With 5G, you have to reconcile IT security and benefits for companies. Because digitization of companies, the future of Industry 4.0 and critical infrastructure must not become a patchwork. Palo Alto Networks is investigating how this can work.
The promise of 5G is much more than just lower latency or faster speeds. 5G can lead to massive business transformation and digitization, powering the future of Industry 4.0 and critical infrastructure, and adding $14 trillion to the global economy over the next 2,2 years.
5G will be a corporate domain
Unlike previous generations of cellular technologies such as 3G and 4G, which were largely adopted by consumers, 5G will be primarily a domain of businesses and governments. While many service providers and telcos are investing in 5G, businesses and governments around the world are also investing in and deploying private 5G networks. Mobile network operators announce 5G pilots and commercialization plans as they expand their geographic footprints.
With all the (so far largely theoretical) added value that 5G can bring for companies, there is also the question of IT security - and how this can be implemented in such a way that it meets the highest requirements without the practical benefits and advantages of 5G slow down Palo Alto Networks follows up on this question:
Highest requirements for IT security and 5G
5G network design has the ability to support millions of connected devices in high-density environments. It can enable smart supply chains, autonomous transportation, smart manufacturing, mass adoption of the Internet of Things (IoT), and more. This, in turn, opens up new business and government use cases that were previously unfeasible. Indeed, 5G is now the catalyst for change for many private and public sector organizations.
It enables the deployment of industrial-scale IoT networks in combination with extremely low latency, mission-critical reliability and a high degree of mobility. 5G can power the digital transformation of manufacturing, logistics, large public venues, oil, gas, mining and many other industries. Governments, and particularly defense agencies, are also beginning to deploy private 5G networks in environments ranging from logistics and campuses to military bases and aircraft carriers.
New, sophisticated cyber threats and attacks
While most businesses and governments are yet to reach 5G, attacks on these targets are becoming more frequent and sophisticated. The risk of cyber attacks on all companies and authorities will increase exponentially with the scaling that can be achieved with 5G. This will significantly expand the attack surface, especially as an unprecedented number of devices connect to enterprise and government networks. The proliferation of devices, the tremendous increase in intelligence at the network edge, and the aggregation of critical functions at the network core bring challenges that together contribute to a perfect storm of security risks in 5G deployments.
Enterprise-grade security is required for 5G
With more at stake, cybersecurity for 5G networks is more important than ever. Legacy security solutions and approaches that were adequate for 3G and 4G will not be appropriate for 5G. However, businesses and governments need to know that 5G networks and services are highly secure before investing in them. Organizations need to build a strong security structure that prevents cyber attackers from penetrating their networks, disrupting critical services, or destroying industrial facilities. In mission-critical industries, security breaches cost more than downtime, lost revenue, and damaged brands; they can also endanger human life. Government agencies must protect their citizens' data and national security information.
What is enterprise-grade security?
Businesses and government agencies already expect a certain level of security for their existing IT networks, data and applications, as these are business-critical. These organizations will simply expect the same enterprise-grade security for the 5G networks that will increasingly form the basis of their operations.
Enterprise-grade security means the ability to secure the service, technology, and application stack by protecting all layers (signaling, data, applications, and management), locations, attack vectors, and phases of the software lifecycle. As organizations manage increasingly complex and dynamic environments, the use of AI/ML-driven automation becomes a necessity. Enterprise-grade security enables organizations to take a zero-trust approach to their 5G networks, including the application of network-slice-level security.
- Protection of all levels: Enterprise-grade security for 5G means that all layers should have security detection and control mechanisms in place. This also applies to the signaling, data and application layers. You can't secure what you can't see. The first goal in securing 5G is visibility and constant real-time monitoring of the 5G signaling and 5G data planes to detect security threats and attacks. The next step is the ability to automatically prevent known attacks, threats and vulnerabilities detected by constant real-time monitoring.
- Protection of all locations/interfaces: Enterprise grade security should be able to secure all locations and interfaces.
- Protection of all attack vectors: Enterprise-grade security should be able to detect and control all security attacks and threat vectors. These include malware, ransomware, command-and-control traffic, remote code execution, remote information retrieval, authentication bypass, remote command injection, and brute force attacks. It should secure all phases of the software lifecycle, ie the build, deploy and run phases of today's CI/CD approach (Continuous Integration, Continuous Development).
Network slice security
Another aspect of enterprise-grade security for 5G is network slice security. Network slicing is a fundamental difference of 5G compared to all previous generations of cellular networks. 5G enables service providers to simultaneously offer different, dedicated, end-to-end network slices with different bandwidth and quality of service (QoS) to different enterprises, industry verticals and government agencies on the same 5G network. Different network slices can also co-exist for different purposes and fulfill their own security requirements (e.g. applying application controls, anti-virus, anti-spyware, URL filtering and intrusion prevention services per network slice or group of slice). The ability to apply different security policies per 5G slice will help businesses and governments leverage 5G for their core business activities.
Attacks with AI and ML support
Attacks evolve quickly and automatically, and attackers use machines to automatically modify attacks. Additionally, threat actors are using AI/ML to automate and obfuscate the attacks, so similar techniques are required for defenses. Reactive security can no longer keep up here. Automation and ML should be at the core of 5G security to analyze massive amounts of telemetry data, proactively help to intelligently stop attacks and threats, and recommend security policies.
Conclusion
It is clear that 5G will fuel digital growth and enable digital transformation across many industries, businesses and governments. Enterprise-grade security will help unlock the potential of 5G and provide the confidence to drive business transformation and reap the benefits of 5G.
More at PaloAltoNetworks.com
About Palo Alto Networks Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.