Signaling was a major security vulnerability for legacy cellular generations (2G, 3G, and 4G), opening the gate to signaling storms, SS7 and Diameter-based exploitation, spam, and fraud. While it’s easy to assume 5G networks would be immune to such cyberattacks, this isn’t the case. Many 5G deployments are hybrid (also using legacy connectivity) and are Non-Standalone (NSA), making it essential that signaling continues to be a core focus of telco security solutions. Even for 5G Standalone (SA) networks, threat actors will adapt and leverage more elaborate schemes.
Signaling firewalls are crucial to protecting a 5G network, ensuring hackers do not gain unauthorized access. They are essentially filters that prevent malicious data traffic from entering the 5G network. ABI Research has observed several key trends and challenges shaping the future development of 5G signaling firewalls, such as cross-protocol correlation, more sophisticated cyberattacks, and a greater focus on unification and flexibility. Leading cybersecurity vendors have responded by offering signaling firewalls that address emergent threats.
5G Security Trends and Challenges
As 5G adoption continues to expand, Mobile Network Operators (MNOs) must be wary of increasingly complex cyberattack tactics. The advent of Artificial Intelligence (AI)-based vishing, for example, could be used for a sophisticated social engineering attack. At the same time, many telco operators remain skeptical of firewalls' signaling security capabilities. Making matters worse, 5G networks are getting more convoluted as Radio Access Networks (RANs) are deployed. Below is a list of some of the most notable trends and challenges in 5G security:
- New Use Cases Introduce New Security Vulnerabilities: As mission-critical 5G use cases are increasingly deployed, threat actors have fresh opportunities to perpetrate availability attacks. This is especially relevant in highly sensitive industries such as healthcare, emergency services, and industry.
- Poor Attitudes toward Firewalls: A 2021 survey found that a quarter of MNOs believe firewalls fail to detect 75% of security attacks. Moreover, just 51% of Communication Service Providers (CSPs ) use a signaling firewall, according to a recent report published by Mobile World Dive. This is despite firewalls having demonstrated significant cyber protection, such as Telecom Egypt’s 90% reduction in scam phone calls after deploying Enea’s voice firewall. Clearly, there is a need to educate and build trust around 5G security solutions.
- An Increasingly Complex 5G Ecosystem: The already highly complex 5G landscape is exacerbated by the uptake in RAN sharing and roaming. A greater variety of operators are in business, making it imperative that security solutions are interoperable.
- Lack of Unification: Support for multiple security protocols is nascent among MNO signaling firewalls. As of 2021, just 31% of signaling firewalls perform cross-protocol correlation. While all signaling firewalls protect SS7, support for Diameter, GTP, and SIP is seriously lacking. Therefore, there is strong market demand for 5G security solutions that effectively integrate multiple protocols.
- A Growing Need for Flexibility in 5G Security Solutions: 5G SA deployments are changing in nature, with technologies like Ultra-Reliable Low Latency Communications (URLLC) and Massive Machine Type Communications (mMTC) supporting new use cases. Further, 5G deployments are delivered in more diverse ways (on-premises and self-managed versus Software-as-a-Service (SaaS) models). These factors make it essential for security vendors to display product adaptability in their case studies.
How Security Vendors Are Responding to 5G Cyberthreats
5G security solutions are becoming more software-focused than in years past, accounting for the second-biggest investment behind services. Software-based security solutions offer greater flexibility and simplicity than physical hardware. Cybersecurity vendors are tackling increasing threats on telco networks by providing firewalls with future-proofing baked into the product design.
- BroadForward: Dutch software provider BroadForward simplifies 5G signaling security by offering converged firewalls, combining SS7 and Diameter protocols. Moreover, the firewall integrates the rest of its security features and operational management. This unified approach is helpful for the nearly 50% of MNOs that still don’t have a firewall and lack an adequate understanding of cross-protocol correlation.
- Enea: The Swedish company’s cloud-native firewall is highly adaptive and marketed as a solution to safeguard against evolving threats. The firewall protects the SS7, Diameter, GTP-C, HTTP/2, SIP, and ISUP protocols. As a thought leader in 5G security, Enea’s Vice President (VP) of Technology chairs the GSMA’s Mobile Threat Intelligence Framework (MoTIF).
- Mavenir: Flexibility and agility are at the heart of Mavenir’s approach to 5G security. In a world where 5G cyberthreats are ever more present and advanced, the ability to quickly respond to emerging threats is paramount. For example, Mavenir’s signaling firewall leverages Continuous Integration (CI)/Continuous Delivery (CD) to streamline coding processes. The Texas company’s cloud-native MAVcore signaling security product epitomizes the growing software focus in the wider 5G security space.
- Oracle: Oracle's cloud-native Service Communications Proxy (SCP) signaling router empowers MNOs to control network functions granularly. Automation capabilities enable operators to assess 5G Core topologies and generate routing rules based on the Network Repository Function (NRF). Oracle also accounts for the growing need for inter-network traffic security, offering a Secure Edge Protection Proxy (SEPP) for 5G deployments.
- SecurityGen: London-based vendor SecurityGen offers MNOs a Next-Generation Firewall (NGFW) that supports cross-correlated threat detection. A key differentiator for the company is its focus on supporting GTP, offering a point solution for the often neglected protocol.
Although software-based firewalls are more common in telco networks today, hardware-based solutions aren't suddenly going to vanish from the 5G security discussion. Some customers turn to Palo Alto Networks, Cisco, Fortinet, and other hardware-based firewall providers for various reasons. Some find hardware purchases to be more cost-effective than a long-term subscription. Others simply don’t trust a software-based approach to 5G security, with remote provisioning a notable vulnerability that threat actors could seize. Finally, there are niche situations where a specialized firewall is required. For example, oil & gas firms operate in extreme environments, necessitating ruggedized hardware. Therefore, there is still a sizable opportunity for cybersecurity vendors to profit from hardware-based 5G security solutions.
As the 5G security landscape evolves rapidly, ABI Research guides vendors, telcos, and enterprises on the latest developments, opportunities, and best practices. As part of our Telco Cybersecurity Research Service, the Strategies for Signaling Security for 5G presentation informs key stakeholders on the forward-looking solutions that can safeguard 5G networks.
