Securing next-generation mobile networks
With the 2016 Mobile World Congress now underway, we see more than ever how the industry is looking ahead to what the future brings. There is a great deal of energy all around the show as everyone is eying a future 5G connected world with new devices, new apps, and new services that are eclipsing our collective imaginations ... it’s not a surprise that the theme for this year is “Mobile is Everything.”
One topic that is certainly getting a lot of attention at the show is security. That’s no surprise since it is affecting users and service providers alike; and as the industry continues to evolve with its explosive growth and change, so too will security threats. Cisco’s Visual Networking Index (VNI) report1 predicts that IP traffic will triple between 2014 and 2019, and according to the report, that means ‘enhanced security and intelligence [will be] required’ to deal with all the new devices that will be connecting to networks.
It’s not just the devices: as the networks themselves are re-architected, new threats will emerge. And as the new networks emerge, develop, and scale, service providers will also have to scale their security architectures to keep up with the threats. The two simply have to go hand in hand. So it’s scaling, performing, and providing security at the same time.
The nature of security approaches is changing rapidly, from being perimeter-oriented with well-defined borders to protect to now being more dynamic in nature with granular requirements across the network, the devices, and the applications. The simplistic approach of placing a security appliance in front of defined perimeter is a thing of the past.
As networks evolve, as they become more virtualised, they will also get more “open” and network services will continue to become more dispersed. The next generations of devices will also have much greater capabilities and different usage characteristics – where increased connections to the network will be accompanied by exponentially higher connections per second. This will impact the scaling of security architectures like never before as devices will be launching multiple sessions that are going to touch different domains of the network at increasing rates. Next-generation networks need to support these different traffic models and different security solutions will also be needed in order to accommodate all of this.
However, the issue lies with the fact that many security platforms on the market were not designed to meet the security requirements of 4G or 5G, with the sheer volume of data that will be flowing across networks and the frequency of application access and connection rates.
With these new networks, service providers will need to secure all points of the network in real time and on a dynamic basis. They will need to mitigate DDoS attacks and device-oriented attacks, and absorb high volumes of traffic while quickly detecting and shedding bad traffic.
And as networks evolve and become much more dispersed, they will also have to quickly detect threats and dynamically push out IP denylisting and other mitigation techniques upstream to other network and security elements. So if threats are detected in one portion of the network, a mitigation policy can dynamically be pushed out to other points on the network, so you don’t have to rely on someone having to first detect and then manually push that policy out, which could take days, weeks or even months.
It really is a new security paradigm that service providers will be facing; high performing solutions that can offer a multi-domain and multi-layer set of services that can be deployed across the network. Ultimately, as service providers evolve to 4G and 5G where they will be deploying incredibly high-performing networks, they also will need incredibly high-performing security solutions.
Reference:
1Cisco Visual Networking (VNI) Index:
http://www.cisco.com/c/en/us/solutions/service-provider/visual-networking-index-vni/index.html