Creating a Secure 5G Service-Based Architecture

cancel
Showing results for 
Search instead for 
Did you mean: 
Community Team Member

secure-5g-architecture_paloaltonetworks.jpg

 

Mobile network operators are rolling out 5G networks all over the world. This will go hand-in-hand with new high-speed services across billions of devices and IoT.  5G delivers higher data speeds, latency improvements and offer greater agility and efficiency for mobile networks. While all these improvements sound great, the boost of low-cost, low-power, unsecured IoT/sensors will also pose security risks for both operators and end-users. These new risks require a new security approach for the emerging 5G networks.

 

5G architecture is basically an evolved 4G architecture. The 5G core network, where network functions (NF) interconnect and communicate with each other, is called a Service-Based Architecture (SBA).

 

To achieve 5G Security in a new SBA world, operators and businesses will need to leverage cloud native tools designed to work with cloud native applications.

 

With billions of connected devices and critical enterprise applications relying on 5G networks, operators and users need to adopt an effective and comprehensive 5G security that includes:

 

  1. Integrate vulnerability management into any CI process, while continuously monitoring, identifying, and preventing risks to all the hosts, images, and functions in your environment

  2. Protect web applications and APIs across any public or private cloud

  3. Powerful runtime defenses that apply automated protection against unwanted activity and threats without needless manual effort

  4. Compliance enforcement across your environment with pre-built and custom made compliance checks for centrally viewing and enforcing compliance standards

  5. Shift left security with CI/CD, repository, registry, and Open Policy Agent integrations to implement security during the entire Software Development Life Cycle (SDLC)


With these features in place, gaps in visibility and security of your 5G network are reduced to a minimum and security capabilities are in place to protect network elements, and users while providing differentiated network security services so enterprise verticals can confidently transform their businesses with new 5G applications.

 

One example of a potential risk would be containers or host images. Deploying a 5G service that's linked with a known CVE would be a nightmare. Thanks to Prisma Cloud however, you continuously monitor, identify, and prevent risks to all container images running and not yet running on your network.

 

If you were to deploy Prisma Cloud after you had a 5G network already up-and-running, one of the first things you would want to do is see the Radar view of your environment. Radar is the primary interface for monitoring and understanding your environment. It is the default view when you first log into Console. It is designed to let you visualize and navigate through all of Prisma Cloud’s data. For example, you can visualize all the container images, their network communication, running container counts and relevant namespaces in one screen, all without leaving the Radar canvas.

 

Using this view, you can quickly identify the running images that have risks associated with them using the Radar Legend (1).  If you need more details about any of the risks you can click image icon (2). This gives you additional information about the selected image, including vulnerabilities and compliance alert summaries (3).

 

kiwi_2-1655223231384.png

 

 In order to help you prioritize risks, the vulnerabilities are ordered from the most critical risk to low risk. Notice how the green icon show no current compliance or WAAS issues. To get more information about the vulnerabilities, one can simply click on the “Vulnerabilities" text to get more details. As displayed below there is quite a bit of information about the risk. We can see what the CVE is, what version library the risk exists in, and when it is fixed. 

 

kiwi_1-1655223203108.png

 

 

Radar only shows us issues for already deployed containers. In case you have a new version of the NFR from a vendor and would like to know the risk associated with it before deploying it, you can do so as well. All you need to do is point Prisma Cloud to the registry and then view its findings. If I filter on the NRF container image, which is what I was viewing in Radar, below is what I see. From here, just as in Radar, I can click on the line item to get additional information.

 

kiwi_0-1655223175091.png

 

 Getting this information before actually deploying it is crucial in keeping the 5G core free from insecure containers or understanding the risks they pose.

 

Feel free to share your questions, comments and ideas in the section below. You can also check out our Prisma Cloud technology page now on LIVEcommunity. 

 

READ MORE:

Creating A Secure 5G Service Based Architecture: Part 2 - API Security

Creating A Secure 5G Service Based Architecture: Part 3 - Runtime Defense

 

Thank you for taking the time to read this blog.

Don't forget to hit that Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.

 

Stay Secure!

Kiwi out

Register or Sign-in
Labels
Top Liked Authors