市場調査レポート

3G・4Gネットワーク向けの次世代モバイルセキュリティゲートウェイ

Next-Generation Mobile Security Gateways for 3G & 4G Networks

発行 Heavy Reading 商品コード 234916
出版日 ページ情報 英文 55 Pages
納期: 即日から翌営業日
価格
本日の銀行送金レート: 1USD=101.51円で換算しております。
Back to Top
3G・4Gネットワーク向けの次世代モバイルセキュリティゲートウェイ Next-Generation Mobile Security Gateways for 3G & 4G Networks
出版日: 2012年03月23日 ページ情報: 英文 55 Pages
概要

モバイルオペレーターがブロードバンド加入者ベースを拡大し、本格的なインターネットサービスプロバイダー(ISP)となったため、モバイルネットワークに影響を与えている、または将来に影響を与える可能性のある新しいセキュリティ脅威が出現しています。

当レポートでは、モバイルネットワークに影響を与えている、または今後与える可能性のある主な新しいセキュリティ脅威ベクターを特定し、モバイルセキュリティベンダーが市場に投入する新しい機能ロードマップおよびツールセットを調査しており、ITセキュリティ・通信ネットワークベンダーの新しい機会に向けたポジショニングの分析、主要ネットワークセキュリティ機器ベンダー16社のプロファイルをまとめ、概略下記の構成でお届けいたします。

第1章 イントロダクション・主要調査結果

  • 主要調査結果
  • 調査範囲・本書の構成

第2章 初期のモバイルデータにおけるネットワークセキュリティ

  • GPRS、CDMA 1X & 3Gの初期のセキュリティ製品要件
  • モバイルネットワークセキュリティの文脈における「データセンター」の意味
  • モバイルネットワークセキュリティの文脈における「セキュリティゲートウェイ」の意味

第3章 モバイルブロードバンド時代における新しいセキュリティ脅威

  • 総モバイルデータトラフィック量の増加
  • アプリケーションレイヤー脆弱性の増加
  • 数え切れないほどのユーザー、アプリケーションディベロッパー、OSおよび端末ベンダー
  • モバイルネットワークに影響を与える新しい攻撃ベクターの現実世界における実例
  • スマートフォンシグナリングからの新しい「脅威」
  • NTTドコモはシグナリング支出を増加
  • シグナリングとセキュリティ
  • セキュリティ攻撃とネットワークレイテンシー
  • LTEアーキテクチャーから発生する新しいセキュリティー
  • スモールセルから発生する新しいセキュリティ上の弱点

第4章 モバイルセキュリティゲートウェイの市場動向

  • 必要とされる新しい能力
  • セキュリティ製品ロードマップを入力するモバイルオペレーター
  • モバイルネットワーク向けセキュリティゲートウェイの新世代
  • ファイヤーウォールと次世代ファイヤーウォール
  • 侵入防止システム
  • 3GPP SEG
  • シグナリング問題のソリューション
  • 3GPPポリシーマネジメントドメインのセキュリティアプリケーション
  • GGSNとP-Gateway
  • セキュリティ機能コンバージェンスについての意見

第5章 セキュリティプロキュアメント:モバイルオペレーターの背景

  • モバイルオペレーターの新しいセキュリティ脅威に対する支出の見通し
  • ベンダー選択におけるオペレーターのセキュリティ組織とその役割
  • オペレーターの幅広い長期的ネットワーク戦略の背景
  • セキュリティ背景におけるネットワーク集中化vs.流通の課題
  • 新しいセルサイトタイプそれぞれに向けた別々の3GPP SEG?または全部にひとつ?
  • とても多くの守るべきインターフェース;時間と予算はとても少ない

第6章 モバイルオペレーターのベンダー戦略

  • 製品特徴、機能および性能
  • UTMかCTMか?ネットワークセキュリティ向け製品ブランディングの問題
  • チャネル戦略:RANベンダー
  • チャネル戦略:ルーターおよびその他のプラットフォームベンダー
  • チャネル戦略:クラウドセキュリティプロバイダー

第7章 ベンダープロファイル

  • Alcatel-Lucent
  • Arbor Networks Inc.
  • Cisco Systems Inc.
  • Check Point Software Technologies Ltd.
  • Clavister AB
  • Crossbeam Systems Inc.
  • Ericsson AB
  • Fortinet Inc.
  • Huawei Technologies Co. Ltd.
  • Juniper Networks Inc/
  • McAfee Inc.
  • Nokia Siemens Networks
  • Radisys Corp/
  • Radware Ltd.
  • Sandvine Inc.
  • Symantec Corp.

付録

図表

目次

Abstract

As mobile operators increase their broadband subscriber base and become full-fledged Internet service providers (ISPs), new security threats are emerging that impact the mobile network or have the potential to impact it in the future. Emerging threats include the growth in application layer vulnerabilities, risks presented by smartphone app developers and operating systems, the issue of excess signaling in the network being generated by smartphones and smartphone apps, and new security risks presented by the new Long Term Evolution (LTE) architecture.

To keep up with changes in the security threat landscape, those responsible for protecting the availability and integrity of the mobile network will have to undertake substantial refreshes of their network security architecture and equipment. Different corners of the equipment vendor market are responding accordingly. Vendors are bringing new feature roadmaps and toolsets to market to enable mobile operators to better protect their networks and subscribers.

Driven by enterprise as well as carrier demand, most vendors of firewall and intrusion prevention system (IPS) products are evolving to next-generation solutions. Leading router vendors are adding IPsec termination capabilities on their carrier-grade platforms to align with mobile operators' LTE security requirements. Distributed denial of service (DDoS) and other threat-mitigation vendors are developing bespoke solutions to reduce the impact of smartphone signaling, and many security vendors are looking at tighter integration with the 3rd Generation Partnership Program's (3GPP's) policy management domain.

This report breaks with convention in the way the term "security gateway" is used in the mobile network. It considers the 3GPP-defined Security Gateway (SEG) as just one of several functionalities - alongside firewall, IPS, deep packet inspection (DPI) and policy management and others - that can be bundled into a security gateway product. In this report, a security gateway is defined as a product that may - or may not - include the 3GPP-defined SEG among its capabilities.

Next-Generation Mobile Security Gateways for 3G & 4G Networks identifies some of the key new security threat vectors that are impacting the mobile network or have the potential to impact it in the future. It also explores the new feature roadmaps and toolsets that mobile security vendors are bringing to market - including the evolution of key capabilities such as firewall, IPS, DPI, the 3GPP-defined SEG and DDoS protection - along with how each feature might potentially be combined with others to create an optimized mobile network security gateway.

The report also examines how vendors from both IT security and telecom network backgrounds are positioning for these new opportunities, profiling 16 leading vendors of network security equipment.

The deployment of LTE is a primary driver behind the evolving requirements for mobile security gateways. As shown in the excerpt below, the LTE architecture is much flatter and much more IP-centric than 3G, which has a number of security implications, particularly where the backhaul network is concerned. In LTE, IP backhaul is mandatory; the RNC node is eliminated, giving a potential attacker a straighter path to the network core; there are many more signaling and bearer paths between network elements; and the encryption of user traffic terminates in the eNodeB rather than the RNC, making the backhaul a potential security exposure for user plane data.

image1

The next two to three years will see a lot of innovation in security product development and the business models of equipment vendors. A new generation of security-oriented capabilities and products is coming onto the market. Many of these have a growing number of capabilities and features that are uniquely tailored to the security needs of the mobile network. The excerpt below lists many of the equipment vendors that are leading the industry in building new features and products to meet the emerging security needs of mobile operators.

image2

Report Scope and Structure

Next-Generation Mobile Security Gateways for 3G & 4G Networks is structured as follows:

Section I is an introduction to the report, with complete report key findings.

Section II outlines the legacy network architecture and products that were originally installed to protect the mobile packet core when GPRS and CDMA 1X were first launched. It explains the basics of mobile security and examines how some basic terms such as "data center" have evolved in relation to the mobile network and security.

Section III identifies some of the key new security threat vectors that are impacting the mobile network or have the potential to impact it in the future, as mobile operators evolve into full-fledged ISPs. It also provides real-world examples of new attack vectors impacting the mobile network.

Section IV explores the new feature roadmaps and toolsets that mobile security vendors are bringing to market, including the evolution of key capabilities such as firewall, IPS, DPI, the 3GPP-defined SEG and DDoS protection, along with how each feature might potentially be combined with others to create an optimized mobile network security gateway.

Section V describes the security equipment procurement environment within mobile operators, exploring their varying approaches to security, how network security requirements are drawn up and enforced, and how RFPs are managed. It also considers questions of deploying security capabilities centrally or according to a more distributed architecture, including issues relating to the number of interfaces that need protecting, consolidation of different radio access types onto one security gateway, and centralization or distribution of features such as firewalls and DPI.

Section VI considers the mobile operator segment from the perspective of the security vendor, identifying the specific features and performance metrics that are most effective, as well as more general market positioning strategies.

Section VII profiles 16 leading network security equipment vendors, analyzing their background, product offerings, traction in the mobile operator segment, and roadmaps for either broadening the security capabilities they offer mobile operators, sharpening their security focus, or both.

Next-Generation Mobile Security Gateways for 3G & 4G Networks is published in PDF format.

Table of Contents

LIST OF FIGURE

I. INTRODUCTION & KEY FINDINGS

  • 1.1 Key Findings
  • 1.2 Report Scope & Structure

II. NETWORK SECURITY IN THE EARLY DAYS OF MOBILE DATA

  • 2.1 Early Security Product Requirements for GPRS, CDMA 1X & 3G
  • 2.2 The Term "Data Center" in the Context of Mobile Network Security
  • 2.3 The Term "Security Gateway" in the Context of Mobile Network Security

III. NEW SECURITY THREATS IN THE MOBILE BROADBND ERA

  • 3.1 The Growth in Total Mobile Data Traffic Volumes
  • 3.2 The Growth in Application Layer Vulnerabilities
  • 3.3 Users, App Developers, OS & Terminal Vendors Can't Be Counted On
  • 3.4 Real-World Examples of New Attack Vectors Impacting the Mobile Network
  • 3.5 The New "Threat" From Smartphone Signaling
  • 3.6 NTT Docomo Increases Signaling Expenditure
  • 3.7 Signaling & Security
  • 3.8 Security Attacks & Network Latency
  • 3.9 New Security Arising From the LTE Architecture
  • 3.10 New Security Exposures Arising From Small Cells

IV. MARKET TRENDS IN MOBILE BROADBAND ERA

  • 4.1 New Capabilities Are Needed
  • 4.2 Mobile Operator Inputs Into Security Product Roadmaps
  • 4.3 A New Generation of Security Gateways for Mobile Networks
  • 4.4 Firewalls & Next-Generation Firewalls
  • 4.5 Intrusion Prevention Systems
  • 4.6 The 3GPP SEG
  • 4.7 Solutions to Signaling Challenges
  • 4.8 Security Applications of the 3GPP Policy Management Domain
  • 4.9 GGSNs & P-Gateways
  • 4.10 Options in Security Feature Convergence

V. SECURITY PROCUREMENT: THE MOBILE OPERATOR CONTEXT

  • 5.1 Mobile Operator Outlooks on Spending on New Security Threats
  • 5.2 The Operator's Security Organization & Its Role in Vendor Selection
  • 5.3 The Context of the Operator's Broader Long-Term Network Strategy
  • 5.4 Network Centralization vs. Distribution Issues in the Security Context
  • 5.5 Different 3GPP SEGs for Each New Cell Site Type? Or One for All of Them?
  • 5.6 So Many Interfaces to Protect; So Little Time & Money

VI. VENDOR STRATEGY FOR MOBILE OPERATOR REPS

  • 6.1 Product Characteristics, Features & Performance
  • 6.2 UTM or CTM? Product Branding Issues for Mobile Network Security
  • 6.3 Channel Strategies: The RAN Vendors
  • 6.4 Channel Strategies: Router & Other Platform Vendors
  • 6.5 Channel Strategies: Cloud Security Providers

VII. VENDOR PROFILES

  • 7.1 Alcatel-Lucent
  • 7.2 Arbor Networks Inc.
  • 7.3 Cisco Systems Inc.
  • 7.4 Check Point Software Technologies Ltd.
  • 7.5 Clavister AB
  • 7.6 Crossbeam Systems Inc.
  • 7.7 Ericsson AB
  • 7.8 Fortinet Inc.
  • 7.9 Huawei Technologies Co. Ltd.
  • 7.10 Juniper Networks Inc/
  • 7.11 McAfee Inc.
  • 7.12 Nokia Siemens Networks
  • 7.13 Radisys Corp/
  • 7.14 Radware Ltd.
  • 7.15 Sandvine Inc.
  • 7.16 Symantec Corp.

APPENDIX A: ABOUT THE AUTHOR

APPENDIX B: LEGAL DISCLAIMER

Back to Top