INTELLIGENT VERTICAL: TELECOMS
Ultra-reliable low latency
communications: Focuses on mission critical
services such as virtual reality, tele-surgery,
healthcare, intelligent transportation, industry
automation, manufacturing robotics and
factory automation. Previously delivered
through a wired connection, 5G is now an
alternative for these use cases.
Massive IoT. Can support the number of
scalable connections required, while service
providers can use network slicing technology,
to deliver network as a service for businesses.
Ali Amer, Managing Director, Global Service
Provider Sales, Cisco Middle East and Africa
expected to handle more data-intensive
applications and deliver low-latency
connectivity to more devices.
The roll out of 5G networks provides an
opportunity for service providers to gain
benefits from next generation cycles in the
data centre, networks, mobility, in a multi-
vendor environment. Significant changes, such
as personalised networks are now possible
through slicing and other granular functions.
Simultaneously, 5G is about service providers
being able to exploit new enterprise use cases
and new revenue streams. In parallel, new
transient network surfaces raise additional
challenges of security and country regulations.
Some of the new use cases that 5G will
cater to include autonomous transport,
augmented and virtual reality, smart city
traffic management, rapid response services,
robotics in manufacturing, healthcare and
fitness, smart grids and utilities, smart offices,
smart homes, industrial automation, machine
to machine communications, 3D video and
high definition screens, working and play in
cloud. Other use case categories include:
5G enhanced mobile broadband
offers high speed and dense broadband
connectivity to users. With performance
of Gigabit speeds, 5G is an alternative to
fixed line connectivity services. To support
enhanced mobile broadband use cases,
the mobile core must support high density
performance, scalability and security.
86
INTELLIGENTCIO
The 5G network will bridge wireless and
wireline networks, forcing a major network
architectural change from radio access to
core. This requires transition to cloud native
applications, monitoring and managing an
end-to-end network, including radio access
networks and packet core. It also combines
and leverages the capability of a variable
bandwidth network with mixed and flexible
access. On the flip side, this enhanced
flexibility increases the surface vulnerable
to threats.
Securing 5G networks requires complete
visibility of the stack managing a use case
and controls to take remedial action. Contrary
to traditional carrier networks, 5G networks
require visibility from the edge to the cloud
platform, to the application and across the
extended network to the endpoint.
Securing the 5G network then requires
comparison to the normal baseline behaviour
and alerts for any deviation. The key
functional aspect being to be able to measure
the network, so that it can be managed.
Continuous aggregation of near real-
time network data allows analyses of the
workflow through a security controller. Based
on predefined security policy, remedial
action and controls can be triggered.
Inbuilt machine learning capability
monitors the remedial actions and its
ability to counter threats, as an iterative
loop for further improvement and action at
a later stage.
Day zero attacks are typically where the
signature and finger print of the threat
actor, exploiting an unknown vulnerability,
are seen for the first time. These can be
detected by variation from the baseline
behaviour of the network, cloud and
applications. Remedial action is then
initiated by the security controller to
identify, isolate, and control the threat.
Day one attacks are previously identified
threats, where a series of counter attacks
have already been developed and can be
initiated with predictable results.
Applying these types of responses in
a closed loop process, where both the
controller remediation and its results can
be monitored and recorded, can help in
improving future responses.
Another way of securing 5G networks is the
advanced usage of encryption. Half of all
Internet traffic today is encrypted, and this is
expected to increase. Machine learning can
be used to build analytics from encrypted
Internet traffic increasing the visibility of
threats as close to the threat as possible.
This reduces the possibility of collateral
damage inside the 5G network.
New tools for increasing visibility inside 5G
networks include application level probes
and path computation elements. An
application probe is an automated cell that
travels across the network and benchmarks
the application performance at various
network points.
A path computation element, feeds network
characteristics at every point of the network
into a near real-time database to simulate
functioning of a network. As an example,
remedial responses to a DDos attack are
first simulated using the near real-time
network database to assess the impact
before initiation.
The nature of the 5G network creates
a widely distributed data centre and an
expanded attack surface. Such a topology
is susceptible to lateral attacks and threats.
This can be countered by segmenting
the network – right from the edge, across
gateways, applications, wireless and wireline
networks, back-haul networks and so on.
Segment routing is an important tool in
network segmentation.
By investing time and money in securing
their 5G networks, service providers can
be better assured of a predictable return
on investment. n
www.intelligentcio.com