5G PROMISES TRANSFORMATIVE MOBILITY & INDUSTRY 4.0 ACCELERATION
4G LTE satisfies the need for faster mobile broadband connectivity and better user experiences, but the ongoing transition to new fifth-generation networks, or 5G, far exceeds in its potential to fundamentally change the way we live.
Not limited to simply enabling the next phase of enhanced mobile connectivity, 5G will spark an unprecedented wave of innovation that will transform how businesses and industries operate.
Fourth industrial revolution, also referred to as Industry 4.0, has already arrived. However, its actualization will be largely dependent upon advanced mobile wireless connectivity made possible with 5G-supported enhanced mobile broadband (eMBB), massive machine type communication (mMTC), and ultra-reliable low-latency communications (URLLC).
With industries moving toward automation and hyperscale, a wide range of use cases such as massive IoT, mission-critical IoT, smart cities, smart grids, and smart factories—to name a few—are on their way to coming into reality with 5G—the single most powerful enabler of ubiquitous connectivity between users, devices, machines, and systems.
As connected business models continue to emerge out of 5G and the cloud, you must prepare to deliver novel up-to-the-minute digital experiences across multiple consumer segments.
5G is use case driven and will enable Industry 4.0 requirements of massive connectivity with ultra-reliability and ultra-low latency
Powering the
Digital Economy
The market opportunity with 5G-enabled industry 4.0 innovation is massive. But to live up to its potential, your mobile network requires a wide variety of advanced security safeguards to safely deliver 5G-powered applications and services.
Prepare for Your Move up the Value Chain
New 5G-powered services economy will allow mobile network operators to capitalize on new market opportunities by remodeling their network architectures to become purpose-built to accelerate industry 4.0 requirements.
The core value proposition of current 4G LTE mobile network operators is to provision wireless communication services, such as voice, video, and data to businesses and end users.
However, owing to the power of 5G in heralding systemic changes in a multitude of industry ecosystems, service providers now have the ability to redefine their business models and innovate on their own value proposition.
From being known simply as providers of wireless connectivity to establishing themselves as the mainstay of the Industry 4.0 revolution, in the new era of 5G, mobile network operators have the opportunity to move up the value chain and capitalize on net-new opportunities of revenue generation.
New 5G Architectures Are Impacting Network Security Postures
New 5G-powered services economy will allow mobile network operators to capitalize on new market opportunities by remodeling their network architectures to become purpose-built to accelerate industry 4.0 requirements.
5G vastly differs from 4G in terms of driving a total end-to-end network architecture change—from the radio access network and the evolved packet core to the mobile edge. Some examples of these network architecture enablers of 5G include:
Service-Based Architecture (SBA)
5G networks leverage SBA using control and user plane (CUPS)design principles to reduce latency, support the increase ofuser data traffic, and allow for a more efficient core.
Network Slicing
Network slicing splits a single physical infrastructure into multiple end-to-end virtual networks and allows operatorsto portion out their network for specific customer use cases: mobile broadband, massive IoT, mission-critical IoT, and otheremerging use cases.
Multi-Access Edge Computing (MEC)
MEC places user plane functions and applications at the edge of the mobile network for traffic optimization and agility of ultra low latency use cases.
Evolving network architectural changes vastly impact 5G security postures that mobile operators are required to adopt in their journey to 5G.
Expansive in Scope, 5G Threat Vectors Are Wide & Multi-Faceted
Threats from Mobile Devices
A botnet infecting a large number of mobile devices—especially those running on Android operating systems—can cause application layer (Layer 7) attacks and signaling storms on the evolved packet core (EPC).
Threats from IoT Devices
Multiple interconnected IoT devices are even more complex to secure. Vulnerable to intensified weaponization with botnets and control by malicious command and control (C&C) servers, they can be used to launch signaling storms and targeted attacks on critical infrastructure.
Evolving network architectural changes vastly impact 5G security postures that mobile operators are required to adopt in their journey to 5G.
Threats from the Internet
The IP-based service architectures of 5G networks make them a prime target of attacks common over the internet. An application layer (Layer 7) attack launched over the internet can severely derail the availability of 5G services. Not to mention, zero-day attacks launched from a web browser leave no opportunity for detection and are impossible to prevent using standard blacklisting approaches.
Threats from Roaming Networks
Roaming IoT services are expected to bring in 20-30% of service revenues to operators by 20204 with average data traffic between network-to-network roaming partners in mobile networks to exceed 1GB per subscriber5. GTP and SCTP/SS7/Diameter vulnerabilities present a growing attack surface mostly aimed at causing signaling storms and DoS attacks caused by malware-infected weaponized IoT devices. The attacks impair mobile networks with outages, congestion, and subscriber service disruption.
Expansive in Scope, 5G Threat Vectors Are Wide & Multi-Faceted
Security Challenges to Network Slices
As more end-to-end network slices will be portioned out to support specific use cases in the 5G-enabled era, the number of successful attack vectors will potentially increase by opening up entry points into multiple individual network slices. Network slices can be vulnerable to denial of service (DoS) attacks by bad actors if security measures that detect anomalous behavior in a network slice are not implemented.
Security Challenges to Multi-Access Edge Clouds
Tracking the threat landscape becomes more challenging when talking about securing edge clouds, where core network functions, content, and applications are distributed across multiple virtual machines or data centers, and large volumes of data are cached closer to end users and connected devices. Edge clouds potentially provide sophisticated bad actors numerous malware injection points into the network to which the ever-growing volume of mobile and IoT devices eventually connect.
With threats and attack vectors becoming more sophisticated, you must step up your security approaches with a new level of sophistication.
Your 5G-Ready Next-Generation
Firewall Must Provide
Deep Visibility and
Granular Control
Your 5G-ready firewall must provide complete visibility into all layers on the network—signaling, data, control planes—together with visibility into application layer (Layer 7) mobile tunnels. With full visibility, your threat response teams can adopt a preventive approach to security and proactively manage anomalies and malformed traffic on the access and roaming networks.
Automated Threat
Correlation
With innumerable devices projected to attach to the mobile network, your 5G firewall should be able to correlate mobile subscriber data (IMSI) and mobile device data (IMEI) to GTP inspection data to allow threat response teams to identify and isolate impacted users and infected devices.
Security Automation for
Rapid Threat Response
With both 4G and 5G networks being increasingly virtualized and highly distributed, successful outcomes of your security posturing will require actionable insights to provide swift response to threat mitigation. Look for automated, cloud-based threat intelligence built into your 5G-ready firewall. Powered by machine learning and artificial intelligence, data-driven threat prevention enables rapid, real-time responsiveness to anomalous behavior across your network.
Dynamic Security Insertion
Your 5G-enabled firewall should protect your high-value physical and virtual network infrastructure assets, subscribers, and services from known and unknown cyberthreats. Dynamic security insertion allows for automated firewall provisioning and works with your network function orchestrators to keep security policies in lock-step with workload creation and movements across the network. Dynamic security insertion is cloud-agnostic and enforces uniform security policies across your distributed 5G architectures.
A Cloud-Ready NFV Platform
Your 5G firewall should run on a cloud-ready platform with identical features across both physical and virtualized deployments. This is essential for consistent security enforcement across all network locations. Look for an offering with open APIs for integration with network function virtualization (NFV) and software-defined networking (SDN) ecosystems. This is important considering NFV enables network slicing, and SDN is pivotal to managing the network from a centralized control plane. Your 5G firewall must also enable both vertical and horizontal scaling of virtual network functions (VNFs) to enhance the agility of your network and allow flexibility with deployments.
Deployment Flexibility with Wide Support of Networking Features
Fully operational 5G networks that support industry-transforming use cases are still under development. However, initial rollouts of 5G are now underway. You may be a few years away from completely migrating your mobile network over to 5G. Keeping current needs in mind, your 5G-ready next-generation firewall should be configurable to not only secure your existing 4G LTE network but also future 5G and IoT deployments—when you are ready to take that all-important leap in your journey to 5G.
Additionally, a wide variety of networking features arerequired for ease of integration into your existing 4G andfuture 5G network. Look for a 5G-ready next-generationfirewall that is armed with advanced GTP security (GPRSTunneling Protocol) on both user and control planes, SCTP (Stream Control TransmissionProtocol) for SS7/Diameter signaling security, and IP (Internet Protocol) security features in addition to an advanced networking feature set.
Introducing K2-Series by
Palo Alto Networks
Cybersecurity Industry’s First “5G-Ready” Next-Generation Firewall
Keeping your 5G and IoT security requirements in mind, Palo Alto Networks K2-Series 5G-ready Next-Generation Firewalls have been specifically developed for mobile network deployments. To keep pace with the ever-expanding volume of application, user, and device-generated data, the K2-Series is designed for high performance to deliver advanced threat prevention capabilities to secure your mobile network from end to end.
Configurable to meet the requirements of securing your existing 4G networks together with future 5G and IoT deployments, the K2-Series firewalls include all of our PA-5200 and PA-7000 series appliances for physical deployments as well as our portfolio of VM-Series Virtualized Next-Generation Firewalls designed for deployment in a wide range of NFV environments.
Benefit from the Unique Advantages of Deploying K2-Series Next-Generation Firewalls into Your Mobile Network
Unprecedented visibility and threat controls across RAN, EPC, Roaming, and Narrowband IoT
Dynamic insertion of security policies for full context sharing with network function orchestrators
Automated IMSI/IMEI threat correlation to all GTP inspection logs
Cloud-ready NFV offering for consistent security enforcement across physical and virtual network locations
Automated security with cloud-based threat analytics powered by AI/ML techniques
Deployment flexibility with both legacy 4G LTE and 5G with wide support of networking features
Safely Deliver 5G-Powered Services
Secure Your Entire Mobile Network with K2-Series Next-Generation Firewalls
To learn more about the security features and associated capacities of the K2-Series, please visit:
Think 5G Security. Think Palo Alto Networks.
At Palo Alto Networks, our mission is to protect our digital way of life. We deliver consistent security across service provider networks, subscribers, devices, and services to fundamentally transform how service providers can protect their networks and customers, manage new risks, and take full advantage of new market opportunities.
Founded in 2005, Palo Alto Networks is based in Santa Clara, California, and serves customers globally with offices worldwide. For more information, visit:
Get the K2-Series Product Data Sheet
DOWNLOAD NOW
Threats from the Internet
Palo Alto Networks
3000 Tannery Way
Santa Clara, CA 95054
Main:
Sales:
Support:
+1.408.753.4000
+1.866.320.4788
+1.866.898.9087
© 2023 Palo Alto Networks, Inc. Palo Alto Networks is a registeredtrademarka of Palo Alto Networks. A list of our trademarks can be found at https://paloaltonetworks.com. All other marksmentioned herein may be trademarks of their respective companies
Sources:
1 - 2019 Ericsson Mobility Report
2 - 2019 Ericsson Mobility Report
3 - GSMA
4 - Mobile Network Operator survey on Roaming Internet of Things
5 - Mobile Roaming: Regulations, Opportunities & Emerging Sectors 2017-2022
2
/15
3
/15
4
/15
5
/15
6
/15
7
/15
8
/15
9
/15
10
/15
11
/15
12
/15
13
/15
14
/15
15
/15