Security Vendors Shaking up Cloud Security during 5G Transition

By Nelson Englert-Yang | 3Q 2024 | IN-7439

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.

The transition to 5G Standalone (SA) is complicating security beyond the longstanding challenges of network cloudification itself. A common, early step toward 5G SA is the merging of deployed network cores within a single, converged packet core solution. The converged packet core supports the 5G SA transition by allowing the gradual addition of 5G Core applications, while ensuring compatibility with existing cores. Yet, by creating a multi-vendor, multi-generational network, it introduces security complexities as with 1) communication across vendor network functions or generations, such as challenges in authentication and key agreement during signal handover, and 2) exposing 5G networks to previous-generation attacks, especially Signaling System 7 (SS7) and Diameter protocol attacks that allow for eavesdropping. Specialized telecoms software vendors have emerged to address these challenges, as with Diameter Firewalls (DFWs) built between inter-generational technologies when 4G was deployed. Their success comes not only from the intrinsic value of their solutions, but also from the constraints for traditional network vendors to address interoperability alongside the challenges of the 5G transition itself.

Telco-grade security is a headline offering by traditional network vendors; however, the current market sees other players emerging to address heightened security challenges. For instance, hyperscalers already skilled in digital security are now laying out major investments in sovereign cloud to ensure infrastructure complies with local regulations. This is evidenced, for example, by a US$9.4 million deal between Amazon Web Services (AWS) and Norwegian telco Telenor to build sovereign cloud capacity. While these measures are more jurisdictional than technological and do not directly contest security solutions on the market, they do directly address operators' security concerns. In the nearer term, small-scale security vendors are building security technologies for the current phase of 5G, with its unique requirements for flexible transition and interoperability. This is not a highly populated area of the market, but may be represented by providers like Palo Alto Networks, NETSCOUT, Nomios, Mobileum, and BroadForward. For example, BroadForward was first to productize a platform for interoperable security of signaling functions in a cross-generational control plane. The overall market impacts of such vendors are modest, yet warrant attention.

Operators already working with traditional network vendors will continue to entrust security to them. However, this does not preclude some business from going to third-party security solutions during (and even potentially after) the 5G transition. Indeed, dependence on third-party security vendors may increase as the network technology evolves toward 5G-Advanced and 6G. For example, 5G-Advanced technologies like the RAN Intelligent Controller (RIC) and network slicing broaden the threat surface and justify their own security measures; meanwhile, 6G presents yet another mobile generation that will require a gradual transition, which will stir up concerns again surrounding multi-generational security. So, the trend of using security vendors to plug vulnerabilities during generational transitions, while having modest market impact, is likely to persist. Network vendors should define a strategy for responding.

Network vendors' strategies for security should be folded into broader strategies for transitioning operators to 5G SA and beyond. Generally, there are two factors here for remaining competitive: pacing and interoperability.

First, with a gradual, modular introduction of new technologies, network vendors are more likely to have the capacity to firm up network security around their Network Functions (NFs) themselves; with a rushed implementation, gaps in multi-generational architectures are more likely to be fixed by systems integrators or other third parties. Initial signs that 6G will be gradual and modularly deployed are positive signs for long-term control in the security domain.

Second, gaining the flexibility of multi-vendor network solutions remains a lasting concern for operators. This will carry over into the preference for security solutions. While network vendors are making greater headway with open network solutions, particularly in the Radio Access Network (RAN), security solutions will need to closely follow.