By Anthony Webb, VP International, A10 Networks.
Telcos and enterprises are realizing the need to move toward the edge and deploy edge cloud solutions to leverage the massive advances in transmission offered by 5G. Benefits such as speed, low-latency, capacity will drive major transformation for telcos and enterprises opening new revenue opportunities and business models.
Telcos and enterprises are exploring new use cases by deploying edge clouds and bringing content and applications closer to the users and billions of IoT devices to meet the low-latency requirements. The Ericsson 2022 mobility report forecasts that over 30 billion Internet of Things (IoT) connected devices will be connected by 2027.
The 5G core network functions could be deployed as a microservice in a private data center of the CSP and enterprise network or a public cloud, the shift to the edge and deploying telco cloud edge services and enterprise hybrid private 5G networks introduce new security threats that are associated with the 5G and edge deployment.
Even though there are security risks with 3G/4G, these risks are mainly associated with external attacks. However, with 5G/MEC/IoT architecture, this risk becomes larger and more serious. 5G core and edge sites can be attacked from the internal network in an “inside-to-outside” approach. Considering that 5G provides high-speed internet broadband, connecting a massive number of consumer and IoT devices, it can be considered as a new point of attack for the 5G cloud edge architecture.
Such massive transformation is forcing telcos and enterprises deploying cloud edge and private 5G services to re-think their security and network protection. There are many challenges in how telcos and enterprises deploy security solutions today as they cannot provide integrated 5G core and security solutions to adapt with cloud-edge use cases. For example, moving to the edge will require a low footprint, automation, scaling and simplified lifecycle management (LCM). Given the increase in the number of edge sites that may be deployed, it will be very complex to manually manage and scale different security solutions. The typical deployments of security solutions are not optimized for distributed and cloud-edge architectures.
The impact of compromised security on an operator or enterprise edge network could be massive because edge sites normally have less capacity than core sites and host mission-critical applications to accommodate low-latency requirements including IoT use cases. For example, a 10/20G volumetric DDoS attack could have a major impact to the network availability and low-latency requirements and would lead to a critical service interruption and resulting brand damage.
The shift to cloud and edge for telcos and enterprises is an evolved approach to deploying and delivering services and solutions, and introducing a more dynamic environment. The security measures in place today are not aligned with the cloud-edge requirements for the footprint for physical security solutions, increasing number of edge sites, cloud-native strategy and other required capabilities to improve TCO.
DDoS-based IoT Botnet
Most IoT devices have limited computing resources to provide security functionality and typically are not securely coded. MOZI is an example of a DDoS-focused IoT botnet that utilizes a large set of remote code executions (RCEs) to leverage common vulnerabilities and exposures (CVEs) in IoT devices for infection. These devices include network gateways, CCTVs, DVRs, etc. Once the IoT device is successfully infected, the botnet uses protocols/apps, such as TCP/UDP/HTTP to send and receive configuration updates and attack commands. Eventually, the infected IoT nodes begin generating attack traffic, leading to a massive and sudden spike in UDP traffic going back and forth with peer-to-peer networks. Such volumetric attacks from compromised IoT devices will make it very challenging to guarantee a level of service and to maintain low-latency requirements.
Even though it’s always recommended to run IoT devices with the latest firmware with all the necessary security patches applied, we can’t rely completely on securing or updating IoT devices. Therefore, the network should also be equipped with modern security solutions like DDoS attack baselining techniques to see anomalous behavior versus historical norms, and AI/ML techniques, for detection and zero-day attack prevention.
Mobile Edge Cloud and Private 5G Requires New Security Approaches
Security for mobile cloud edge and enterprise hybrid private 5G must be measured carefully to align with the new and increasing security threats. This requires securing the mobile core infrastructure and modern network protection to deliver mission-critical applications while maintaining low-latency requirements. Ultimately, this will help ensure telcos and enterprises achieve their desired business outcomes.
In addition, the security implementation for telcos should consider security-as-a-service so that operators may offer secure IoT services leveraging network slicing and provide the flexibility for end-customers to manage their own security policies with complete network isolation. This requires security integration with the 5G ecosystems to ensure subscriber and devices awareness for more agile security control.
Enterprises that deploy private 5G network may lack the telco experience and knowledge to secure that mobile infrastructure and might rely completely on the MNO or their mobile network equipment providers (NEPs) to ensure the infrastructure is fully secured and protected. However, enterprises must extend their network and IT security standards and take all the necessary considerations when they move their critical systems and applications to the edge.