Palo Alto Networks and IBM Are Automating 5G Security for Business Growth

Jan 19, 2022
7 minutes

5G has been dubbed the "enterprise release" for mobile network technology. It's a fair description: 5G is transforming the business technology landscape and creating opportunities far beyond anything we've seen with previous mobile network upgrades.

Working in this increasingly hyper-connected world, however, also means dealing with new security vulnerabilities and threat vectors — especially those targeting data and applications running at the edge and leveraging cloud-native infrastructure. Palo Alto Networks and IBM are working together to deliver joint 5G-native security solutions and services designed to protect these networks and ecosystems. In the process, we're executing a vision for 5G security solutions that also enables better customer experiences, drives revenue growth, and supports innovation for network operators and their enterprise customers.

5G in a Nutshell: Faster, Sooner, Better

Today's 5G networks are especially valuable in three areas that have a huge impact on how businesses build, manage, scale, and get value from mobile networks:

  • 5G is blazing fast, significantly improving peak network speeds compared to 4G LTE networks.
  • 5G slashes latency, which opens the door for new applications involving Internet of Things (IoT) devices and artificial intelligence, where real-time performance is important (think self-driving vehicles).
  • 5G networks are designed for much higher capacity, which minimizes the risk of peak-usage performance issues and clears potential barriers to new IoT applications.

Raising the bar on performance and capacity opens the door to some important changes in how enterprises are using 5G networks. We've seen an explosion in the variety and volume of networked devices, for example, as low-cost, low-powered IoT sensors and other hardware begins to multiply. And all of these new devices, in turn, are redefining (and often confusing) what qualifies as "normal" network traffic patterns.

Not surprisingly, cloud and edge environments are also playing a major part in how enterprises are leveraging their 5G networking capabilities. From IoT and AI to cloud-native, microservices-based applications, 5G arrived at the perfect time to facilitate this shift to highly distributed application architectures and data sources.

An Expanding Attack Surface

As you might expect, there are some big challenges around securing 5G networks: Highly distributed cloud and edge environments, and a proliferation of IoT and user-owned devices add up to more threat vectors and much bigger attack surfaces. Attackers are also more likely to target the application layer of a 5G network, rather than focusing mainly on a mobile network's internet peering interfaces.

It adds up to a 5G security environment where threats evolve faster, move more quickly, get more opportunities to attack, and can potentially cause more damage. Clearly, if 5G security isn't yet top of mind for a network operator and its enterprise clients, there's no time like the present to get on board.

5G Security — Served Up a Slice at a Time

For Palo Alto Networks and IBM, helping 5G network operators get ahead of these security challenges has become a top priority, given what's at stake for operators and their enterprise customers. At Mobile World Congress (MWC) Los Angeles in October 2021, IBM and Palo Alto Networks together with Spirent, demonstrated our first fully functional, joint solution: 5G network slicing provisioned with validation, security orchestration, as well as threat detection and response capabilities.

The demonstration showed how our joint security solution could enable 5G network operators to achieve three key tasks:

1. Deploy a network slice with integrated security controls

2. Test the network slice with end-to-end validation before production deployment using Spirent test technology

3. Protect the network slice from attacks

Putting 5G Security Automation and Orchestration Front and Center

The evolution of mobile networks has long focused on moving faster, and moving toward more distributed and abstracted network architectures. The payoff has been remarkable: networks that are massively scalable, extremely adaptable, and highly resilient.

But modern networks are also incredibly dynamic and complex. It's impossible to manage them or to deploy a modern service-based architecture without also implementing the automation tools required to manage and maintain them.

The same imperative applies to 5G security automation. As part of our network slice creation process, for example, IBM Cloud Pak for Network Automation serves as a master orchestrator, delivering the Network Slice Management Function (NSMF) to create a network slice across a cloud-native 5G network, running on Red Hat OpenShift. Security parameters are passed on to the orchestrator, and then instantiated and configured for the Palo Alto Networks CN-Series firewall. NSMF also deploys Prisma Cloud Compute Edition to protect the Kubernetes container environment supporting the core network functions. Before activation, the master orchestrator can initiate Spirent tests to validate newly provisioned 5G network functions and applied security policies for the slice. This process makes it possible to run automated 5G slice function and security tests and assessments as part of an operator's service activation, and as needed on an ongoing basis when components of the slice are updated.

Keeping Sight of End-to-End Security Goals

Our collaboration with IBM involves automating and orchestrating multiple products to protect 5G core network functions and to secure network traffic on user and control planes. It leverages three key Palo Alto Networks offerings:

  • Our containerized ML-Powered NGFW (CN-Series) — CN-Series provides deep visibility and advanced security for mobile traffic. It can detect and instantly remediate threats against individual mobile users or devices based on SUPI and PEI identifiers. The firewall leverages ML technologies for intelligent and proactive network security.
  • Prisma Cloud Compute Edition, which offers cloud-native security capabilities, such as runtime defense for container-based network functions and vulnerability and compliance management for the CI/CD lifecycle.
  • Our Panorama centralized firewall management solution provides real time threat visibility and consistent security policies customized for each network slice. It extends CN-Series firewall management capabilities and integrates with IBM's security solutions for network visibility, security control and automated remediation actions.

By combining the CN-Series firewalls, which provide deep visibility to 3GPP interfaces, with container security through Prisma Cloud, our partnership with IBM protects 5G networks end-to-end and across the CI/CD lifecycle.

IBM provides network automation, orchestration and security through their key solutions including:

  • IBM Cloud Pak® for Network Automation: an AI-powered telco cloud platform that enables the automation of network operations so CSPs can evolve to zero-touch operations, while delivering services faster.
  • IBM Cloud Pak® for Security: Open Security platform that helps Telcos gain deeper insights, mitigate risks and accelerate response advancing zero trust strategy.
  • IBM Security Services: turnkey network security services to design and implement network architecture, integrate security solutions into the environment, and security management – including health and threat monitoring, and writing and updating security policies.
  • Red Hat® OpenShift®: an enterprise-ready Kubernetes container platform built for an open hybrid cloud strategy. It provides a consistent application platform to manage hybrid cloud, multi-cloud, and edge deployments.

A Profitable Approach to 5G Security

Effective 5G security is absolutely essential. That would be true even if achieving it was expensive and disruptive.

Fortunately, it's neither of those things. Our collaboration with IBM delivers clear and quantifiable business benefits, including OPEX reduction and accelerated time-to-market via AI-assisted security automation for 5G networks.

What's even more exciting, however, is the potential to leverage these capabilities as an actual source of revenue. For example, as 5G network operators expand their enterprise services portfolio with enterprise 5G and other services, they have a unique opportunity to deliver security outcomes to their clients — and allow enterprise customers to build their own edge applications using the same security and cloud constructs. 5G network operators will be able to allow a customer to identify all of the devices currently connected to the network, and to enable threat detection and correlation back to those devices.

It's still early days, and there's still a lot to discover about how to make the most of these possibilities for 5G operators and their enterprise customers. What's certain is that there's plenty of opportunity waiting for operators that see 5G security for what it can be: an important revenue and growth opportunity.

At Mobile World Congress (MWC) Barcelona (Feb 28 - March 3 2022), IBM and Palo Alto Networks will demonstrate a 5G Network Slice with Validation, Security Orchestration & Response. This demonstration will showcase how telecom operators can deploy a network slice with integrated security controls, test the slice with end to end validation before production deployment, and help protect the slice from network attacks. Connect with me to schedule a demo at MWC and learn more.


Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.