Operator survey: Analytics and Assurance Are Critical for 5G Security

With frequent and sophisticated network attacks, how will mobile operators plan to secure a dynamic 5G network environment?

Black background with translucent globe with digital applications
Ruth Brown
Picture of Ruth Brown
Ruth Brown

Security attacks are becoming more frequent, sophisticated, and pervasive. Within the telecommunications industry, breaches are increasing yearly, and distributed denial-of-service (DDoS) attacks and customer data exposure are the most common. Disruption, heavy financial penalties, and reputational damage create a colossal burden for operators. 5G will require new analytics and assurance measures to defend against and prevent security issues and uphold stringent service-level agreements (SLAs).

5G architectures introduce disaggregated functions, API-exposure-based services, continual software updates, new interfaces, new protocols, and exponentially more devices—increasing vulnerabilities and evolving the threat landscape. This evolution presents unique security challenges associated with the need to have a single real-time holistic view of the network across the radio access network (RAN), edge, transport, and core network domains.

As a result, current node-based protection mechanisms such as firewalls, security gateways, and policy enforcement are being challenged. To meet the realities of this complex security model, new solutions must incorporate mechanisms to address the following 5G-driven security challenges:

  • Disaggregation: Cloud transformation and architectural changes present different vectors that can let threats in. Security detection and mitigation involve the correlation of multiple layers (for example, cloud infrastructure, virtualization/containerization, and 5G network domain) as manual inspection becomes too slow, difficult, and time-consuming—even for experts.
  • Dynamic environments: Frequent software updates, advanced services, and programmability (for example, network APIs) add the risk of malicious code compromising the network and exposing sensitive-data vulnerabilities. For example, software updates for network functions and infrastructure will require digital signing. However, additional security frameworks for securely automating, identifying, and monitoring irregular operations will provide a real-time defense.
  • Exponential subscriber endpoints: 5G user equipment (UE) to support consumers, connected industry, Internet of Things (IoT) and sensors, and multigenerational devices extend the threat surface for potential malware breaches, botnet attacks, signaling storms, and so forth. Future security solutions must identify malicious or compromised UEs quickly. Artificial intelligence/machine learning (AI/ML) algorithms can support this, processing massive amounts of data and predicting optimal outcomes.
  • Multiple domains to secure: The distribution of network functions, hybrid cloud networks, and virtual networks (network slices, for example) creates additional boundaries to secure. The cloud offers varied models for hosting mobile networks (full, hybrid, or even fallback scenarios). Visibility into the cloud and over multiple domains to identify boundary weaknesses or flag errors such as misconfiguration of gateways or tunnel IP addresses will be critical to safeguard security.

To build and deliver a new generation of security, operators must ensure they can observe and assure the entire network, taking advantage of new technologies for speed and efficiency.

A question from Heavy Reading’s “2023 5G Network Analytics and Automation Operator Survey” asks operators what role analytics and assurance will play in 5G standalone (SA) security detection and mitigation (click here to download the survey).
In the figure below, operators acknowledge the importance of analytics and assurance across all security detection and attack prevention options in their end-to-end networks. “Malware compromised UEs” and “Outbound traffic anomalies” are of the greatest importance to operators, with a combined 80 percent of respondents selecting “extremely important” and “important.”

This result acknowledges the potential damage of these attacks and the difficulty of detection with current methods.

Control and user plane separation introduced to the 5G architecture attempts to limit generational threats able to disable both planes simultaneously. However, operators still see a vital requirement for deep network security visibility, indicating the high importance of “Flow and state exhaustion attacks” and analytics for identifying masqueraded (network address translated traffic) and user plane traffic, according to the survey.

“Top talkers analytics” and “Spoofed IP addresses on UEs” received the lowest relative scoring among security options but remain high, with almost 70 percent of the combined votes indicating they were “extremely important” or “important.” The lower position of these responses compared with the other security options may be due to these established checks or the ability of certain network functions to gather some of this information. It is clear from these results that 5G security detection and prevention must be all-encompassing and include multiple options.

How important are the following areas of 5G SA security detection and attack prevention to your organization's analytics and assurance?

Graph data of 5G SA security detection and attack prevention

In conclusion, operators know the importance of maintaining a secure network and addressing the ongoing security challenges and vulnerabilities. To meet these challenges, 5G SA security detection and prevention mandates that a security stance cover multiple aspects, is holistic, and can identify and mitigate any spurious behavior in real time. Architecturally, these requirements demand built-in security to safeguard against increasing and more-advanced attacks. Therefore, operators must incorporate techniques such as AI/ML-driven security anomaly detection within analytics and assurance solutions to enforce secure, automated, and end-to-end protection. For more information, check out this archived webinar.

Visibility Without Borders
At NETSCOUT, we have a practical solution we call Visibility without Borders, delivered by our unique Smart Data technology that produces a common view of your network across technology, organizational boundaries, all locations, and all users. With NETSCOUT’s carrier-grade 5G solution, communications service providers (CSPs) gain visibility end-through-end, with software-based monitoring anytime, anywhere across physical, hybrid, and cloud environments. As guardians of the connected world, our mission is to empower you to confidently accelerate your move to 5G and harness those benefits faster. That’s Visibility Without Borders. For more information go to www.netscout.com/solutions/5g.—NETSCOUT