Telcos are working to prioritise security measures to protect core network configuration services as the new wave of 5G networks commences.
A new global survey conducted by F5 in collaboration with Heavy Reading reveals that telcos will implement a wide array of measures in 2021 to secure the next wave of 5G connectivity.
It shows that as operators begin to roll out standalone 5G networks, they are moving swiftly to secure core network configuration services, such as slice management, which enables 5G operators to provide customised connectivity.
The report shows that by the end of 2021, 71% of survey respondents expect to have security measures in place for their core network configuration services, and 75% plan to have secured the radio access network.
Most telcos who responded are also taking steps to secure other key aspects of their 5G networks, with approximately two-thirds planning to implement security measures for roaming network signalling, network slicing, APIs, the Internet of Things, and edge computing by the end of 2021. Other concerns noted are container security to support microservices by 61% of respondents, and enterprise mobility by 58%.
“It is heartening to see the speed and urgency with which service providers are moving to secure the many different facets of their 5G networks,” says senior director of solutions engineering at F5, Bart Salaets.
“These measures will be critical to the credibility and success of 5G, particularly in the enterprise market, where businesses across a wide variety of industry verticals are looking for 5G connectivity and services that are ubiquitous, flexible and highly secure.
The research indicates some areas of focus before commercial launch, such as a key attribute of 5G networks being their ability to expose various capabilities to third parties using APIs, and although this opens up new avenues of attack for malicious actors, there are measures telcos can implement to protect their network.
One-third of respondents say they will implement network DDoS before commercial launch, while 28% plan to implement identity and access management systems, and 22% next-generation firewalls before going live.
Within a year of commercial launch, the top three priorities are web application firewalls (44% of respondents), NG-FWs (38%), and application delivery controllers (35%). A significant group of 31% also plan to deploy a dedicated API gateway within a 12-month window.
The research also indicates that it will be important for telcos to fully secure the control plane in their new 5G core networks. In this respect, the top priorities are to implement a network repository function (NRF), which maintains a repository of available network service elements, and a secure edge protection proxy (SEPP), which secures and filters internetwork messaging.
Among the respondents, 27% plan to implement a NRF and a SEPP before commercial launch. The next most popular measure is to implement a network exposure function (NEF) to secure the interactions between network functions and application functions – 22% of respondents said they would implement a NEF before a commercial launch.
Many telcos surveyed plan to employ multiple platforms to implement their 5G security measures - a popular approach is to use a mixture of vendor appliances, virtual network functions, and cloud-native network functions. Twenty eight percent of respondents selected this option as their preferred approach, while the same number of respondents said they prefer to employ VNFs, while CNFs are the preferred approach for 19%. Another 12% chose vendor appliances and 8% SmartNIC-based VNFs/CNFs.
All five platforms are considered viable secondary options, implying operators feel they need to quickly employ the most cost-effective measures to protect each element of their network, rather than taking a one-size-fits-all approach.
Another finding of the survey is that the concept of SASE (secure access service edge) is gaining support among 5G operators. Just under half of the respondents view SASE as an integral part of their 5G security strategy, while 25% are still formulating a SASE strategy and 24% view SASE as independent of their 5G security strategy.
“This research highlights the judicious and multi-faceted approach telcos are taking to the often-complex task of securing cloud-native 5G networks that rely on microservices, API exposure and sliced-based services,” says Salaets
“Threat mitigation in the rich, diverse and dynamic 5G service arena will be a fine art. But telcos can now call upon a growing range of powerful security tools to secure their 5G networks and services, including WAFs, anti-DDOS, NG-FWs and API gateways to SASE, as well as SEPP and NEF functions.
“They can be deployed in either VNF or CNF form factors, with some security functions accelerated with SmartNIC technology.