SHARE THIS BROCHURE Evolving Mobile Network Security Needs in the Age of IoT and 5G 00 Introduction 01 How Did We Get Here? 02 A New Atmosphere of Mobile Network Attacks 03 5G: New Capabilities, New Security Concerns 04 The Rise of IoT and 5G Devices 05 The Role of Security Automation and Artificial Intelligence 06 5G Security Use Solutions 07 Summary Contents Creating a Secure Climate for Your Customers People simply hate to be disconnected. They want 24x7 access to high-speed internet everywhere from any device. All that tweeting, texting and telecommuting translates into dramatic growth in mobile traffic. Global mobile data usage is predicted to grow at a compound annual growth rate (CAGR) of 47%, reaching 49.0 exabytes per month by 2021. Ever have that panicky feeling when youre not sure where you left your mobile device? Its a sign of the times that the sensation has a name: nomophobia. Then factor in the internet of things (IoT), which includes billions of machines around the world connected to the internet. Every smart refrigera- tor, thermometer and printer, to name a few, require an always-on network connection for remote monitoring and data sharing. While most service providers are just now getting a handle on 4G networks, 5G network trials are set to debut in major metropolitan areas in the United States by the end of 2018. The GSMA predicts Asia (China and Japan), Europe and the U.S. will be leading the 5G market by 2025. 2020 is the beginning of a mass rollout of 5G networks. Service providers have a short runway to figure out security issues. 00 INTRODUCTION EVOLVING MOBILE NETWORK SECURITY NEEDS IN THE AGE OF IOT AND 5G | 3 These developments combine to create a complex mobile ecosystem with multiple entry points for attacks. Every device connected to your network is a potential security weakness. Hackers can target your customers to steal data or use their devices to generate attacks on your network or other companies networks and applications without the users knowledge. IoT devices are especially vulnerable because manufacturers are more concerned with keeping prices low than adding security features. That means there are potentially millions of unprotected endpoints on your mobile network. THE CHALLENGE IS AN OPPORTUNITY. Mobile service providers can establish a competitive advantage by creating a secure environment that protects customers data and devices, building superior trust with their users in comparison to other service providers. A CASINO FOUND OUT the hard way that the internet of things is a jackpot for attackers. By tapping into the smart thermometer that controls the temperature of the water in the lobby aquarium, hackers went on a fishing expedition in the casinos network and landed its database of high-end clients. SOMETHINGS FISHY HERE 00 INTRODUCTION EVOLVING MOBILE NETWORK SECURITY NEEDS IN THE AGE OF IOT AND 5G | 4 01 How Did We Get Here? The Evolving Network Security Environment 01 HOW DID WE GET HERE? The smartphones we take for granted have more computing power than the computers that guided the Apollo 11 moon landing. In the almost quarter century since mobile devices transitioned from a luxury to a must- have, the severity of network security issues has kept pace. Network technologies tend to last 10 to 15 years before all users can be transitioned to the new network. That means managing and protecting more network elements that are required as overlays and gateways to connect multiple generations of wireless devices. Each generation of network technology introduces a new set of security challenges. Mobile Standard Primary Focus Typical DL Speed (Mbps) Typical Latency (milliseconds) Security Focus Security Provisions 2G Voice 0.1 629 Stealing voice calls OTA encryption SIM cards 3G Voice/data 8 212 Stealing data payload Rogue networks Packet encryption Mutual authentication 4G Data 15 96 Stealing data payload Enhanced key management 5G Data 100 1 Mobile instantiated attacks Mobile security services Cloud perimeter protection Secure network slices EVOLVING SECURITY CHALLENGES As mobile network technologies progress, new and more complex security issues are introduced. Service providers must adapt to protect their networks and create a secure online environment for customers. 5G connection speeds and latency are on par with wireline networks. The bad actors that threaten wireline networks will launch similar large-scale, complex attacks, which have been successful in wireline, on the 5G networks of unprepared service providers. EVOLVING MOBILE NETWORK SECURITY NEEDS IN THE AGE OF IOT AND 5G | 6 01 HOW DID WE GET HERE? THE INCREASING INTENSITY OF THREATS The severity and frequency of network attacks continues to evolve at an alarming rate. Source: InfoSec Institute and Radware Malicious codes Trojan Advanced worms Cybercrime and viruses initiated Morris worm and others Identity theft Phishing DNS attacks Rise of botnets SQL attacks Anto-spam sites Competitive sabotage escalation Social engineering DoS Botnets Malicious emails Ransomware attacks PoS comprised Banking malware Keylogger Bitcoin wallet stealer Identity theft Phone hijacking Ransomware attacks PoS attacks Cyberwarfare Android hacks Cryptojacking Cryptomining PRESENT 2013 2010 2007 2004 1997 EVOLVING MOBILE NETWORK SECURITY NEEDS IN THE AGE OF IOT AND 5G | 7 01 HOW DID WE GET HERE? 2G With the introduction of 2G in the 1990s, service providers only concern is protecting voice calls. Security measures focus on authenticating and encrypting calls on the radio access link. Calls are not secured on the fixed network portion of the transmission. 3G Faster speeds and access to the mobile internet are the hallmarks of 3G network tech- nologies. The next generation of mobile networks offers much better security than 2G in the way it encrypts voice and data traffic. The main concern is not attacks on the network, but rather base station spoofing that enables hackers to listen in on data traffic. Every generation of network technology introduces new threats to the mobile ecosystem. As service providers embrace innovations in network technologies to keep customers connected, they must also address new and complex security threats. PAUL VIXIE KNOWS. The computer scientist who played a big role in the early days of the internet said that the system was intentionally built to be open. “Every app we built for the internet was designed as if it was for a boy in a plastic bubble, a com- pletely clean environment with nothing malicious,” Vixie said. . WHY IS THE INTERNET NOT SECURE? EVOLVING MOBILE NETWORK SECURITY NEEDS IN THE AGE OF IOT AND 5G | 8 4G 5G The advent of 4G opens the mobile ecosystem and delivers significantly faster data speeds. But the security vulnerabilities in the 4G protocol enable attackers to impersonate devices to launch DDoS attacks or access users sensitive data. 5G mobile networks promise to be blazing fast with speeds similar to whats available on landlines. Users and IoT devices will greatly benefit from extremely low latency. All traffic is in the cloud; everything is distributed. On the flip side, the widespread rollout of next-generation networks is great for hackers because it broadens their ability to wreak havoc by attaching a server to a 5G connection from anywhere to team up with an army of other servers to launch attacks. A NEW DISTURBING TREND IS EMERGING ON 4G NETWORKS. In the past 12 months, hackers have figured out how to use mobile devices to launch network attacks. For example, a North American service provider noticed a slowdown in mobile traffic which the provider originally blamed on congestion. With the help of Radware, further investigation revealed that about 30% of the traffic on the wireless network came from mobile devices launching DDoS attacks without the users knowledge. ATTACK OF THE MOBILE DEVICES 01 HOW DID WE GET HERE? EVOLVING MOBILE NETWORK SECURITY NEEDS IN THE AGE OF IOT AND 5G | 9 02 A New Atmosphere of Mobile Network Attacks 02 A NEW ATMOSPHERE OF MOBILE NETWORK ATTACKS The climate for mobile network attacks is constantly changing. Its difficult for network security managers to forecast and prepare for whats next because hackers never sit still. Theyre always developing new and technologically sophisticated ways to target mobile network services and their customers. Watchdog groups have taken notice and are raising alarms on the preparedness of service providers to mitigate attacks on 5G networks. A Federal Communications Commission (FCC) advisory group recently warned that 4G mobile networks are “increasingly vulnerable to cyber intrusion” because of threats to the Diameter protocol, a weak link in mobile networks that enables outside traffic to flow between operators networks. While no real attacks are reported, some suspect traffic has been detected. Cybersecurity agency ENISA warns that , as 5G is rolled out, unless development of standards keeps pace, security risks prevalent in current mobile technologies will carry forward. Because 5G network operators want incremental opportunities to monetize the network and applications, more cloud applications will be dependent on a variety of APIs. That gives rise to a complex world of interconnected devices, including smartphones, mobile devices and IoT appliances. Hackers will be able to exploit a single point of access in a cloud application to quickly expand the attack radius to other connected devices and applications. ARMY OF DIGITAL ATTACKERS One hacker can quickly become an army of attackers by deploying botnets, a series of computers or mobile devices infected with malware that enables them to be directed remotely by a command and control (C resource, domain and service orchestration; service information management; network capability discovery INFRASTRUCTURE CONTROL OF (VIRTUAL) NETWORK FUNCTIONS Network softwarization, cloud, orchestration mobility control, mobile edge computing (Virtual) Network Functions Converged Data Common Control and Enforcement Source: 5G PPP, View on 5G Architecture EVOLVING MOBILE NETWORK SECURITY NEEDS IN THE AGE OF IOT AND 5G | 19 DEVICE THREATS Malware Sensor susceptibility TFTP MitM attacks Bots DDoS Firmware hacks Device tampering AIR INTERFACE THREATS MitM attack Jamming RAN THREATS MEC server vulnerability Rogue nodes BACKHAUL THREATS DDoS attacks CP/UP sniffing MEC backhaul sniff 5G PACKET CORE AND OAM THREATS Virtualization Network slice security API vulnerabilities IoT core integration Roaming partner vulnerabilities DDoS and DoS attacks Improper access control SGI/N6 AND EXTERNAL ROAMING THREATS IoT core integration VAS integration App server vulnerabilities Application vulnerabilities API vulnerabilities Slice 1 Slice 2 Slice 3 Slice 4 CP/UP Slice 1 CP/UP Slice 2 UP Slice 4 CP Slice 3 CP/UP Slice 1 UP Slice 3 UP Slice 3 CP Slice 4 Application Servers RAT 1 RU Slice 1 SP Services/Internet RAT 2 RU Slice 2 RAT 3 RU Slice 3 RAT 3 RU Slice 3 Distributed DC (vBBU/MEC/UP) RAT 4 RU Slice 4 Legend THE 5G ARCHITECTURE An SDN/NFV-supported foundation transitions 5G services and technologies to the cloud. The 5G architecture separates the user data and control planes, which improves network flexibility and centralized control and makes performing network slicing easier. Open and Virtual The nature of 5G networks requires an open ecosystem. Unlike earlier generations of networks that are controlled by the service provider that owns and manages the infrastructure, 5G depends on the virtualization of network functions. The result for service providers is less control over the physical elements of the network. According to Ericsson, “For the same reason, standard interfaces to the computing/ network platforms such as those defined by ETSI (the European Telecommunications Standards Institute) in their network function virtualization work are necessary to ensure a manageable approach to security. When operators host third-party applications in their telecom clouds, executing on the same hardware as native telecom services, there are increased demands on virtualization with strong isolation properties.” NFV and its sister technology, software-defined networking (SDN), are mainstays of the 5G cloud-based architecture. The application stacks riding in the cloud environment enabled by SDN and NFV technologies introduce new threat vectors. 03 5G: NEW CAPABILITIES, NEW SECURITY CONCERNS 5G ARCHITECTURE DISTRIBUTES THREATS THROUGHOUT THE NETWORK According to Cisco, the 5G network expands the threat surface for attacks because the network archi- tecture is more flexible and open to the internet. For localization and to reduce latency, applications and use cases need compute and storage locations closer to the edge of the network. Virtualized components are placed across distributed edge and centralized core clouds. There is an emphasis on software-based network enablers such as SDN (soft- ware-defined networking), SDA (software-defined access) and SDR (software-defined radio). EVOLVING MOBILE NETWORK SECURITY NEEDS IN THE AGE OF IOT AND 5G | 20 Vulnerabilities in software components are a major challenge to securing the NFV environment. Nokia warns that, for example, “when applying NFV, the integrity of virtual network functions (VNFs) and the confidentiality of their data may depend to a larger degree on the isolation properties of a hypervisor. More generally, they will also depend on the whole cloud software stack.” Attacks on SDN control applications that interact with a central network controller can also cause major issues for mobile service providers. Network Slicing 5G enables service providers to “slice” portions of a spectrum to offer specialized services for specific types of devices. Different slices can be associated with security, data-flow isolation, quality of service, reliability and other important factors. The technique of network slicing enables the definition of multiple logical network slices on top of the same physical infrastructure. Resources can be dedicated exclusively to a single slice or shared between different slices. A network slice may also support one or many services. It can be used to create a virtual operator network for several purposes, including a complete private network, a copy of a public network to test a new service or a dedicated network for a specific service. Because most network functions will operate in NFV environments, NFV security consider- ations greatly impact 5G mobile network security architectures. Security measures that separate different network slices running on the same infrastructure are necessary to secure data and prevent virtual machines in one slice from communicating with other slices. When network functions are no longer assigned to specific hardware elements, dynamic software allocation plays a big role in security protocols. SECURITY FOCUS AREAS As 5G rolls out, mobile service providers face a number of new security issues to