Stay ahead of network threats with subscriber-aware security management
The rise in cyberthreats and fraud across mobile networks calls for advanced security solutions capable of securing traffic flows and safeguarding critical data, applications and network assets. Expanded network ecosystems pave the way for new attack vectors and threats become increasingly evasive. Considering potential risks to the 5G and LTE network security means not only focusing on vulnerable IoT devices and insider threats. Among the 5G security threats and issues with the potential to impact data and traffic flow are also Distributed Denial of Service (DDoS) attacks, man-in-the-middle attacks and supply chain attacks. Not only are the latter ones the most notorious attacks, they can also quickly become extremely costly for a company and permanently damage its reputation.
Identifying and mitigating such threats in a timely and reliable manner presents a significant challenge for mobile operators because they lack subscriber or session awareness. To address these vulnerabilities and increase the resilience of mobile networks against future security threats, specifically across LTE and 5G, operators are implementing intelligent load balancing. This provides real-time subscriber awareness and session awareness for enhanced visibility of malicious, suspicious and anomalous traffic flows. This way, operators benefit from real-time network threat intelligence and can protect the network.
Real-time network threat detection and mitigation with GTP correlation
Our GTP subscriber resolving module (R&S®GSRM) delivers subscriber and session awareness for the mobile core across LTE and 5G NSA networks. By correlating the control plane (GTP-c) with the user plane (GTP-u), R&S®GSRM identifies subscribers and sessions accurately and in real time. Incorporating our R&S®GSRM into the network packet broker (NPB) in the mobile core provides intelligent load balancing for network security subsystems through subscriber-based and session-based filtering, aggregation and forwarding of traffic flows.
As a result, security functions such as firewalls, network intrusion detection systems, web filtering, DDoS attack, content filtering and SSL inspection are able to capture, filter and process all packets from a single session or subscriber on the same server or virtual machine. They are able to do so in a single instance, leading to real-time visibility of the full sequence of any security event. These tools also benefit from the session-specific traffic manipulation of packets, which speeds up the detection of threats. With R&S®GSRM, network security tools can circumvent detection inaccuracies and extensive post processing, improving the speed, capacity and reliability of security filtering in the mobile core.
Subscriber-aware security filtering enables:
- Accurate and timely detection of cyberthreats and fraud
- Granular security filtering based on subscribers and sessions
- Risk-based security policy implementation, for example IoT endpoint security
- Traffic anomaly monitoring for the prevention of plan abuse, illegal tethering and device hacking
- Swift identification of attack sources and compromised devices
- Faster alerts, quarantining, blocking and blacklisting of threats and subscribers
- Effective management of new and emerging threat patterns
- Session-based AI-driven security response automation
R&S®GSRM features and capabilities for network security
- High-performance, cost-effective subscriber resolution for LTE and 5G NSA networks
- Multi-core architecture with linear scalability to satisfy high bandwidth demands
- Configurable input buffer and filter
- Session metadata including cell location and bearer IDs
- Support of all standard network interfaces such as Gn, S1-U, S11 and S5
- Easy-to-use REST APIs for seamless and fast integration
- Efficient total cost of ownership (TCO) from predictable costs and flexible SLAs
- Extension to 5G SA networks via R&S®5GSRM (to be launched soon)
Benefits of cutting-edge OEM subscriber resolution software for network security functions
- Implementation in any network environment including physical and virtual machines
- Integration into any end network security solution without vendor lock-in
- Runs on Intel architecture with no external dependencies
- Extensive field testing and active deployments
- Reduced internal development and maintenance costs
- Excellent support and service from industry experts
Enhance subscriber and session identification with application awareness
Ready integration with the renowned, high-performant DPI engine R&S®PACE 2 for real-time classification of applications and protocols. Capitalize on solution synergies for higher processing speeds and consistent traffic tagging from a common set of inspection methods, analyses and algorithms.
Rely on advanced OEM DPI and GTP correlation software by ipoque developed and optimized for your needs to bring your mobile network security functions to the next level.