Operator survey: Analytics and assurance critical for 5G security

Security attacks are becoming more frequent, sophisticated and pervasive. Within the telecommunications industry, breaches are increasing yearly, and DDoS and customer data exposure are the most common. Disruption, heavy financial penalties and reputational damage create a colossal burden for operators. 5G will require new analytics and assurance measures to defend and prevent security issues and uphold stringent SLAs.

5G architectures introduce disaggregated functions, API-exposure-based services, continual software updates, new interfaces and protocols, and exponentially more devices, increasing vulnerabilities and evolving the threat landscape. This evolution presents unique security challenges associated with the need to have a single real-time holistic view of the network across the RAN, edge, transport and core network domains.

As a result, current node-based protection mechanisms, like firewalls, security gateways and policy enforcement, are being challenged. To meet the realities of this complex security model, new solutions must incorporate mechanisms to address the following 5G-driven security changes:

To build and deliver a new generation of security, operators must ensure they can observe and assure the entire network, taking advantage of new technologies for speed and efficiency. A question from Heavy Reading's 2023 5G Network Analytics and Automation Operator Survey asks operators what role analytics and assurance will play in 5G SA security detection and mitigation. (Click here to download the survey.)

In the figure below, operators acknowledge the importance of analytics and assurance across all security detection and attack prevention options in their end-to-end networks. "Malware compromised UEs" and "outbound traffic anomalies (e.g., DDoS attacks going through the 5G wireless network)" are of the greatest importance to operators, with a combined 80% of respondents selecting "extremely important" and "important." This result acknowledges the potential damage of these attacks and the difficulty of detection with current methods.

Control and user plane separation introduced to the 5G architecture attempts to limit generational threats able to disable both planes simultaneously. However, operators still see a vital requirement for deep network security visibility, indicating the high importance of "flow and state exhaustion attacks" and analytics for identifying masqueraded (network address translated traffic) and user plane traffic with respondents.

"Top talker analytics" and "spoofed IP addresses on UEs" are the lowest relative scoring of security options but remain high, with almost 70% of the combined votes for "extremely important" or "important." The lower position of these responses compared to the other security options may be due to these established checks or the ability of certain network functions to gather some of this information. It is clear from these results that 5G security detection and prevention must be all-encompassing and include multiple options.

How important are the following areas of 5G SA security detection and attack prevention to your organization's analytics and assurance?

(Source: Heavy Reading)

In conclusion, operators know the importance of maintaining a secure network and addressing the ongoing security challenges and vulnerabilities. To meet these challenges, 5G SA security detection and prevention mandate that a security stance covers multiple aspects, is holistic and can identify and mitigate any spurious behavior in real-time. Architecturally, these requirements demand built-in security to safeguard against increasing and more advanced attacks. Therefore, operators must incorporate techniques such as AI/ML-driven security anomaly detection within analytics and assurance solutions to enforce secure, automated and end-to-end protection.

For more information, check out this archived webinar.

This blog is sponsored by NETSCOUT.