The 5G Era: Secure your Everything
Supporting ten times more devices per km2 than 4G, higher capacity, faster connections, higher throughput and lower latency, the 5G cellular network is gearing up to become a legitimate replacement for Wi-Fi. Using their 5G networks, carriers can transform into genuine experience providers and critical players in the cloud and application delivery value chain. However, these complex 5G network and new applications will open a Pandora’s Box of new vulnerabilities and attack surfaces. These can be roughly divided into three categories – Network, Cloud, and Application threats.
5G expands Network cyber risks
The core carrier network will be exposed to attacks related to communication protocols such as SS7, GTP, Diameter, GRX and SIP. A new set of vulnerabilities will be associated with the network’s MIMO capabilities, which allow simultaneous communications with several sources and destinations. Some of these issues will be tackled by core equipment vendors such as Nokia and Ericsson, but many others will have to be solved with virtual security gateways deployed throughout the network.
New threats in the Cloud
As the usage of contemporary models such as containers, VM and serverless computing increases, so will cloud-related threats. Dealing with these threats will require top-notch security posture management. Security administration and monitoring should include real time awareness of misconfigurations, security groups, and compliance for containers in Kubernetes environments. Cloud intelligence and threat hunting with auto-remediation capabilities will also be required, in order to keep the cloud deployment safe and secure at all times.
Increase in Application Threats
Last but not least, application-related threats will become more prominent. Web and application security will require WAAP solutions, including web application protection, API security, and prevention of malicious bot activity. In addition, workload protection will require components such as secure serverless functions, source code scanning, and prevention of runtime corruption.
Are we prepared for the 5G revolution?
With the advent of 5G, carriers will provide new services to consumers and businesses that will monetize their advanced network infrastructure. The new services, which will require a specific security component, can be divided into three main areas:
1. Private Networks: 5G-based private networks will be deployed in large but well-defined areas like campuses or stadiums. As an example, one of the largest airports globally is now looking to install such a network, which will deliver higher speed and better reliability than its existing communications infrastructure. However, a private 5G-based network requires superior security, not only because of all the threats described above, but also because the interface between the general carrier network and the private network adds additional attack surfaces to the mix.
2. Wireless Broadband: Wireless broadband replacement by 5G networks will allow high-quality connectivity similar to that of Wi-Fi or even fiber, but deploying it does not require cables like fiber does, and it provides higher speeds and lower latency than Wi-Fi. It’s also a great broadband solution for people who are on the go and cannot always be connected to fiber or Wi-Fi. 5G’s novel architectures, like SDN (Software Defined Network) and NFV (Network Function Virtualization), will allow providing to consumers and businesses alike a full spectrum of new features, smart and adaptive, which will let them get a completely different communication customer experience over existing broadband.
In particular, workloads that can now run only in a fixed broadband environment will be able to move to the network’s edge – out of the factory and the office to the field. Gaming trucks won’t need to be equipped with heavy computing power but will rather be able to deliver their offering straight from the cloud. An augmented reality application for shop floor training and repair could be accessed from any location. Healthcare facilities, aided by virtual experts with real-time capabilities, could now provide medical assistance everywhere – and so on.
Then again, the new 5G vulnerabilities described above need to be tackled by carriers before they are able to provide these services to their customers in a reliable manner.
3. IoT Communications: Last but not least, IoT Communications is a new promise by 5G which will allow every device to be connected, operated and monitored through the internet, based on the low latency provided by the network. The Service Provider will be expected to deliver to its customers not only the connectivity but also the telemetry analysis as a layer above that. In addition, in order to ensure the low latency required, Service Providers are expected to lean heavily on Edge Computing, i.e. deployment of computation resources closer to where the IoT devices are located. And, of course, here too, this application of 5G brings with it a whole set of new security threats. IoT devices will require zero-trust policy tailored per device, using real time threat intelligence, and on-device runtime protection against zero-day attacks, regardless of how or where the device is deployed. IoT manufacturers and developers will also have to protect their devices against firmware flaws and vulnerabilities, enforce policies at the device level and differentiate their offering.
Check Point’s innovative Infinity NEXT platform, delivering cross-organization multi-practice security based on a distributed nano agent model, provides enterprises with the ability to transition to edge computing in a secure manner. One can attach nano agents to edge devices and to software residing in the cloud, thereby securing fully distributed environments. The platform and its unified management allow enterprises to use a single security solution to support both traditional corporate security as well as the entire range of security scenarios required by 5G edge computing.
As can be seen, 5G brings with it many opportunities – but also a full spectrum of terrifying threats. Service Providers will have to offer to their customers new and exciting 5G-based services in order to stay in the game and differentiate themselves from their competitors. However, at the same time they would also need to resort to more sophisticated security, in order to ensure that these services will be provided in a reliable manner.
For information about Check Point’s offerings for Service Providers, visit this webpage.