{"id":34573,"date":"2017-06-19T13:00:09","date_gmt":"2017-06-19T20:00:09","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=34573"},"modified":"2017-06-19T11:53:29","modified_gmt":"2017-06-19T18:53:29","slug":"sp-mnos-want-better-security-achieving-threat-prevention-hyper-connected-5g-environment","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2017\/06\/sp-mnos-want-better-security-achieving-threat-prevention-hyper-connected-5g-environment\/","title":{"rendered":"MNOs Want Better Security: Achieving Threat Prevention in a Hyper-Connected 5G Environment"},"content":{"rendered":"

Only a few years ago, the world was buzzing with the term \u201c4G.\u201d While many mobile network operators (MNOs) are still rolling out their 4G infrastructures, the world is already buzzing about \u201c5G.\u201d Year 2020 is the suggested timeline for when MNOs are predicting to be ready for 5G. Development is already in the works with IETF<\/a>,\u00a0 3GPP<\/a>, 5G-PPP<\/a>, ETSI<\/a> and NGMN<\/a>, to name a few. Many government bodies, such as the European Union<\/a>, are funding 5G rollouts pre-2020 using pre-standard technologies.<\/p>\n

But what\u2019s in it for an average user to be hyper-excited about hyper-connected 5G? How do MNOs view 5G? What are the security challenges that MNOs will need to face with a 5G rollout?<\/p>\n

From an average user\u2019s perspective, 5G will bring ultra-low latency, high speeds reaching up to 10Gb\/s per user equipment and richness of services on-demand, as well as ultra-high availability, reliability, and interconnectivity with everyone and everything through connected devices, nowadays commonly referred to as the internet of things (IoT).<\/p>\n

\"5g_1\"<\/span><\/div><\/a><\/p>\n

Source: 5G Vision, 5G-PPP<\/a><\/em><\/p>\n

For MNOs, 5G implies the introduction of new service models; deep technical modifications in radio and optical technologies; network infrastructures transformations to software-defined networks (SDNs) and network functions virtualization (NFV); and unprecedented demand for preventive security.<\/p>\n

Nowadays, MNOs are quickly realizing large gaps in their security posture, even within their 4G infrastructures \u2013 no longer can security be treated as an afterthought. Security needs to be part of overall infrastructure design from its outset; instead of asking, \u201cHow much would it cost to have security?\u201d we need to ask, \u201cHow much will it cost if there is inadequate security?\u201d<\/p>\n

Think of the recent massive WanaCrypt0r ransomware attack (You can read about Palo Alto Networks protections against WanaCrypt0r<\/a>, and see a detailed breakdown<\/a> by our Unit 42 threat research team). The attack hit many organizations globally, including quite a few MNOs. What is the price tag to bridge that security gap? Could the attack have been prevented? Think further \u2026 what is the price tag associated with signaling attacks, such as S1-AP paging floods, Diameter 3GPP Update Location Request (ULR) and Authentication Information Request (AIR) floods, or GTP Control plane floods? Just imagine billions of zombie devices requesting to be attached at the same time, as instructed.<\/p>\n

\"5g_2\"<\/span><\/div><\/a><\/p>\n

MMEs\/vMMEs and HSSs\/vHSSs simply cannot sustain such \u201cmisbehavior,\u201d and die. That forces MNOs to overprovision their 4G \u2013 and soon 5G \u2013 infrastructures. What is the price associated with that? In addition to \u201ckilling\u201d a few core elements, zombie IoT devices\u2019 batteries won\u2019t last long, breaking the desired IoT protocol\u2019s behavior, targeting to preserve device battery life \u2026 well, as more infected devices get robotized, killing battery life becomes an extra bonus of the hacking exercise, doesn\u2019t it?<\/p>\n

One might think that positioning crypto on S1-MME and S6a interfaces would be good enough to provide signaling plane protection on those interfaces. Is it really? IPsec is the right approach to deploy for transport security. One of the interesting side-effects of IPsec is that it ensures everything is sent securely, including malware, signaling storms and other \u201cinteresting\u201d things.<\/p>\n

Sure enough, 5G\u2019s hope is to deploy SDN- and NFV-based technologies, where MNOs will be striving to reduce their CAPEX. Using the example of signaling storms, we need to question how easy will it be for MNOs to achieve that goal if proper security measurements are not implemented. Taking control of IoT, connected cars, compromised e-health and compromised infrastructures will result in zero connectivity to the \u201chyper-connected\u201d world.<\/p>\n

Stay tuned for more! In the next blog, I\u2019ll address preventive measures for hyper-connected 5G world to remain connected. For more imformation, download the white paper, The Need for a Network-Based Platform Approach in Mobile Networks<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Mobile network operators want better security: achieving threat prevention in a hyper-connected 5G environment. <\/p>\n","protected":false},"author":367,"featured_media":28659,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1097],"tags":[3904,3483,3486,1817],"coauthors":[3901],"class_list":["post-34573","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-providers","tag-5g","tag-mno","tag-mobile-network-operators","tag-mobility"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2017\/05\/blog-service-providers-banner-650x300.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/34573","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/367"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=34573"}],"version-history":[{"count":3,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/34573\/revisions"}],"predecessor-version":[{"id":34630,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/34573\/revisions\/34630"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/28659"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=34573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=34573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=34573"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=34573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}