* [Blog](https://www2.paloaltonetworks.com/blog)
* [Network Security](https://www2.paloaltonetworks.com/blog/network-security/)
* [5G Security](https://www2.paloaltonetworks.com/blog/network-security/category/5g-security/)
* The Four 'Ps' of 5G Netwo...

# The Four 'Ps' of 5G Network Visibility

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fthe-four-ps-of-5g-network-visibility%2F)  
[](https://twitter.com/share?text=The+Four+%E2%80%98Ps%E2%80%99+of+5G+Network+Visibility&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fthe-four-ps-of-5g-network-visibility%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fthe-four-ps-of-5g-network-visibility%2F&title=The+Four+%E2%80%98Ps%E2%80%99+of+5G+Network+Visibility&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/network-security/the-four-ps-of-5g-network-visibility/&ts=markdown)  
\[\](mailto:?subject=The Four ‘Ps’ of 5G Network Visibility)  
Link copied  
By [Patrick Donegan](https://www.paloaltonetworks.com/blog/author/patrick-donegan/?ts=markdown "Posts by Patrick Donegan")  
Mar 08, 2021  
6 minutes  
[5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown)  
[Guest Post](https://www.paloaltonetworks.com/blog/category/guest-post/?ts=markdown)  
[Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown)  
[Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)  
[5G](https://www.paloaltonetworks.com/blog/tag/5g/?ts=markdown)  
[5G Security](https://www.paloaltonetworks.com/blog/tag/5g-security/?ts=markdown)  
[cybersecurity](https://www.paloaltonetworks.com/blog/tag/cybersecurity/?ts=markdown)  
[Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown)

*We are pleased to welcome guest blogger Patrick Donegan, Principal Analyst with cyber security analyst firm, HardenStance.*

Earlier this year, Palo Alto Networks commissioned HardenStance to undertake research into the market in vertical industry use cases of 5G, as well as supporting security requirements and emerging security business models.

A key take-away is the importance of network visibility across many agriculture, transport, automotive, energy, health and factory automation use cases, leveraging private 5G networks as well as telco-delivered 5G 'slices.'

As the pioneer in application layer firewalling, providing network visibility has always been central to Palo Alto Networks' core value proposition so naturally they were pleased with this high level finding. What was striking about the conclusions, though, is just how much further the definitions and requirements of network visibility will need to be extended to secure 5G deployments effectively.

As they invest in dedicated 5G use cases, organizations need as much visibility as possible into what is an increasingly complex environment. At the same time they also need to ensure that attackers have as little visibility as possible. It's useful to frame these requirements as the 'Four Ps' of 5G network visibility -- visibility into Packets, Permissions, Perimeters and Partners.

**#1 'P' for Packets**  
Visibility into packets is the most familiar. Telcos don't need to inspect every single packet traversing their network at L4-L7. But the proliferation of connected devices in the 5G era, the growing volume and sophistication of cyber threats, and the increasingly open, dynamic and distributed nature of the 5G network, gives telcos new incentives to invest in [application layer security with 5G](https://www.paloaltonetworks.com/security-for/network/5g-mobile-networks).

Depending on the level of risk associated with the sector of industry, the specific use case, and the value of the data generated, many enterprises should also be motivated to invest in L4-L7 visibility themselves. They can deploy and manage that independently. Or they can buy it in as a premium service from a telco or other managed provider to protect against highly targeted, heavily obfuscated, application layer attacks including zero day attacks.

**#2 'P' for Permissions**  
Permissions are a critical new front in the battle to give cyber security practitioners more visibility. In the case of 5G network slices, simple authentication and authorization will be multi-layered and will vary by use case. Primary authentication will necessarily be done by the telco. An EAP TLS-based network-specific slice authentication will necessarily be done by the enterprise itself. An authentication or authorization onto an external data network could be done by either party.

As shown with the momentum behind applying [Zero Trust](https://www.paloaltonetworks.com/network-security/zero-trust) principles in cyber security, best practice no longer allows individuals, devices or applications to have open, binary, permissions to access whole suites of corporate applications or data assets indefinitely. Rather, Zero Trust mandates that permission to access resources must be accorded on a far more granular basis and must be subject to continuous authentication and authorization. Critically, [permissions must also adapt dynamically to changes in context because without context, visibility is obscured](https://www.paloaltonetworks.com/blog/2020/11/5g-native-security/).

Zero Trust is certainly at a nascent stage in terms of real-world implementations. Most organizations have yet to apply first Zero Trust principles anywhere yet - and when they do it should typically be with specific projects rather than as any kind of organization-wide IT 'master-plan.'

There's no generally-applicable reason why an enterprise should wait to try out Zero Trust principles elsewhere in their organization before implementing them in a 5G deployment. By virtue of 5G use cases being greenfield deployments, there may even be advantages in doing so.

**#3 'P' for Perimeters**  
By now it's a cliché that the traditional security perimeter is no longer effective. The new perimeter or the new far edge of the network can be an IoT 'thing' now because compromising it can serve as an initial point of entry for attackers into an organization's network.

The Coronavirus pandemic has triggered a rapid shift to home working, creating tens of millions of other highly distributed edges, perimeters or "enterprise branch offices of one". Distributed enterprise use cases of 5G that leverage Multi Access Edge Computing (MEC) are just one more component in the accelerating move of networking and security to the edge. This is widely referred to now as the [Secure Access Services Edge (SASE)](https://www.paloaltonetworks.com/cyberpedia/what-is-sase) market space.

In the 5G context, it becomes increasingly important for telcos and enterprises to have visibility into these perimeters as the basis for immediate threat detection and mitigation. Depending on the exact mix of inbound and outbound traffic, this kind of context-aware security policy enforcement at the 5G edge can reduce the risk of allowing malicious traffic to traverse the network.

**#4 'P' for Partners**  
Supply chain vulnerabilities are top of mind at the start of 2021, following the [Solar Winds hack](https://www.paloaltonetworks.com/blog/2020/12/next-solarwinds-modernizing-cybersecurity/) at the end of last year. When it comes to visibility into the domains of supply chain partners, a careful balance has to be struck between plenty of visibility to harden one party's security and too much visibility that poses a risk to an ecosystem partner. This applies in the relationships between multiple stakeholders in 5G deployments including telcos, enterprise customers, vendors and public cloud providers.

In the case of the relationship between a supplying telco and an enterprise customer using network slices, the default position of many enterprise CISOs will be to want [as much visibility as possible into their network slice](https://www.paloaltonetworks.com/blog/2020/11/5g-native-security/). They will want visibility into the telemetry and logs from their slice. Some would ideally like those telecom feeds normalized in some way so that they can be ingested and integrated into their enterprise SOC environment to give end to end visibility across on-premises, public cloud and 5G cloud domains.

Investing in a dedicated private telco slice will allow for greater visibility into a network slice than in a shared public slice use case where the slice is shared with other businesses. For example, it may be possible for an enterprise to negotiate deploying a sensor in their own private slice for visibility, whereas that's very much less likely to be viable with a shared public slice.

If telcos want to aggressively grow the network slicing business, they are going to have to take customer requirements into account when defining the level of visibility into the network slice that they allow. Moreover, they're going to need to do that systematically as part of a standard commercial offer -- not just for their largest, most important, customers.

Clearly telcos have to ensure strong protection against giving customers visibility into things they have no need to see. But grey areas are going to emerge that will require deft commercial negotiations between telcos and enterprises. To give one example, allowing some form of snapshot-in-time view of events within the slice rather than real-time visibility could provide a basis for compromise for enterprise customer requirements such as for their supply chain auditing.

*** ** * ** ***

## Related Blogs

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### Introducing the Industry's First 5G-Native Security](https://www2.paloaltonetworks.com/blog/2020/11/5g-native-security/)

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Combining Carrier-Grade Private Networks with Enterprise-Grade 5G Security](https://www2.paloaltonetworks.com/blog/network-security/private-networks-enterprise-grade-5g-security/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### The Need for Zero Trust for Enterprise Public Cloud](https://www2.paloaltonetworks.com/blog/2022/09/zero-trust-for-enterprise-public-cloud/)

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Securing the New Frontiers of Critical Infrastructure Networks](https://www2.paloaltonetworks.com/blog/2022/03/new-frontiers-of-critical-infrastructure-networks/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### From Log4j and Beyond: 3 Ways CN-Series Protects Containers](https://www2.paloaltonetworks.com/blog/network-security/log4j-cn-series-container-firewalls/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Calculate Your Organization's Big Virtual Firewall ROI Potential](https://www2.paloaltonetworks.com/blog/network-security/calculate-virtual-firewalls-roi-potential/)

### Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language