Mobile, Endpoint Security

5G creates a new inflection point for security

Today’s columnist, Sally Bament of Juniper Networks, lays out a strategy for securing 5G networks. (Photo by Mario Tama/Getty Images)

5G adoption has rapidly accelerated around the world, bringing with it both massive transformation and potential, as well as new challenges. With more than 170 commercial 5G networks launched across the globe, and many more expected through the rest of the year, service providers find themselves at an inflection point – the performance of 5G security needs to match the performance of the network. There’s so much to gain with 5G, it’s imperative to take any unnecessary risk off the table – and that’s why providers need to make security a top priority.

In the next few years, 5G will make near-unimaginable advancements a reality. Imagine a surgeon conducting a life-saving procedure from halfway around the globe, connected in real-time across the most advanced network ever conceived. Applications like this will soon become a reality. As will a number of new innovations powered by the massive increase in connected devices that will soon be thrust onto networks. 5G promises to enable millions or even billions of new connected devices, all of which will create a significant increase in attack surfaces. According to a recent report, 40% of network operators reported vulnerabilities related to network virtualization as a challenge they face when offering 5G-based services. As such, service providers need to prioritize getting proper security measures in place, especially those that focus on visibility into 5G data traffic, proactive threat detection and automated mitigation.

What’s different about 5G?

While 3G and 4G networks positioned mobile as a domain different and separate from mainstream internet, 5G networks are more complex and require attention, especially from a security perspective. In the past, the mobile packet core for previous generations was typically deployed in a few centralized data centers. And the traditional security architecture was designed and deployed accordingly, centered around protecting these facilities with extremely high capacity for a few locations. However, with the move to 5G, services become decentralized, and  networks move from a physical appliance-based design (3G or 4G) to virtual machine (VM) and container-based designs, so service providers will have to extend their security perimeter from a small number of data centers to many distributed locations. Naturally, with new services and applications placed at the distributed edge, the security architecture needs to follow as well. Given the redefined nature of 5G networks, service providers will need to update their security strategy to keep pace.

Securing networks in the 5G era

Rolling out 5G networks will bring about a number of opportunities for service providers, businesses and end users. However, they also present opportunities for cybercriminals to turn new 5G capabilities into vulnerabilities. Many of the connected devices are fundamentally insecure and attackers can easily infiltrate them. Attackers can take over the devices use them against the network as part of massive DDoS attacks. Additionally, with increasingly distributed services and traffic that are harder to monitor, any one of these elements can become a prime attack vector. To protect themselves and their customers, what follows are recommendations service providers can use to set up a security architecture that’s prepared for potential attacks presented by 5G capabilities:

  • Set up a unified security policy management process. This will help ease the transition from previous network generations and allow for security policies to follow users, devices or applications as they move to new locations and are applied automatically. Further, it minimizes operational overhead otherwise required to recreate policies from one platform to another and decreases attack vectors inadvertently created by human error.
  • Embrace an end-to-end network security approach. It’s critical to have complete view of the security infrastructure from network connectivity to the end-user, especially as 5G networks create more opportunity for connected devices, causing even more sites and distributed services. Service providers will need to implement an end-to-end security approach that combines network, application and end-user security to deliver a secure and assured service experience.
  • Protect cloud-native workloads. As 5G Core Network (5GCN) and Open Radio Access Network (O-RAN) embrace cloud-native, containerized architectures for distributed application deployment, it’s critical to extend security beyond protocol-specific awareness. Exfiltration of data, infiltration of malware, and the zero-day attacks during runtime of dynamic applications are all potential threats that can comprise O-RAN and 5GCN. Any service provider offering 5G services must ensure security countermeasures are in place to protect these new cloud workloads.
  • Implement a zero-trust security model. A zero-trust model can effectively mitigate risks at scale within 5G networks. Given the number of distributed services that 5G will bring, adopting a zero-trust model, with AI/machine learning, will continuously work to verify, validate and authenticate every time a device makes a new connection request. This strategy ensures that no matter the location of networks or devices, there is clear visibility into network access, reducing the volume and impact of cyberattacks.

5G presents plenty of opportunities for consumers and businesses alike, including massive speeds, huge connection densities, and ultra-low-latency experiences, fundamentally changing every industry it touches. Unfortunately, it also represents advancement and opportunity for cyber criminals. As service providers expand 5G deployments, now’s the time to focus resources on how to protect networks from bad actors. The possibilities of 5G are endless and can remain that way if companies keep their infrastructures safe and secure.

Sally Bament, vice president, cloud and service provider marketing, Juniper Networks

prestitial ad