t cht lk
GTP firewall provides scalability and
supports uninterrupted operations
while protecting subscribers and the
mobile core against GTP-based threats
such as information leaks, malicious
packet attacks, fraud and DDoS attacks
through GTP interfaces in the access
networks and GRX/IPX interconnect.
3. Network slicing – Intelligent
Traffic Steering
Network slicing will allow mobile
operators to offer security and other
capabilities tailored to each vertical
application and to capture revenue
from these diverse use cases, without
losing the economies of scale of
common infrastructure. Network slicing
isolates each use case or service from
one another so that the services can
be independently deployed, managed
securely, and delivered in a robust
way. This solution identifies specific
types of traffic by multiple criteria
including radio access type, IP address,
DNS address, device type, destination,
subscriber ID and other parameters and
then redirects these ‘slices’ of traffic
to value-added service platforms, such
as protection platforms for deeper
threat analysis and scrubbing. This redirection
can be based on either static
policy or dynamic factors. This solution
enables differentiated treatment to
the developing 5G use cases, deepens
the security posture and boosts
revenue opportunity without adding
unnecessary inspection load on the
entire network.
4. Network Wide DDoS Detection and
Mitigation System
Mobile operators must maintain high
network availability at all times. DDoS
attacks target mobile networks and
their subscribers with high volume
message floods that overwhelm
infrastructure and can cause service
degradation and network outages.
Now, targeted attacks can also come
from any network peering point
and include both volumetric and
lower volume, sophisticated attacks
against specific network elements or
important applications of key enterprise
customers. Over-provisioning of network
elements to meet rising threat volume
or simply blocking traffic during an
attack increases costs and can result
in service denial for critical traffic.
Operators need a more cost-efficient
and comprehensive approach that
quickly detects and mitigates DDoS
and infrastructure attacks across
the entire mobile network without
denying service to important traffic.
Service providers can achieve full DDoS
resilience and improve security by
using a layered approach for detecting
and mitigating attacks of all types
and sizes before attackers take down
their targets.
5. Secure, efficient MEC
Multi-Access Edge Compute (MEC)
architecture is often part of the 5G
transition plan. In a MEC architecture,
network traffic processing functions
move from a centralised data centre or
mobile core to a number of distribution
points that are located closer to the user
at the Edge. A distributed architecture
with thousands of nodes increases
management difficulty and requires a
high level of automation and analytics
for deployment, management and
security and operational changes. We
at A10 Networks offer a Thunder CFW
solution that offers high performance,
low latency in a software-based or
hardware form factor for firewall, CGNAT
and IPv6 migration, traffic steering
and other functions. Many functions
that may have been provided by single
point appliances are combined into
one appliance, virtual instance, bare
metal or container. Cost-efficient, highperformance
security is ensured without
exceeding space and power limitations.
Centralised management and analytics
simplify operations for lower TCO.
As we reach the halfway point of 2020,
the A10 study indicates that major mobile
carriers around the world are on track
with their 5G plans, and more expect to
begin commercial build-outs in the coming
months. That means mobile operators
globally need to proactively prepare for the
demands of a new virtualised and secure
5G world.
That means boosting security at key
protection points like the mobile edge,
deploying a cloud-native infrastructure,
consolidating network functions,
leveraging new CI/CD integrations and
DevOps automation tools, and moving
to an agile and hyperscale service-based
architecture as much as possible. All
these improvements will pay dividends
immediately with existing networks and
move carriers closer to their ultimate goals
for broader 5G adoption. •
“
WHILE THE
REPORT SHOWS
5G ADOPTION IS
SCALING RAPIDLY,
ONE OF THE MAIN
CONCERNS FROM
THE REPORT WAS
SURROUNDING
CYBERSECURITY.
www.intelligentcio.com
INTELLIGENTCIO
69