Intelligent CIO APAC Issue 18 - Page 84

Yaniv Hoffman , Vice President
Technologies , Radware
All security tools need to be automated for onboarding and deployment .
5G networks introduce new traffic patterns that run east / west towards applications . Therefore , there is a need to inspect egress traffic . The number of inspection points increases dramatically not only from peering points , but also from traffic at Edge Computing points .
CSPs need to consider the following unique security threats when planning protection for 5G networks :
• Cisco and Altiostar – They partnered to create blueprints to accelerate deployments of 4G / 5G OpenRAN solutions to service provider networks .
• Vodafone and Verizon – They partnered with AWS to explore Edge Computing opportunities .
• VMware has been moving into the telco sector with more updates to its telco cloud platform , including support for Open RAN .
Security challenges
Because of its distributed nature , the deployment of 5G networking infrastructure differs dramatically from previous generations of mobile networks . CSPs face new challenges in moving from a component-based topology to a service-based network .
For example , prior to 5G , mobile radio access and the core networks consisted of isolatable network elements with specific tasks . In 4G networks , a virtual evolved packet core ( EPC ) in the network emerged .
5G takes this a step further by transforming all network components into virtual , microservice elements that are software based , disaggregated and deployed in various locations .
The software-based microservices architecture enables network slicing . This includes the ability to isolate different services , each with its own parameters , setup and security policies – all on one hardware element .
The 5G network must be designed to support multiple security policies , segregated by slice on individual network components . The more slices , the more microservices and interface points in the network that are in turn exposed to the Internet .
• In network edge protection , multiple edge ( breakouts ) and mesh types significantly increase exposure .
• Outbound attacks include IoT botnets and attacks on the network edge .
• Inbound attacks , include floods from public cloud and from the Internet , and attacks on core network services .
• Network gateway attacks are based on burst attacks , IoT , BOT , API , DNS and SSL , raising complexity and impact on the infrastructure , application servers / telecommunication cloud and API gateways .
• Network slicing occurs when each slice has its own threat risk that requires per-slice security policies and a coherent defensive strategy across all slices . Mobile edge core security infrastructure and 5G availability assurance also require protection .
• Attacks on multi-access Edge Computing components include targeting service capability and mobility management entities . Defenses need to prevent network resource failure .
• Outgoing attacks to external servers from IOT devices are also a risk . IT needs to prevent network reputation risk , while infections targeted towards narrow band IoT devices also require protection to prevent IoT device infection with botnets .
• The public / private cloud edge needs protection . The shift in some areas of workload to the public cloud introduces new security concerns to service provider networks with additional shifts in microservice environment and cloud-native network function .
To counter the many , varied and ever-evolving attacks by cybercriminals , it is essential that organizations include in their defensive armoury WAF / API protection for their cloud-native environments . p
Traditional security methods with predefined rules , thresholds and manual setup will not work in a 5G environment . Service providers need to automate operations and have a scalable infrastructure to manage policies , which requires DevOps capabilities .
84 INTELLIGENTCIO APAC www . intelligentcio . com