Rethinking Operations and Security for 5G

Rethinking Operations and Security for 5G
(Image credit: Veriato)

The rollout of 5G has the potential to dramatically decrease latency; however, introducing 5G technology can also increase the attack surface for ill-intentioned actors. 

To add to the issue, security teams are struggling to increase their resources using endpoint security in a quick, cohesive manner. These teams are already resolving thousands of alerts per day and are quickly running out of capacity, which begs the question - what are service providers to do?

About the author

Rodrigo Brito is the Head of Product Management, Cybersecurity at Nokia.

To maintain secure operations in the 5G era, providers will need three key things: 

  1. A holistic security management approach
  2. Implementation of the SOAR model (security orchestration, analytics and response)
  3. Digital trust

Taking a holistic approach to security

Part of the reason why service providers encounter a high number of security alerts is due to their dependence on point tools that each resolve specific problems. These layers of protection are difficult to manage and largely unintegrated, which slows the time between attack detection and mitigation. When holistic security management is leveraged, disparate silos become connected, mitigation is sped up and analytics become the glue that marries different technologies to ensure the right intelligence is shared with the right people at the right time.

Expanding intelligence gathering and analysis allows security operations teams to prioritize and automate activities to better inform decision making. The result is an adaptive security architecture that automates security through intelligence and analytics. That’s where the SOAR model comes in to play.

Leveraging the SOAR model

SOAR systems aggregate data from disparate point tools and analyze it for enriched and cohesive security intelligence within business-specific contexts. They also contribute to cloud orchestration and automation, which are vital to the transition from static defense to adaptive and agile response — an essential for security teams that are currently overwhelmed by exhaustive manual processes.

Combining AI with SOAR systems draws on information from both human and machine activity to actively identify and respond to sophisticated threats. This enables the identification of behavior that is likely to result in a security breach by users or other entities. It also helps bring previously unknown threats to light — and it has the potential to identify threats before they even happen.

For example, when a threat is detected, security automation, which is based on detailed mitigation, activates “cyber playbooks” that help accelerate recovery. These automated processes maximize the capacity of service providers’ existing human resources by allowing analysts to spend less time on each incident, a particularly helpful benefit for service providers with staffing shortages.

Building digital trust

In the intelligent, automated and dynamic context of 5G security, digital trust is paramount. It extends to both people and machines, making it a necessary foundation for every telecoms business relationship.

On the people side, optimizing digital trust ensures that the correct individuals have access to the correct systems. This includes rigorous identity management to quickly identify anomalous behavior and prevent credential theft. For machines, it boils down to the proper authenticated use of digital certificates, as well as the ability to ensure that any device communicating over the network is legitimate.

However, 5G networks are composed of multiple layers of processes, services and equipment, which makes them more complicated to secure than legacy networks. This complexity requires service providers to incorporate adaptability and speed into their security approach, in addition to integration and automation. 

Adaptability is an important requirement of digital trust because cyber-attackers are constantly using increasingly sophisticated techniques to get past security defences and antivirus software. Since hackers usually tweak their attacks in real-time, service providers’ defenses must be adaptive to respond just as quickly.

This brings us to the other crucial facet of digital trust – speed. A highly important success factor for security is reducing dwell time, or the length of time a hacker goes undetected after breaching the first-line security and gaining access to the network. The slower the reaction, the longer a hacker has to steal valuable data. By leveraging the integration, orchestration, automation, and adaptability tactics mentioned above, dwell time can be reduced by 80 percent.

The key to 5G

By harnessing AI, enabling “cross-slice visibility,” implementing SOAR systems, connecting silos, and maintaining digital trust, service providers can leverage the utmost assurance for all network activities and increase overall productivity within IT teams. Additionally, these technologies allow them to shrink the number of security alerts to an actionable and prioritized set of addressable threats, while also providing security teams with more valuable information. This relieves humans from having to manually complete tasks that they otherwise wouldn’t be able to keep up with in the dynamic and complex 5G environment.

To attain these optimized processes, it’s essential that security gets built into 5G services by design and not as an afterthought. It needs to be in place any time new partners or customers are connected to the network and when new services are launched. Without it, the massive revenue opportunities 5G presents will be at risk.


Rodrigo Brito is the Head of Product Management, Cybersecurity at Nokia.

Rodrigo Brito is the Head of Product Management, Cybersecurity at Nokia