The 5G revolution is making waves and headway. 5G promises ultrafast speeds and reduced lag time (latency) along with massive bandwidth and ability to connect lot more devices. Cloudification is key for the success of 5G.
What is Cloudification?
Cloudification is enabling network operators to innovate new and enhanced services and respond to market demands with the scalability and flexibility of a cloud computing company. Essentially Cloudification enables a communications network to be more agile, flexible and scalable. Technologies underlying Cloudification are as follows:
- Software Defined Network
- Virtualization
- Network Slicing
- Self Managed Networks
Given the reliance on Cloud Infrastructures for 5G, NSA and CISA have issued Cloud Security Guidance for 5G. This has 4 parts as below:
- Part I – Prevent and Detect Lateral Movement
- Part II – Securely Isolate Network Resources
- Part III – Protect Data in Transit, In-Use and at Rest
- Part IV – Ensure Integrity of Infrastructure
In this blog we will focus on the security guidance for Part I i.e. Prevent and Detect Lateral Movement. It is imperative that communication operators need to take a proactive approach to prevention as below:
- Implement Secure Identity and Access Management (IAM) in the 5G cloud
- Keep 5G cloud software up-to-date and free from known vulnerabilities
- Securely configure networking within the 5G cloud
- Lock down communications among isolated network functions
- Monitor for indications of adversarial lateral movement
- Develop and deploy analytics to detect sophisticated adversarial presence
Let us do a deep dive for couple of the focus areas identified above:
Keep 5G Cloud software up-to-date and free from known vulnerabilities
This requirement is fairly obvious and standard, but many organizations still struggle to meet this. Given the scale of the communications operator cloud setup it is not practically feasible to run traditional vulnerability scanners which are heavily intrusive in nature and reactive given their dependence of scheduled periodic scans. Communications operator require a non-intrusive, low touch, pro-active next generation vulnerability management platform (like ThreatWatch to address this gap).
NSA and CISA guidance mentions to integrate source code scanning and patching into the software development and deployment process. This involves regularly scanning software repositories for known vulnerabilities and out-of-date versions. Also it asks to regularly monitor third party applications and libraries that are integrated into the network slicing infrastructure for publicly reported vulnerabilities. It is important to distinguish that traditional vulnerability scanners only address the former i.e. third party application and not the latter i.e. third party libraries which might be integrated in software projects. Again ThreatWatch can help address both former and latter resulting in comprehensive coverage with a single solution. This can help organizations lower costs while ensuring complete coverage.
Monitor for indications of adversarial lateral movement
This is a key area and there are many aspects to be considered here. For example identifying user behavior abnormalities (time of day usage, type of activity, etc.), opening of unusual ports between network nodes, unusual communication channels opened to internal systems, etc. Also an important aspect here from detecting exfiltration angle is to be able to detect traffic going outbound to a Command and Control (C&C) center. A good threat intelligence source can help provide list of bad IPs, servers, domains to aid in this regard.
Develop and deploy analytics to detect sophisticated adversarial presence
This involves use of other tools like SIEM, endpoint protection, SOAR, etc. These tools rely on a good threat intelligence feed which can provide IOCs (indicators of compromise) like file hashes, Yara rules, bad IPs/servers/domains, malicious URLs, etc.
Given the scale of 5G cloud infrastructure it is important for security tools to provide communications operators with the ability to manage vulnerability volumes via automatic risk-based scoring and ability to slice-dice information as needed. Tag based access control and drill-down will help in this regard.
It is important for communications operators to “shift left” security for 5G. To learn more about how ThreatWatch can help, write to us at info@threatwatch.io