By: Mohammed Al-Moneer, Regional Vice President of Sales – MENA at A10 Networks

Since the beginning of the current pandemic, false and unsubstantiated rumours of 5G and its impact on people’s health have been prevalent in social media. Phone masts have reportedly been damaged or destroyed in several European countries.

The scale of the problem prompted the World Health Organisation (WHO), the UN agency which is leading the response to the pandemic, to add the 5G conspiracy to its COVID-19 myth busters article, which highlighted that “viruses cannot travel on radio waves/mobile networks. COVID-19 is spreading in many countries that do not have 5G mobile networks.”

In the midst of this controversy, A10 Networks released a  report titled, “Toward a More Secure 5G World,” which highlighted how COVID-19 may result in some short-term delays for operators, but ultimately it demonstrates a global need for higher speed, higher capacity 5G networks and the applications and use cases they enable. The study also found that 81% believe industry progress toward 5G is moving rapidly, mostly in major markets, or is at least in line with expectations.

Whilst the report shows 5G adoption is scaling rapidly, one of the main concerns from the report was surrounding cybersecurity. As 5G networks expand, so does the explosive growth in network traffic, connected devices, and mission-critical IoT use cases. This will impact network security and reliability more than ever before. The report supported this view, with 99% respondents expecting 5G networks will increase security and reliability concerns and 93% have or may change security investments in light of 5G.

To address this challenge, service providers need highly cost-efficient security solutions that offer flexibility, scalability, and protection as they evolve their networks to 5G and integrate cloud and edge capabilities. This means a comprehensive security stack at service provider scale with other functions most needed in mobile networks, including a firewall for all network peering points, deep packet inspection (DPI), carrier-grade network address translation (CGNAT) and IPv6 migration, integrated distributed denial of service (DDoS) threat protection, intelligent traffic steering and analytics.

Below is a blueprint of five of the key solutions required for a successful migration to 5G.

1. Gi-LAN Security – Gi/SGi Firewall

Significant threats to mobile subscribers and networks come through the internet interface – the Gi/SGi.  As traffic volume, devices and cybercriminal expertise increases, so do these threats. An integrated Gi/SGi firewall protects infrastructure and subscribers and delivers the performance that mobile carriers require. The Gi/SGi firewall solution meets both current and future traffic requirements for any service provider. This comprehensive and consolidated approach provides best-in-class performance, efficiency and scale to protect the mobile infrastructure while reducing OPEX and CAPEX costs. Service providers can also use a Gi/SGi firewall solution in a virtual form factor to gain a flexible, easy-to-deploy and on-demand, software-based deployment.

1. Mobile Roaming Security – GTP Firewall

The GTP protocol used in the roaming and other EPC interfaces has known vulnerabilities that can be readily exploited by malicious actors. Operators must meet the growing security challenges while also providing a seamless subscriber experience – wherever they travel, whatever devices they use, and whatever network is accessed. A GTP firewall provides extensive capabilities including stateful inspection, rate limiting, and filtering of traffic for protocol abnormalities, invalid messages, and other suspicious indicators. It protects against GTP protocol vulnerabilities such as fraudulent use, confidentiality breaches, DDoS attacks by malicious peers and other threats. A GTP firewall can be inserted into multiple interfaces carrying the GTP traffic. In the primary use case, it is inserted on S5-Gn and S8-Gp (roaming) interfaces. The GTP firewall provides scalability and supports uninterrupted operations while protecting subscribers and the mobile core against GTP-based threats such as information leaks, malicious packet attacks, fraud and DDoS attacks through GTP interfaces in the access networks and GRX/IPX interconnect.

1. Network Slicing – Intelligent Traffic Steering

Network slicing will allow mobile operators to offer security and other capabilities tailored to each vertical application and to capture revenue from these diverse use cases, without losing the economies of scale of common infrastructure. Network slicing isolates each use case or service from one another so that the services can be independently deployed, managed securely, and delivered in a robust way.  This solution identifies specific types of traffic by multiple criteria including radio access type, IP address, DNS address, device type, destination, subscriber ID, and other parameters and then redirects these “slices” of traffic to value-added service platforms, such as protection platforms for deeper threat analysis and scrubbing.  This re-direction can be based on either static policy or dynamic factors. This solution enables differentiated treatment to the developing 5G use cases, deepens the security posture and boosts revenue opportunity without adding unnecessary inspection load on the entire network.

1. Network Wide DDoS Detection and Mitigation System

Mobile operators must maintain high network availability at all times. DDoS attacks target mobile networks and their subscribers with high volume message floods that overwhelm infrastructure and can cause service degradation and network outages. Now, targeted attacks can also come from any network peering point and include both volumetric and lower volume, sophisticated attacks against specific network elements or important applications of key enterprise customers. Over-provisioning of network elements to meet rising threat volume or simply blocking traffic during an attack increases costs and can result in service denial for critical traffic. Operators need a more cost-efficient and comprehensive approach that quickly detects and mitigates DDoS and infrastructure attacks across the entire mobile network without denying service to important traffic. Service providers can achieve full DDoS resilience and improve security by using a layered approach for detecting and mitigating attacks of all types and sizes before attackers take down their targets.

1. Secure, Efficient MEC

Multi-Access Edge Compute (MEC) architecture is often part of the 5G transition plan. In a MEC architecture, network traffic processing functions move from a centralised data centre or mobile core to a number of distribution points that are located closer to the user at the “edge.” A distributed architecture with thousands of nodes increases management difficulty and requires a high level of automation and analytics for deployment, management and security and operational changes. We at A10 Networks offer a Thunder CFW solution that offers high performance, low latency in a software-based or hardware form factor for firewall, CGNAT and IPv6 migration, traffic steering and other functions. Many functions that may have been provided by single point appliances are combined into one appliance, virtual instance, bare metal or container.  Cost-efficient, high-performance security is ensured without exceeding space and power limitations. Centralised management and analytics simplify operations for lower TCO.

As we reach the halfway point of 2020, the A10 study indicates that major mobile carriers around the world are on track with their 5G plans, and more expect to begin commercial build-outs in the coming months. That means mobile operators globally need to proactively prepare for the demands of a new virtualised and secure 5G world. That means boosting security at key protection points like the mobile edge, deploying a cloud-native infrastructure, consolidating network functions, leveraging new CI/CD integrations and DevOps automation tools, and moving to an agile and hyperscale service-based architecture as much as possible. All these improvements will pay dividends immediately with existing networks and move carriers closer to their ultimate goals for broader 5G adoption.

 

Aruba, a Hewlett Packard Enterprise company (NYSE: HPE), today introduced Aruba ESP (Edge Services Platform), the industry’s first AI-powered, cloud-native platform that predicts and resolves problems at the network edge before they happen. Built on AIOps, Zero Trust network security, and a Unified Infrastructure for campus, data center, branch and remote worker locations, Aruba ESP delivers an automated, all-in-one platform that continuously analyzes data across domains, ensures SLAs, identifies anomalies and self-optimizes, while seeing and securing unknown devices on the network. Aruba ESP is designed to deliver a cloud experience at the edge and can be consumed either as a service in the cloud or on-premises, as a managed service delivered through Aruba partners, or via network as a service through HPE GreenLake. Tailored for varying economic requirements, customers may also procure it with flexible financing options via HPE Financial Services.

The technology market undergoes a major transition about once every decade. The last two decades were centered on delivering ubiquitous mobility followed by the move to cloud-based applications. We are now entering an era of data analytics driven by IoT, AI and automation supported by compute and modern networking to power a new breed of applications and workloads that work in concert with the cloud but that operate at the edge. As a result, enterprises are generating massive amounts of unstructured data at the edge which, if analyzed and acted upon properly, can be used to improve efficiencies, enhance experiences and enable new business outcomes. The key to turning these real-time insights into meaningful actions is to analyze and process this data at the point of origin – the edge – where people, devices and things connect to the digital world. This ability to generate actionable insights based on data is especially pertinent today during this unprecedented time in history where businesses, employees and, subsequently, the corporate network must adapt to rapidly evolving business and workplace needs.

• 

Utilizing unstructured data at the edge requires a network that leverages AI via network telemetry to process that data at a rate and volume beyond what’s possible at human scale. It also requires an infrastructure with an AI-powered “sixth sense” that proactively identifies impending issues, recommends an accurate resolution and leverages automation to turn that into logical actions, all without manual intervention. Through continued analysis of network, user, and device insights, Aruba ESP turns information into knowledge, helping organizations accelerate transformation and maintain business continuity via a single, cloud-native platform that can reside either on-premises or in the cloud, and secures and unifies the infrastructure across the enterprise built on the following core principles:

• AIOps is the critical component of Aruba ESP, which uses AI and analytics to identify exact root causes with greater than 95% accuracy, auto-remediate network issues, proactively monitor the user experience, tune the network to prevent problems before they occur, and use peer benchmarking and prescriptive recommendations to continuously optimize and secure the network. In a live customer deployment, using AIOps resulted in a 15% increase in throughput capacity and reduced issue resolution time by nearly 90%, ultimately resulting in a vastly improved end user and IT experience.

• Unified Infrastructure consolidates all network operations for switching, Wi-Fi and SD-WAN across campus, data center, branch, and remote worker environments under Aruba Central, a cloud-native, single-pane-of-glass console that correlates cross-domain events to reduce issue resolution time and manual errors. In addition, Aruba’s unified infrastructure approach provides customers with a choice between controller services on-premises or in the cloud, delivering maximum flexibility at enterprise scale.

• Zero Trust Network Security combines built-in role-based access technology, Dynamic Segmentation and identity-based intrusion detection to authenticate, authorize and control every user and device connecting to the network, while still detecting, preventing, isolating and stopping attacks before they impact the business.

“The Intelligent Edge is the catalyst that will spark limitless possibilities for organizations and enterprises that want to accelerate transformation and ensure business continuity by leveraging their technology investments as their greatest asset,” said Keerti Melkote, president of Aruba, a Hewlett Packard Enterprise company. “Built upon Aruba’s guiding principles of connect, protect, analyze, and act, Aruba ESP is the culmination of years of innovation, R&D, Aruba ingenuity and, most importantly, input from our valued customers whose honest feedback and insightful perspective has helped to make this platform a network that knows.”

New Innovations Within Aruba ESP

Aruba ESP is the industry’s most scalable, full-stack, cloud-native platform for wired, wireless and SD-WAN environments that unifies multiple network elements for centralized management and control. Aruba ESP is based on open standards and enables integration with a variety of third-party solutions and services. Significant innovations introduced today include:

• Cloud-native management for any size enterprise – Aruba Central currently runs mission critical networks for over 65,000 customers and now with new ArubaOS services, it is the industry’s only controllerless, cloud-based platform to provide full-stack management and operations for wired, wireless and SD-WAN infrastructure of any size across campus, data center, branch, and remote worker locations to be consumed on-premises or in the cloud.
• Simplified daily operations with unified infrastructure – With access to a common data lake via Aruba ESP, the latest version of Aruba Central has been enhanced with simplified navigation, advanced search, and contextual views to present multiple dimensions of information through a single point-of-control, virtually eliminating the need for disparate tools to collect and correlate information across numerous domains and locations.
• Reduced resolution time with AI and automation – Aruba has a proven track record of bringing AI-powered innovations to market, including unique technologies like Aruba AirMatch. Based on modeling data from over one million network devices generating over 1.5B data points per day, Aruba’s new AI Insights reduces troubleshooting time by identifying hard-to-see network configuration issues and providing root-cause, prescriptive recommendations and automated remediation to continuously optimize network operations.
• AI-powered IT Efficiencies—Aruba Central now offers AI Search, a Natural Language Processing data discovery service that enables IT teams to eliminate “swivel chair” investigations by using simple, English language queries to extract comprehensive user and device information from Aruba ESP’s common data lake to present relevant information in context to quickly resolve a problem. For more complex issues, AI Assist uses event-driven automation to collect and post all the relevant data for both the internal help desk and Aruba Technical Assistance Center (TAC).
• Granular visibility across applications, devices and the network – Enhancements to Aruba Central enable user-centric analytics from User Experience Insight to identify client, application, and network performance issues faster.
• Extension of next-gen switching to distributed and mid-size enterprises – To help organizations accelerate Edge transformation, Aruba has expanded its CX Switch portfolio to include the Aruba CX 6200 Switch Series. This new series brings built-in analytics and automation capabilities to every network edge where user and device connectivity occurs, generating insights that can be applied to informing better business outcomes. The CX 6200 switch series further expands Aruba’s end-to-end CX switching portfolio, enabling customers to run a single operating model from the enterprise campus and branch access layer to the data center.
• Ongoing innovation with new Developer Hub – Aruba is introducing the Developer Hub, a comprehensive resource for developers that includes Aruba APIs and documentation to streamline the development of innovative, next-generation edge applications leveraging the open Aruba ESP platform.

“Our large-scale network spans multiple campuses and learning centers that run performance-stringent applications to keep our students, academics and researchers connected and productive,” said Ron Gardner, senior infrastructure engineer at James Cook University. “We have chosen to take a cloud-first approach to operating our infrastructure and the enhancements to Aruba Central and ArubaOS give us the visibility and insight to simplify operations while reducing our equipment footprint and securely manage our large campuses and distributed locations from the cloud, ultimately allowing us to proactively identify and address issues before they disrupt operations.”

To address the varying business and technical requirements of organizations looking to harness the power of the Intelligent Edge, Aruba has expanded its consumption and procurement options. These include network as a service through HPE GreenLake or customers can procure Aruba ESP with flexible financing options via HPE Financial Services. For example, customers can acquire the technology they need today and pay only 1% of the total contract value each month for the first eight months, deferring over 90% of the cost until 2021.

“With the size of our infrastructure and massive volume of data being generated at the edge, we needed a way to identify, fix and fine-tune the network automatically,” said Brandon Stratton, ES network administrator of Information Technology at the University of Houston. “Aruba’s expertise and approach with AI-based solutions, like NetInsight, represents a pragmatic path for us to analyze and then act on the insights we capture.”

Tune into ATM Digital beginning June 9^th to see Aruba ESP in action, hear from industry luminaries and experts, and learn about the latest advancements in networking. Register here to attend.