Next-Generation Mobile Security Gateways for 3G & 4G Networks
|出版日||ページ情報||英文 55 Pages
|3G・4Gネットワーク向けの次世代モバイルセキュリティゲートウェイ Next-Generation Mobile Security Gateways for 3G & 4G Networks|
|出版日: 2012年03月23日||ページ情報: 英文 55 Pages||
As mobile operators increase their broadband subscriber base and become full-fledged Internet service providers (ISPs), new security threats are emerging that impact the mobile network or have the potential to impact it in the future. Emerging threats include the growth in application layer vulnerabilities, risks presented by smartphone app developers and operating systems, the issue of excess signaling in the network being generated by smartphones and smartphone apps, and new security risks presented by the new Long Term Evolution (LTE) architecture.
To keep up with changes in the security threat landscape, those responsible for protecting the availability and integrity of the mobile network will have to undertake substantial refreshes of their network security architecture and equipment. Different corners of the equipment vendor market are responding accordingly. Vendors are bringing new feature roadmaps and toolsets to market to enable mobile operators to better protect their networks and subscribers.
Driven by enterprise as well as carrier demand, most vendors of firewall and intrusion prevention system (IPS) products are evolving to next-generation solutions. Leading router vendors are adding IPsec termination capabilities on their carrier-grade platforms to align with mobile operators' LTE security requirements. Distributed denial of service (DDoS) and other threat-mitigation vendors are developing bespoke solutions to reduce the impact of smartphone signaling, and many security vendors are looking at tighter integration with the 3rd Generation Partnership Program's (3GPP's) policy management domain.
This report breaks with convention in the way the term "security gateway" is used in the mobile network. It considers the 3GPP-defined Security Gateway (SEG) as just one of several functionalities - alongside firewall, IPS, deep packet inspection (DPI) and policy management and others - that can be bundled into a security gateway product. In this report, a security gateway is defined as a product that may - or may not - include the 3GPP-defined SEG among its capabilities.
Next-Generation Mobile Security Gateways for 3G & 4G Networks identifies some of the key new security threat vectors that are impacting the mobile network or have the potential to impact it in the future. It also explores the new feature roadmaps and toolsets that mobile security vendors are bringing to market - including the evolution of key capabilities such as firewall, IPS, DPI, the 3GPP-defined SEG and DDoS protection - along with how each feature might potentially be combined with others to create an optimized mobile network security gateway.
The report also examines how vendors from both IT security and telecom network backgrounds are positioning for these new opportunities, profiling 16 leading vendors of network security equipment.
The deployment of LTE is a primary driver behind the evolving requirements for mobile security gateways. As shown in the excerpt below, the LTE architecture is much flatter and much more IP-centric than 3G, which has a number of security implications, particularly where the backhaul network is concerned. In LTE, IP backhaul is mandatory; the RNC node is eliminated, giving a potential attacker a straighter path to the network core; there are many more signaling and bearer paths between network elements; and the encryption of user traffic terminates in the eNodeB rather than the RNC, making the backhaul a potential security exposure for user plane data.
The next two to three years will see a lot of innovation in security product development and the business models of equipment vendors. A new generation of security-oriented capabilities and products is coming onto the market. Many of these have a growing number of capabilities and features that are uniquely tailored to the security needs of the mobile network. The excerpt below lists many of the equipment vendors that are leading the industry in building new features and products to meet the emerging security needs of mobile operators.
Next-Generation Mobile Security Gateways for 3G & 4G Networks is structured as follows:
Section I is an introduction to the report, with complete report key findings.
Section II outlines the legacy network architecture and products that were originally installed to protect the mobile packet core when GPRS and CDMA 1X were first launched. It explains the basics of mobile security and examines how some basic terms such as "data center" have evolved in relation to the mobile network and security.
Section III identifies some of the key new security threat vectors that are impacting the mobile network or have the potential to impact it in the future, as mobile operators evolve into full-fledged ISPs. It also provides real-world examples of new attack vectors impacting the mobile network.
Section IV explores the new feature roadmaps and toolsets that mobile security vendors are bringing to market, including the evolution of key capabilities such as firewall, IPS, DPI, the 3GPP-defined SEG and DDoS protection, along with how each feature might potentially be combined with others to create an optimized mobile network security gateway.
Section V describes the security equipment procurement environment within mobile operators, exploring their varying approaches to security, how network security requirements are drawn up and enforced, and how RFPs are managed. It also considers questions of deploying security capabilities centrally or according to a more distributed architecture, including issues relating to the number of interfaces that need protecting, consolidation of different radio access types onto one security gateway, and centralization or distribution of features such as firewalls and DPI.
Section VI considers the mobile operator segment from the perspective of the security vendor, identifying the specific features and performance metrics that are most effective, as well as more general market positioning strategies.
Section VII profiles 16 leading network security equipment vendors, analyzing their background, product offerings, traction in the mobile operator segment, and roadmaps for either broadening the security capabilities they offer mobile operators, sharpening their security focus, or both.
Next-Generation Mobile Security Gateways for 3G & 4G Networks is published in PDF format.