How do you secure a network with no perimeter? Operations, security and 5G
While latency may be decreasing exponentially with 5G, everything else is increasing, including the attack surface for bad actors. What is also not increasing fast enough are the resources security teams have at their disposal.
So what are service providers to do, especially when security teams are already handling thousands of alerts per day and have no capacity to take on more?
There are three key things providers need for security operations in the 5G era: 1) a holistic security management approach; 2) implementation of the SOAR model (security orchestration, analytics and response); and 3) digital trust.
Managing security holistically
Service providers today depend on a huge number of point tools for security, each designed to solve a specific type of problem. That sheer volume of tools is part of the reason why alarm counts are so high. It also creates silos that slow down the time between attack detection and mitigation. The layers of protection are largely unintegrated and difficult to manage. A holistic security management approach is needed to connect all those disparate silos and speed up mitigation, built on analytics as the glue to integrate different technologies and share the right intelligence with the right people at the right time.
Expanded intelligence gathering and analysis allow security operations teams to automate and prioritize activities and better inform business decision making. The end goal is an adaptive security architecture that automates security, driven by intelligence and analytics. That’s where the SOAR model comes in.
Adopting the SOAR model
SOAR systems aggregate, correlate and analyze data from disparate point tools into cohesive and enriched security intelligence with business-specific context. They contribute to workflow automation and orchestration, which are at the heart of the transition from static defense to agile and adaptive response — and vital for security teams currently overwhelmed by intensive manual processes.
Combining artificial intelligence with SOAR systems would make it possible to actively identify and respond to sophisticated threats, drawing on information generated by both human and machine activity. That would enable identification of behavior by users or entities that is likely to result in a security breach. It would also help uncover previously undiscovered threats — and even potentially identify threats before they happen.
Once a threat is detected, security automation based on detailed mitigation steps in “cyber playbooks” will accelerate recovery. With staff shortages being a critical issue for many service providers, automating processes will allow analysts to spend less time on each incident, maximizing the capacity of existing human resources.
Establishing digital trust
In the automated, intelligent, dynamic 5G security context, digital trust is paramount. It extends both to people and to machines. On the people side of things, that means ensuring the right individuals have access to the right systems, with rigorous identity management to prevent credential theft and quickly identify anomalous behavior. Where machines are concerned, it’s a matter of ensuring any device communicating over the network is legitimate and properly authenticated using digital certificates.
Key to the 5G opportunity
By connecting silos, enabling “cross-slice visibility”, harnessing AI, SOAR systems and maintaining digital trust, service providers can ensure the highest degree of assurance for all network activities, shrink the number of alarms to a prioritized and actionable set of addressable threats, and give security teams better information to work with — all while relieving human beings from tasks they won’t otherwise be able to keep up with in the complex, dynamic 5G environment.
What’s essential is that security be built into 5G services by design, not as an afterthought. It needs to be in place any time a new service is launched or new partners and customers are connected to the network. Without it, the massive new revenue opportunities of 5G will be at risk.
You can watch my interviews on the Future of Operations website for more insights on security in the 5G era.
Share your thoughts on this topic by joining the Twitter discussion with @nokianetworks or @nokia using #FutureOfOperations #Telcos #Operations.