The rise of 5G has been well documented and highly anticipated over the past few years. Yet despite the excitement about next-generation cellular performance and low latency, many organizations are questioning whether 5G — which connects all these people, places and things — will also increase the attack surface of any network. If you have more network endpoints, you have more places for hackers to infiltrate the network, right? The answer is, not necessarily.

Enterprises should know that cellular-enabled wireless WANs have been delivering enterprise-grade security at the network edge for years. With new developments at the core layer of the network, there is an argument that 5G is even more secure than other LAN and WAN solutions available today.

From 4G to 5G: Security improvements at the network level

Each new generation of cellular technology presents an opportunity to improve security. The 5G network core (the service provider's network) comes with several key changes:

1. New authentication framework

The 5G standard introduces a new authentication framework based on a mature and widely used IT protocol called Extensible Authentication Protocol (EAP), which is open, network-agnostic, and more secure.

2. Enhanced user privacy

The 5G standard introduces privacy improvements to prevent attacks that occur when a fake base station calls a terminal to resume it from an idle state. In 5G, no International Mobile Subscriber Identity (IMSI) is used in paging, less text is exchanged, and the network analyzes the radio environment to detect abnormal base stations.

3. Improve the flexibility and security of the core network

The 5G network core moves to a service-based architecture (SBA), delivered by a set of interconnected network functions (NFs) and authorizing access to each other's services. SBA enables plug-and-play software, agile programming, and network slicing to simplify operations and accelerate innovation.

4. Extended Roaming Security

The 5G standard introduces enhanced interconnection security between network operators, centered around a network function called the Security Edge Protection Proxy (SEPP) located at the edge of each network operator's 5G network. Each operator's SEPP is certified, and application-layer security protects traffic.

5. Advanced Integrity Protection for User Plane

The 5G standard introduces a new feature that secures user plane traffic between devices and cell towers. This feature is designed to mitigate sophisticated man-in-the-middle attacks that tamper with unprotected sensitive over-the-air user plane data.

Cellular Broadband Security at the Network Edge

At the network edge, organizations should continue to use the advanced network security policies they already use for wired and 4G broadband networks. But now, 5G-related technologies also provide the following functions.

network slicing

5G's speed, low latency, and reliability can only be balanced when network components share the correct information through appropriate virtual network functions (VNFs). This is achieved through network slicing within the SBA.

Similar to how cloud computing is moving to containerization and VNFs, the 5G core is moving to this model and building microservices contained in security groups or slices that select side information based on their QoS tags (Single Network Slice, or S- NSSAI) to fulfill promises to specific traffic.

Network slicing allows operators to provide customized network services for each enterprise's unique needs, while enabling companies to choose the right level of security for each use case.

Dedicated 5G network

IT/OT teams with large areas requiring similar secure LAN connectivity can deploy their own private cellular network (PCN).

5G is the first cellular network specification to truly embrace virtualization, saving significant cost in deploying an expensive physical network core. An organization can control its own PCN by implementing localized micro-towers and small cells (similar to access points). It's like a scaled-down version of the public internet, except you control security and quality of service.

Trusted Technology for Securing Wired and Wireless Networks

If network security professionals have not already adopted new adaptive security protocols to protect their legacy wired networks, now is the time to implement these security architectures to protect wired and wireless endpoints.

Zero Trust Network Access (ZTNA)

Zero Trust Network Access (ZTNA) is a holistic security concept that assumes that anyone trying to access a network or application is a malicious actor that needs to be constantly authenticated. ZTNA uses an adaptive authentication strategy on a per-session basis that can take into account the user's identity, location, device, time and date of the request, and previously observed usage patterns.

ZTNA will be a key component of 5G security at the network edge, as the rapid and far-reaching expansion of IoT and other connected use cases will require enterprises to have more stringent and remote control over the authentication and identification of devices and the data flow between them.

Secure Access Service Edge (SASE)

With such a large percentage of data flowing to the cloud, most security services also reside there. Secure Access Service Edge (SASE) is a cloud-delivered security model that combines networking and security capabilities. In the SASE model, traffic is encrypted and directed to cloud services where highly sophisticated security techniques are applied.

With so many companies poised to deploy 5G connectivity across a wide range of branches, stores, vehicles, and other scenarios, these enterprises can greatly improve their security by deploying cloud-manageable wireless edge routers and security layers in a coherent manner that scales rapidly Ability. Wireless WAN and SASE are well suited for the distributed edge.

With 5G-enhanced edge-to-core security capabilities and today's edge-to-cloud security technologies such as SASE and ZTNA, enterprises can significantly improve their end-to-end security posture while embracing 5G.