role in protecting their
cyberspace from data breaches.
GET THE REPORT
* By Compliance
* By Compliance
* Global
* Global
* Basel Compliance Solutions
* Data Breach Notification Laws
* Data Sovereignty
* GDPR
* ISO 27799:2016 Compliance
* ISO/IEC 27002:2013 Compliance
* PCI DSS
* PCI HSM
* Swift CSC
* Validations and Certifications
* Americas
* Americas
* Brazil - LGPD
* CCPA (California Consumer Privacy Act)
* CJIS
* FDA/DEA - EPCS
* FedRamp
* FISMA
* FIPS 199 and FIPS 200
* FIPS 140-2
* FIPS 140-3
* GLBA
* HIPAA
* Mexico - Data Protection Law
* NAIC Insurance Data Security Model Law Compliance
* New York State Cybersecurity Requirements for Financial Services
Companies Compliance
* NCUA Regulatory Compliance
* NIST 800-53, Revision 4
* PIPEDA Compliance
* SOX
* STIR/SHAKEN
* EMEA
* EMEA
* DEFCON 658
* DORA
* ECC
* eIDAS
* GDPR
* NIS2
* PSD2
* Schrems II
* South Africa POPI Act
* APAC
* APAC
* Australia ASIC Market Integrity Rules
* Australia APRA CPS234
* Australia Privacy Amendment
* Bangladesh ICT Security Guideline
* China Personal Information Security Specification
* Hong Kong Practice Guide for Cloud Computing Security
* Hong Kong Secure Tertiary Data Backup (STDB) Guideline
* Hong Kong Virtual Asset Trading Platforms Operators Guideline
* India Framework for Adoption of Cloud Services by SEBI
* Indonesia Personal Data Protection Law
* Japan Act on Protection of Personal Information
* Japan My Number Compliance
* J-Sox
* Korea Personal Information and Information Security Management
System (ISMS-P)
* Monetary Authority of Singapore
* Philippines Data Privacy Act of 2012
* Risk Management in Technology (RMiT) Policy
* Singapore Public Sector Data Security
* Singapore CCoP2.0
* South Korea's PIPA
* UIDAI's Aadhaar Number Regulation Compliance
* Vietnam Personal Data Protection Decree
Protect Your Organization from Data Breach Notification Requirements
Data breach disclosure notification laws vary by jurisdiction, but almost
universally include a "safe harbor" clause.
LEARN MORE
Solutions to Secure Your Digital Transformation
Whether it's securing the cloud, meeting compliance mandates or protecting
software for the Internet of Things, organizations around the world rely on
Thales to accelerate their digital transformation.
Implementing Strong Authentication for Office 365
Mitigate the risk of unauthorized access and data breaches.
Learn More
* Partners
* Partners
* Partners Overview
* Find a Partner
* Become a Partner
* Channel Partners
* Managed Service Providers
* Technology Partners
* OEM Partners
* Advisory Partners
* Cloud Partners
* Partner Portal Login
Thales Accelerate
Partner Network
Thales Partner Ecosystem includes several programs that recognize, rewards,
supports and collaborates to help accelerate your revenue and differentiate
your business. Provide more value to your customers with Thales's Industry
leading solutions. Learn more to determine which one is the best fit for you.
The Thales Accelerate Partner Network provides the skills and expertise
needed to accelerate results and secure business with Thales technologies.
Get the Brochure
* Developers
* Resources
* Area of Interest
* Data Security
* Resource Type
* White Papers
* eBooks
* Case Studies
* Infographics
* Webinars
* Videos
* Security Research
* Podcasts
* TalkingTrust Video Series
Gartner Report: Select the Right Key Management as a Service to Mitigate
Data Security and Privacy Risks in the Cloud
Organizations must review their protection and key management provided by
each cloud service provider.
Get the Report
* Access Management
* Resource Type
* White Papers
* eBooks
* Case Studies
* Infographics
* Webinars
* Videos
* Security Research
* Podcasts
Gartner Authentication Report for IAM and SRMs Explores Authentication
Token Insights
Identify the most effective user authentication methods for your security
and risk management strategy in this Gartner research.
Get the Report
* Software Monetization
* Resource Type
* Blog
* FAQ
* White Papers
* Case Studies
* Infographics
* Webinars
* Learning Hub
How to get SaaS Software Licensing Right the First Time
Explore the software licensing lifecycle, and how to build a
cross-functional licensing team.
Get the eBook
* Blog
Explore Thales's comprehensive resources for cloud, protection and licensing
best practices.
A Global Leader in Data Security
The largest companies and most respected brands in the world rely on Thales
to protect their most sensitive data.
GET THE BROCHURE
*
* Support
* Customer Support
* Software Monetization
* Drivers & Downloads
* Security Updates
* Product Announcements / Training
* Customers
* Activate a Product / Support Portal
* Data Protection
* Security Updates
* Product Announcements
* Training Services
* Technical Training Calendar
* Professional Services
* About
* About Us
* Leadership
* Newsroom
* News Coverage
* Events
* Customers
* Industry Associations & Standards Organizations
* Careers
* Thales + Imperva
* Contact Us
* Contact Encryption
* Contact Access Management
* Contact Software Monetization
THALES BLOG
HOW THALES AND RED HAT PROTECT TELCOS FROM API ATTACKS
FEBRUARY 22, 2024
Melody Wood | Partner Solutions Marketing Manager, Thales More About This Author
>
Application programming interfaces (APIs) power nearly every aspect of modern
applications and have become the backbone of today’s economy. Every time you
send a mobile payment, search for airline flight prices, or book a restaurant
reservation - you are using an API. Unfortunately, API attacks are increasing as
vectors for security incidents. In particular, the Telcom industry has fallen
victim to several high-profile API attacks. In this blog, we will explain the
unique data security challenges for Telcos and three ways how both Thales and
Red Hat can help them protect against future API attacks.
WHAT ARE APIS?
APIs are software intermediaries that enable two software components to
communicate with each other. The information exchanged usually follows a set of
definitions and protocols. For example, if you book a restaurant reservation
online, you will see enough information exposed to know if certain timeslots and
tables are available. However, you would not be able to access the restaurants
more sensitive data such as their financial, employee, or tax records. This
illustrates how a customer is allowed to access a selected portion of the
restaurant's business information they have chosen to expose via an API.
WHY HAVE APIS BECOME RIPE ATTACK VECTORS?
APIs have also become an increasingly popular attack vector for many reasons,
including organizational sprawl and an ever-changing attack surface. Most API
attacks are the result of credential theft.
When an organization’s APIs are attacked, it can often be difficult to detect
for weeks or months. By that point, the threat actors usually have succeeded in
exfiltrating data, taking control of systems, and disrupting critical operations
often costing millions of dollars in revenue losses. Additionally, companies
often incur additional setbacks with reputation damage, steep financial fines,
and regulatory penalties.
WHAT ARE TELCOS PARTICULARLY VULNERABLE TO API ATTACKS?
Over the past year, the Telecom industry has suffered some massive, high-profile
data breaches — all of which happened by exploiting unprotected APIs. These
include breaches on major operators such as T-Mobile.
Telecoms are particularly vulnerable to API attacks for several reasons.
Massive IT Footprints: Most Telcos usually have very large IT environments to
support their subscriber bases, which often ranges from tens of thousands to
millions of users. These large subscriber bases in turn generate massive data
volumes. These volumes are in turn managed by numerous applications and other IT
solutions. As a result, these enormous IT infrastructures are extremely
challenging to govern and secure.
Complex Environments: Telcos often have legacy equipment and services they
support to run their core, mobile, and access networks. This is further
complicated by the variety of vendors, standards, and service-level agreements
(SLAs) they also need to support. The more variations in the environment, the
more complicated it is to manage.
Legacy Technology Clashes: Most Telcos have very large legacy IT footprints.
This unfortunately does not always integrate well with more modern technologies
such as containerized or Kubernetes-based cloud-native applications.
Highly Coveted Data: Telcos manage lots of valuable data. This could include
Personally Identifiable Information (PII) of their subscribers or even their
payment information. Additionally, in some geographies Telecoms are tightly
coupled with critical government infrastructure operations. In this capacity,
they manage highly sensitive and high-stakes data coveted by cyber-criminals and
terrorist organizations.
Security Expertise Deficit: IT security is still very much a learning curve for
the Telco sector at large, making it difficult for them to get ahead of the
current threat landscape.
Revenue Incentives: Telcos have been rapidly embracing API developments to
expose new services, as a new revenue stream for their organizations. However,
delivering this value to their customers is a double-edged sword, as this both
creates monetization opportunities yet also comes with a new set of inherent
security risks by exposing their Network Functionality (NF) and data in new
ways.
3 WAYS TELCOS CAN BOLSTER DATA SECURITY
Often the biggest barrier to Telcos protecting their critical data is the lack
of security knowledge required and also the need to often re-write application
code. Together, both Thales and Red Hat offer solutions to overcome some of
these data protection and management challenges.
1 – ENCRYPT DATA AT REST
To prevent data leakage, unauthorized access, and physical theft organizations
are increasingly looking to secure data at rest. Encrypting this data with
Thales CipherTrust Transparent Encryption (CTE) secures files and documents,
ensuring that only those with authorized encryption keys can access them. CTE
delivers data-at-rest encryption with centralized key management, privileged
user access control, and detailed data access audit logging to protect data on
premises, across multiple clouds, and in containerized environments. Thales CTE
secures data in persistent volumes running on Red Hat OpenShift, a unified
platform to build, modernize, and deploy applications at scale. With this
integration, both Red Hat and Thales enable telco and cloud service providers to
quickly harness the power of 5G across their cloud, edge, and legacy
environments while steadfastly protecting sensitive data.
2 - PROTECT DATA TO ANY RESTFUL WEB SERVICE OR MICROSERVICE USING REST APIS
The Thales Data Protection Gateway (DPG) protects data passing across TLS
channels from Point A to Point B by encrypting the data itself. Encryption
ensures the data itself cannot be accessed, even if intercepted during a
“Man-in-the-Middle” attack. DPG performs data security operations transparently
on behalf of the application, but without changing the application or requiring
any code changes. DPG can be easily applied to existing Telco environments using
REST API services or micro-services as either a standalone gateway for legacy
applications or as a container “sidecar” running in Kubernetes for newer
cloud-native applications managed by Red Hat OpenShift.
3 –SECURE YOUR ENCRYPTION KEYS, THE ROOT OF TRUST FOR APPLICATIONS
Hardware Security Modules (HSMs) tend to work behind the scenes when it comes to
protecting APIs or API endpoints. First and foremost, HSMs confirm the
legitimacy of the API endpoint by protecting the endpoint’s TLS certificate.
This ensures the calling application can trust the API endpoint and that they’re
not talking to a rogue API. Secondly, HSMs can also protect code signing keys,
to provide confidence that the software or containers deployed are legitimate
and from a trusted source.
Both legacy and container-based applications running in Red Hat OpenShift can be
secured from credential breaches by protecting their cryptographic keys with
Thales Luna HSMs. Using Luna HSMs provide a secure root of trust, for some of
the most security-conscious organizations in the world by securely managing,
processing, and storing encryption keys inside a FIPs-validated, hardened, and
tamper-resistant device. Using Luna HSMs to secure 5G VNFs, protect PKI-based
infrastructure, subscriber authentication, identity and privacy can also help
Telcos meet industry compliance and government regulatory mandates for data
privacy and consumer protection.
THALES AND RED HAT INTEGRATION OVERVIEW
CONCLUSION
While APIs are the largest and most vulnerable attack surface for Telcos,
measures can be taken to protect against breaches and secure their critical
data. Together, both Thales and Red Hat can help Telcom providers overcome the
security and management obstacles challenging their IT departments. To learn
more about how Thales can help protect Telco environments, visit our booth (Hall
2, Stand 2J30) at the upcoming Mobile World Congress in Barcelona , taking place
February 26th – 29th.
RELATED ARTICLES
Previous
January 30, 2024
HOW 5G OPERATORS CAN PREPARE FOR THE QUANTUM ERA
January 25, 2024
PROTECTING AGAINST THE RISKS AND MANAGING THE COMPLEXITIES OF A QUANTUM WORLD
WITH THALES AND IBM CONSULTING
December 19, 2023
RANSOMWARE SANCTIONS: DO THEY HAVE ANY IMPACT?
February 22, 2024
HOW THALES AND RED HAT PROTECT TELCOS FROM API ATTACKS
February 13, 2024
WHY ORGANIZATIONS NEED TO PRIORITIZE A PQC-READINESS LAB
February 1, 2024
ESG RESEARCH UNEARTHS CRITICAL INSIGHTS FOR FUTURE-PROOFING ENCRYPTION AND KEY
MANAGEMENT
January 30, 2024
HOW 5G OPERATORS CAN PREPARE FOR THE QUANTUM ERA
January 25, 2024
PROTECTING AGAINST THE RISKS AND MANAGING THE COMPLEXITIES OF A QUANTUM WORLD
WITH THALES AND IBM CONSULTING
December 19, 2023
RANSOMWARE SANCTIONS: DO THEY HAVE ANY IMPACT?
February 22, 2024
HOW THALES AND RED HAT PROTECT TELCOS FROM API ATTACKS
February 13, 2024
WHY ORGANIZATIONS NEED TO PRIORITIZE A PQC-READINESS LAB
February 1, 2024
ESG RESEARCH UNEARTHS CRITICAL INSIGHTS FOR FUTURE-PROOFING ENCRYPTION AND KEY
MANAGEMENT
Next
* 1
* 2
Subscribe to our RSS Feed
Stay up to date with data security best practices and industry news
Cloud Protection & Licensing Blog
cpl.thalesgroup.com
Visit our parent site at
www.thalesgroup.com
* Products
* Data Protection
* Application Security
* Access Management & Authentication
* Software Monetization
* Solutions
* By Use Case
* By Industry
* By Compliance
* Partners
* Find a Partner
* Become a Partner
* Partner Portal Login
* Resources
* Resources Library
* Blog
* Podcasts
* Support
* Customer Support
* Training Services
* About
* Contact Us
* India E-Waste Program
* Newsroom
* Careers
SUBSCRIBEGet the latest data protection and access management resources and
insights delivered right to your inbox.
Copyright © 2024 Thales. All Rights Reserved
* * Privacy Policy
* Disclaimer
* EU Commitments
* Sitemap
* Cookie Policy
* Terms & Conditions
* Do Not Sell My Personal Information
Search
Partners Resources Blogs Sentinel Drivers
By clicking "Accept All Cookies" or closing this banner, you agree to the
storing of cookies on your device to enhance site navigation, analyze site
usage, and assist in our marketing efforts.Cookie Policy
Accept All Cookies
Cookies Settings
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
Back Button
COOKIE LIST
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Reject All Confirm My Choices