main

Service Provider

5G: You Can Have Your Slice and Security Too!

April 25, 2019 — by Louis Scialabba0

5g_slice-960x667.jpg

We have heard it before. Another generation of mobile architecture is upon us and we are euphoric for all the cool things we can do more of.  And of course good marketers will swear that you can lasso the moon if you have enough money to pay for it.

Let’s inspect 5G for what it really is, save the hype.  It is an upgrade in the mobile architecture that pushes new computing elements and services closer to the edge in order to scale and improve network performance.  The 5G specifications rely on virtualized and distributed network functions that span across remote locations, and is heavily dependent on robust, secure interworking between remote and local virtualized network functions. 

5G also opens the network to new services using IT protocols and Open APIs – the latter of which introduces significant additional liability on the responsibility of the carrier network security owner.

I’ll Take a Slice of That

The “Network Slicing” concept in 5G aims to isolate specific application traffic into a dedicated virtual network. Each slice carries the traffic originating from a specific application, such as IoT Telemetry and Autonomous Vehicles, Smart City and Smartphone. Each application has its unique network traffic pattern and requires specific security policies. Having an isolated virtual networks brings security benefit and limits security risk impact to the specific slice.

[You may also like: Here’s How Carriers Can Differentiate Their 5G Offerings]

Sharpening the Edge

With this new network paradigm based on service-based architecture (SBA), the previous 3G and 4G network element boxes transformed into a cloud of micro-services functions, distributed and disaggregated based on the carrier coverage needs and specific applications deployed in the carrier network. The new architecture exposes many internet interfaces in various network segments from the core peering link up to the far-edge compute to address scale and low-latency requirements.

Such mass exposure of external internet interfaces significantly raises the cyber security threat level. IoT and its applications running at the far edge provides new services based on vast usage of open, published interfaces based on HTTP\2.  On one hand, this enables openness and service agility, and on the other, extensive exposure to attacks tools and tactics using publicly available information to wreak havoc on network infrastructure and services. 

In other words, the new 5G security perimeter has widened and expanded far beyond what we are familiar with in LTE and 3G world.

A Call to Arms

A typical network security solution will include various security elements such as firewalls, DDoS protection, web application firewall, etc. Each system may require its own domain expertise when it comes to proper configuration and tuning. When a carrier network is under attack, dedicated expertise is required for handling changes and setting the proper mitigation action.

With the new reality of network slicing and highly distributed network functions carrier security teams will be overburdened unless they employ an automated, self-learning defense mechanism. With the current telecom carriers, the economics of an increase in security staff is not an option when moving toward 5G – it just doesn’t scale from a cost-perspective and it puts human engineers at a disadvantage to ever-increasing machine-based bot attacks. 

[You may also like: Here’s How Net Neutrality & Wearable Devices Can Impact 5G]

Automation as Table Stakes

A comprehensive security solution used across all network slices benefit from ease of management and required team expertise. Security vendors must design security products around the concept of self-learning, which is essentially threat detection not heavily dependent on pre-configured rules. 

Minimal setup and configuration is required in 5G to lower carrier security team effort around system operation.  An automated attack mitigation capability provides security teams with ‘peace of mind’ that all attack time actions taken care without manual intervention by security administrators, with strong visibility into network security threats across all network functions and slices.

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

Mobile SecurityService Provider

Securing the Customer Experience for 5G and IoT

February 21, 2019 — by Louis Scialabba3

iot-5g-networks-cybersecurity-blog-img-960x519.jpg

5G is set to bring fast speeds, low latency and more data to the customer experience for today’s digitized consumer. Driven by global demand for 24×7 high-speed internet access, the business landscape will only increase in competitiveness as service providers jockey to deliver improved network capabilities.

Although the mass roll-out of the cutting-edge technology is expected around 2020, the race to 5G deployment has already begun. In addition to serving as the foundation for the aforementioned digital transformation, 5G networks will also deliver the integral infrastructure required for increased agility and flexibility.


But with new benefits come new risks. As network architectures evolve to support 5G, it will leave security vulnerabilities if cybersecurity isn’t prioritized and integrated into a 5G deployment from the get-go to provide a secure environment that safeguards customers’ data and devices.

Cybersecurity for 5G shouldn’t be viewed as an additional operational cost, but rather as a business opportunity/competitive differentiator that is integrated throughout the overall architecture. Just as personal data has become a commodity in today’s world, carriers will need the right security solution to keep data secure while improving the customer experience via a mix of availability and security.

For more insight into how service providers can mitigate the business risks of 5G deployment, please read our white paper.

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

SecurityService Provider

IoT, 5G Networks and Cybersecurity: Safeguarding 5G Networks with Automation and AI

September 18, 2018 — by Louis Scialabba1

iot-5g-networks-cybersecurity-blog-img-960x519.jpg

By 2020, Gartner says there will be 20.4 billion IoT devices. That rounds out to almost three devices per person on earth. As a result, IoT devices will show up in just about every aspect of daily life. While IoT devices promise benefits such as improved productivity, longevity and enjoyment, they also open a Pandora’s box of security issues for mobile service providers.

This flood of IoT devices, combined with the onset of 5G networks to support it, is creating an atmosphere ripe for mobile network attacks.  This threat landscape requires mobile service providers to alter their approach to network security or suffer dire consequences. The same old tools are no longer enough.

[You might also like: A New Atmosphere for Mobile Network Attacks]

Battle Increased Complexity with Automation

For years, security teams have struggled with the proliferation of data from dozens of security products, outpacing their ability to process it. This same problem applies to mobile service providers regarding the aforementioned issues surrounding 5G and IoT devices.

Security threats and anomalies within mobile network traffic are growing faster than security teams can detect and react to them. All the security threats we see now on enterprise networks are a harbinger of what’s to come on 5G networks. The introduction of 5G adds significant complexities to mobile networks that require next-generation security solutions.

Automation is key to better identification and mitigation of these threats for mobile service providers. Machine-learning based DDoS mitigation solutions enable real-time detection and mitigation of DDoS attacks. Through behavioral analysis, bad traffic can then be identified and automatically blocked before any damage is done.

[You might also like: The Rise of 5G Networks]

Automation Across the Security Architecture

For mobile service providers, automation must expand across all layers of the security architecture. First and foremost, the network must be leveraged as a sensor, a digital cyberattack tripwire. In 5G networks, network elements are distributed at the edge and virtualized. The network’s endpoints can be used as detection spots to send messages back to a centralized control plane (CCP).

The CCP serves as the brain of the network, compiling all the inputs from its telemetry feeds to deploy the best way to apply mitigation policies.

The myriad amount of CCP data can be put to work via Big Data. As 5G pushes network functions and data to the cloud, there’s an opportunity to use this information to better protect against attacks with the help of artificial intelligence (AI) and deep learning.

This is where the “big” in “big data” comes into play. Because 5G virtual devices live on the edge of the network in small appliances, there isn’t enough computing power available to identify evolving attack traffic from within. But by feeding traffic through an extra layer of protection at large data centers, it is possible to efficiently compile all the data to identify attacks.

Large data centers can be prohibitively expensive to house and maintain. Ideally, these data centers are housed and maintained by the mobile service provider’s DDoS mitigation vendor, which leverages its network of cloud-based scrubbing centers (and the massive volumes of threat intelligence it collects) to process this information and automatically feed it back to the mobile service provider.

A Game of Probability

In the end, IoT and 5G security will come down to being a game of probability, however, automation and AI stack the odds heavily in favor of mobile service providers.

The new network technology has the speed and capacity to enable AI with data from 50 billion connected devices. AI requires huge amounts of data to sift through and create neural networks where anomalies can be detected, with emphasis on good data. Bad or poisoned data will lead to biased models and false negatives. The more good data, the better the outcomes in this high-stakes game of probability.

As all this traffic is fed through the scrubbing centers at data centers around the world, AI can help inform security algorithms to detect protocol anomalies and flag issues. The near real-time process is complicated. Like an FBI watch list, a register of attack information goes to a mobile network’s control plane. The result is a threat intelligence feed that uses the power of machine learning to identify and prevent attacks.

The best place to populate AI and deep learning systems is from crowdsourcing and global communities where large numbers of enterprises and networks contribute data. Bad data will find its way in, but the good data will significantly outnumber the bad data to make deep learning possible.

Ultimately, the threats from botnets, web scraping, and IoT zombies is dynamic and increasingly complex. With 5G on the horizon, it’s critical that mobile service providers are proactive and make plans now to protect their networks against evolving security threats by turning to machine learning and AI.

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

BotnetsMobile DataMobile SecuritySecurityService Provider

IoT, 5G Networks and Cybersecurity: A New Atmosphere for Mobile Network Attacks

August 28, 2018 — by Louis Scialabba5

cyborg_iot_5g-960x432.jpg

The development and onset of 5G networks bring a broad array of not only mobile opportunities but also a litany of cybersecurity challenges for service providers and customers alike. While the employment of Internet of Things (IoT) devices for large scale cyberattacks has become commonplace, little has been accomplished for their network protection. For example, research by Ponemon Institute has found that 97% of companies believe IoT devices could wreak havoc on their organizations.

With hackers constantly developing technologically sophisticated ways to target mobile network services and their customers, the rapidly-approaching deployment of 5G networks, combined with IoT device vulnerability has created a rich environment for mobile network cyberattacks.

[You might also like: The Rise of 5G Networks]

Forecast Calls for More Changes

Even in today’s widespread use of 4G networks, network security managers face daily changes in security threats from hackers. Just as innovations for security protection improve, the sophistication of attacks will parallel. Cybersecurity agency ENISA forebodes an increase in the prevalence of security risks if security standards’ development doesn’t keep pace.

Add in research company Gartner’s estimate that there will be 20.4 billion connected devices by 2020, hackers will have a happy bundle of unprotected, potential bots to work with. In the new world of 5G, mobile network attacks can become much more potent, as a single hacker can easily multiply into an army through the use of botnet deployment.

Separating the Good from the Bad

Although “bot traffic” has an unappealing connotation to it, not all is bad. Research from Radware’s Emergency Response Team shows that 56% of internet traffic is represented by both good and bad bots, and of that percentage, they contribute almost equally to it. The critical part for service providers, however, is to be able to differentiate the two and stop the bad bots on their path to chaos.

New Technology, New Concerns

Although 4G is expected to continue dominating the market until 2025, 5G services will be in demand as soon as its rollout in 2020 driven by features such as:

  • 100x faster transmission speeds resulting in improved network performance
  • Lower latency for improved device connections and application delivery
  • 1,000x greater data capacity which better supports more simultaneous device connections
  • Value-added services enabled by network slicing for better user experience

The key differentiating variable in the composition of 5G networks is its unique architecture of the distributed nature capabilities, where all network elements and operations function via the cloud. Its flexibility allows for more data to pass through, making it optimal for the incoming explosion of IoT devices and attacks, if unsecured. Attacks can range from standard IoT attacks to burst attacks, even potentially escalating to smartphone infections and operating system malware.

[You might also like: Can You Protect Your Customers in a 5G Universe?]

5G networks will require an open, virtual ecosystem, one where service providers have less control over the physical elements of the network and more dependent on the cloud. More cloud applications will be dependent on a variety of APIs. This opens the door to a complex world of interconnected devices that hackers will be able to exploit via a single point of access in a cloud application to quickly expand the attack radius to other connected devices and applications.

Not only are mobile service providers at risk, but as are their customers; if not careful, this can lead to more serious repercussions regarding customer loyalty and trust between the two.

A Slice of the 5G Universe

Now that the new network technology is virtualized, 5G allows for service providers to “slice” portions of a spectrum as a customizable service for specific types of devices. Each device will now have its own respective security, data-flow processes, quality, and reliability. Although more ideal for their customers, it can simultaneously prove to be a challenge in satisfying the security needs of each slice. Consequently, security can no longer be considered as simply an option but as another integral variable that will need to be fused as part of the architecture from the beginning.

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

BotnetsMobile DataMobile SecuritySecurityService Provider

IoT, 5G Networks and Cybersecurity: The Rise of 5G Networks

August 16, 2018 — by Louis Scialabba2

rise-5g-networks-iot-cybersecurity-960x640.jpg

Smartphones today have more computing power than the computers that guided the Apollo 11 moon landing. From its original positioning of luxury, mobile devices have become a necessity in numerous societies across the globe.

With recent innovations in mobile payment such as Apple Pay, Android Pay, and investments in cryptocurrency, cyberattacks have become especially more frequent with the intent of financial gain. In the past year alone, hackers have been able to mobilize and weaponize unsuspected devices to launch severe network attacks. Working with a North American service provider, Radware investigations found that about 30% of wireless network traffic originated from mobile devices launching DDoS attacks.

Each generation of network technology comes with its own set of security challenges.

How Did We Get Here?

Starting in the 1990s, the evolution of 2G networks enabled service providers the opportunity to dip their toes in the water that is security issues, where their sole security challenge was the protection of voice calls. This was resolved through call encryption and the development of SIM cards.

Next came the generation of 3G technology where the universal objective (at the time) for a more concrete and secure network was accomplished. 3G networks became renowned for the ability to provide faster speeds and access to the internet. In addition, the new technology provided better security with encryption for voice calls and data traffic, minimizing the impact and damage levels of data payload theft and rogue networks.

Fast forward to today. The era of 4G technology has evolved the mobile ecosystem to what is now a mobile universe that fits into our pockets. Delivering significantly faster speeds, 4G networks also exposed the opportunities for attackers to exploit susceptible devices for similarly quick and massive DDoS attacks. More direct cyberattacks via the access of users’ sensitive data also emerged – and are still being tackled – such as identity theft, ransomware, and cryptocurrency-related criminal activity.

The New Age

2020 is the start of a massive rollout of 5G networks, making security concerns more challenging. The expansion of 5G technology comes with promises of outstanding speeds, paralleling with landline connection speeds. The foundation of the up-and-coming network is traffic distribution via cloud servers. While greatly benefitting 5G users, this will also allow attackers to equally reap the benefits. Without the proper security elements in place, attackers can wreak havoc with their now broadened horizons of potential chaos.

What’s Next?

In the 5G universe, hackers can simply attach themselves to a 5G connection remotely and collaborate with other servers to launch attacks of a whole new level. Service providers will have to be more preemptive with their defenses in this new age of technology. Because of the instantaneous speeds and low lag time, they’re in the optimal position to defend against cyberattacks before attackers can reach the depths of the cloud server.

2018 Mobile Carrier Ebook

Discover more about what the 5G generation will bring, both benefits and challenges, in Radware’s e-book “Creating a Secure Climate for your Customers” today.

Download Now

Security

The Evolving Network Security Environment – Can You Protect Your Customers in a 5G Universe?

July 17, 2018 — by Louis Scialabba1

5g-iot-ebook-960x679.jpg

Smart Farming depends on internet of things (IoT) devices and sensors to monitor vast farm fields, guiding farmers’ decisions about crop management through rich data. But it only takes one security flaw for all stakeholders within the ecosystem to be impacted. If hackers gain access to a single sensor, they can navigate their way to the farm-management application servers and manipulate data. Crop productivity levels are falsified, both basic and complex condition-monitoring systems are distorted, and real-time harm occurs through automatic IoT sensors. At stake is not only the productivity of crops, but the food that supplies livestock and humans: What if there was no corn for you?

Attack Types & VectorsDDoSSecurity

Battling Cyber Risks with Intelligent Automation

June 26, 2018 — by Louis Scialabba0

automation-960x640.jpg

Organizations are losing the cybersecurity race.

Cyber threats are evolving faster than security teams can adapt. The proliferation of data from dozens of security products are outpacing the ability for security teams to process it. And budget and talent shortfalls limit the ability for security teams to expand rapidly.

The question is how does a network security team improve the ability to scale and minimize data breaches, all the while dealing with increasingly complex attack vectors?

The answer is automation.

Security

How Secure is Your Medical Data?

February 6, 2018 — by Louis Scialabba0

healthcare-smb-mssp-960x640.jpg

Imagine getting online with your doctor on the other end of the streaming connection, and then sending her real-time data of your blood pressure and glucose levels for real-time analysis and consultation.  It’s convenient, it’s timely, and it’s altogether probably cheaper than making a visit to the office.  But is your information secure?  Who else might be snooping on the data you are sending?  The risk is probably higher than you think, and the reward for malicious cyber criminals is certainly worth their time and effort.

Attack Types & VectorsSecurity

Hospital Stays Can Take Out More Than Your Organs

August 30, 2017 — by Louis Scialabba0

healthcare-mssp-960x620.jpg

The Cyber Theft Threat in Healthcare and how Service Providers can Transform Risk to Reward

You went to the hospital to get your appendix out and one week later your identity was taken from you as well.  How did this happen? In their 2017 Data Breach survey, Verizon found that ransomware has jumped up from the 22nd most common type of malware in 2014 to the 5th most common. The report also discovered that 72% of all healthcare attacks in 2016 were ransomware and the only industry targeted more than health care is financial services.