By Vinay Sharma, Regional Director, India and SAARC, NETSCOUT
5G is expected to transform businesses and economies, unlocking new business models and use cases across industry verticals. According to Accenture, 79% of businesses believe 5G will have a significant impact on their organization of which 57% believe it will be revolutionary, whereas only 24% felt the same about 4G. 5G technology has enabled and mandated new business-critical, mission-critical, ad security-critical revenue-generating services. However, with the agility and flexibility of the 5G networks, 62% of businesses are concerned it will leave them vulnerable to cyber-attacks. The benefits of 5G’s higher-speed communications come with corresponding increase in the range of threats to mobile networks. DDoS attacks are increasing in complexity, disrupting key systems, and causing major business losses. And recently, the barriers to entry for attackers have been eliminated. DDoS-for-hire services now allow users to test basic DDoS attacks before purchasing.
Attacks on Mobile Networks
The classic cycle of protective systems has evolved to enhance security measures for mobile networks and services. This evolution further enables them to inherently secure and to exhibit efficient use of traditional detection mitigation techniques. The challenge is seen when a valid service that is attached to the network begins to perform abnormally, such as the infected IoT or handset devices acting abnormally in the network due to a bad actor’s activities. These devices will infect other devices, and subsequently, data will be redirected to unknown servers. This type of 5G network security event can create signaling challenges within the 5G network and exhaust other network resources.
Carriers Securing the Mobile Edge
5G networks have an ecosystem in which enterprises and carriers converge to provide reliable services at the mobile network edge to realize the capabilities of edge computing fully and to support consumer services and applications. Enterprises expect specific service level agreements (SLAs) to include built-in threat detection for services and network slices. Consumers of edge services need to be assured they will experience reliable and secure services. Carriers must embed the needed 5G network security to support all subscribers.
Advanced Security Detection Engine
Protecting the network edge calls for an advanced security detection engine that has the capacity to scale and to provide end-through-end observability from RAN to core to the data center edge.
Carriers must consider observability from the onset to ensure network threat mitigation at key points within the network: endpoint, RAN/backhaul, and services. When attacks are experienced at the edge, it is too late to mitigate the 5G network security issue. Using only edge data will not provide a complete view from within the network to correlate and map complex control plane and user plane information back from endpoint IP addresses to the subscriber, device type, location, and so forth.
In addition, the complexity and agility of the 5G network environment make it very difficult for humans to discern valid device behavior and to proactively determine device compromise related to a DDoS attack, fraud, or data theft.
Advanced Security in 5G Mobile Networks
Carriers should review the following elements when considering 5G network security:
● Packet-level data to feed artificial intelligence/machine learning (AI/ML) algorithms
● Specific AI/ML algorithms to determine device performance
● Security domain knowledge
● Key monitoring points within the network
In a disaggregated 5G network, carriers must consider observability from the onset to mitigate endpoint threats within the network. A robust solution which is a real-time network platform delivering visibility, performance, security and availability at scale, will aid in the 5G network security.
The need for Network Embedded AI Mobile Security
Packet Level Network Data is leveraged in AI Mobile Security. Threats can be identified much more quickly and mitigated here, within the network, which will reduce service and infrastructure impact, and wasted capacity among others. It provides for visibility and correlation across user and control plane end-through-end enabling in identifying the broader range of threats. This also delivers complete end-point view within a service which is key for machine-2-machine services and in enforcing zero-trust between services.