Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
w w w . m e n a i s c . c o m
SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD
LEE CHENFOUNDER/CEO
2
Reliable Security Always™
SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUDLee ChenFounder/CEO
3
5G & MULTI-CLOUD ARCHITECTURE EVOLUTION
LATENCY
Beyond just Nuisance
SCALE
Higher Data and attack traffic
MOVE TO MEC
Edge Cloud
IoT ADOPTION
Billions of IoT’s coming online
4
THE ERA OF EDGE COMPUTINGDEMANDING APPLICATIONS REQUIRES MINIMAL LATENCY
Wireline
3G/4G RAN
5G RAN
Internet Service Provider Applications
Core functions
Applications
Core functions
Applications
Wi-Fi
Users
Closer to Users
5
LATENCY IS MATTER OF LIFE AND DEATH MISSION CRITICAL APPLICATIONS
• Remote surgery
• Emergency consultations
• Self driving cars
• Industrial automation
6
Source: NCTA
BILLIONS OF IOT’S COMING ONLINE
7
HIGHER THROUGHPUT, DENSITY AND SMARTER UE’S
20 XSpeed
10 XDensity
Smarter UE’s
5G converts devices into colossal threat actors
8
CHALLENGES
9
SECURITY A TOP PRIORITY FOR 5G DEPLOYMENT
Source: BPI Network, BTIG 5G Survey Results
Concerned about security in 5G
94%
Think DDoS protection is most
important
62%
Have or are planning to upgrade Gi-Firewall
81%
Have or are planning to upgrade
GTP-Firewall
74%
10
LOW LATENCY IS THE KEY DRIVER OF 5G ADOPTION
• Unpredictable delay is not an option
• Resiliency is built-in, but it is not enough
11
IOT ATTACKS ARE THE NEW NORMAL
Source: NCTA
Matter of time before a new mega attack is launched
12
ATTACKS CAN COME FROM INSIDE
Internet Service Provider
Wi-Fi
Wireline
3G/4G RAN
5G RAN
Core functions
Applications
Core functions
Applications
Applications
13
PROTECTING ONE CENTRAL DATACENTERVS HUNDREDS OF MICRO-DATACENTERS
Internet Service Provider
Wireline
3G/4G RAN
5G RAN
Core functions
Applications
Core functions
Applications
Applications
Wi-Fi
14
Core functions
Applications
A SINGLE DEVICE CAN BRING DOWN A MEC LOCATION
Infected UE Core functions
Applications
Internet Service Provider
Wireline
3G/4G RAN
5G RAN
Applications
Wi-Fi
15
TRADITIONAL DEFENSES ARE NOT POSSIBLE
Internet Service Provider
Wireline
3G/4G RAN
5G RAN
ApplicationsCore functions
Applications
Core functions
Applications
Wi-Fi
16
SOLUTIONS FOR EVOLVING MOBILE NETWORK REQUIREMENTS
RAN Edge Cloud(MEC / MAEC)
Core functions
Applications
Core functions
Applications
EPC
SGW PGW
MME
Gi LAN IP Services
GTP/SCTPFirewall
GTP-LBDiameter LBSub Sess Dir
CGN SDN / NFVReady
SEG/ IPsec
ADC CGN DDoSDPI SDN / NFVReady
Gi/SGiFirewall
IPsecVPN
Scale-out
cluster
TCP Opti-
mization
L4-L7Firewall
ADC/Traffic
Steering
SDN / NFVReady
Visibility(GTP, IP)
IPsecVPN
CGN DDoS
17
MITIGATE IF POSSIBLEOR TRAFFIC STEER
Local BreakoutAdditional Security
Cloud Scrubbing
Good Traffic -> Local BreakoutSuspect Traffic -> Additional SecurityBad Traffic -> Cloud Scrubbing
Wireline
3G/4G RAN
5G RAN
Internet Service ProviderCore functions
Applications
Core functions
Applications
Applications
Wi-Fi
18
COMPREHENSIVE PROTECTIONALL NETWORK INTERFACES
SGW PGW
MME
RAN
1
2
3
2
4
Gi-FW:• Gi/SGi-LAN Protection -
2GTP/SCTP* Firewall • S8, S5 - GRX/IPX/EPC
3 SeGW:• IPsec VPN
4Diameter Firewall:• S6a, S9
1
GRX/IPXPEER NETWORK
EPC
EPDG
DDoS/Threat Protection:• All external paths
GI-LAN
5
5
5
5
FUNCTION CONSOLIDATION
19
DDOS THREAT PROTECTION FOR MNO’S
Data Network/Internet
Radio Access Network
SGSN / SGW GGSN / PGW
MME
A10 Threat Intelligence Service
Tele
met
ry
aXAPI/BGP Blackhole
SIP ServersTPS
DDoS Detection Traffic Analytics
NAT / Firewall
TPS
IPv4/v6 Cloud
Circuit Switched Network
ePDGWi-Fi APWi-Fi Calling
Geo-Distributed WebRTC Servers
WebRTC
DNS Servers
External DNSThunder TPS
Attack Surface
Evolved Packet Core
BBUPool
Thunder CFW
COMPREHENSIVE SECURITY
20
IDEAL SOLUTION ML BASED DETECTION AND AUTOMATED RESPONSES
AUTO INCIDENTCREATION
CONTINUOUS LEARNING
AUTO TRAFFIC PROFILING
AUTOMITIGATION
AUTO REPORT GENERATIONTHREAT INTELLIGENCE
AUTO ATTACK DISCOVERY
MLSimplify
OperationsMaximize Protection
<10msResponse
Time
21
IDEAL SOLUTION Scalable L4 Firewall
GTP / Diameter Inspection
IPsec VPN
Scalable L7 FW
HTTP/2 Protection
Scalable TLS Inspection
Security Edge Protection Proxy
Flexible Form FactorsCarrier Grade NAT
Consolidated functions Scalable -Built for Carriers
Protect 4G AND 5G infrastructure
DDoS detection
Consolidated Firewall
22
BENEFITS OF CONSOLIDATIONFEATURES OF ONE FUNCTION, RATHER THAN MULTIPLE FUNCTIONS
Docker Daemon
Infrastructure
HOST Operating System
BINS/LIBS BINS/LIBS
FW CGN
BINS/LIBS
DPI
Docker Daemon
Infrastructure
HOST Operating System
BINS/LIBS
FW
CGN
DPI
Integrated Network Functions (NF) at Virtual Entity Level:Lower Compute, Memory and latency
NF1 NF2 NF2
NF1
NF2
NF2
FUNCTION CONSOLIDATION
23
Thank You
Reliable Security Always™