SPONSORED: Successful investment and execution strategies in this distributed world will hinge on the ability to integrate a flexible mix of fixed, virtualized and containerized multi-interface solutions at the edge.

Jim Hodges, Chief Analyst - Cloud and Security, Heavy Reading

November 3, 2020

4 Min Read
Standalone security: MEC and DDoS implications

Although 5G service is already available in many countries and markets, it is poised to enter a new phase with the deployment of the 5G core (5GC) paired with a 5G RAN in a standalone (SA) configuration. 5GC deployments will enable the delivery of low latency services at the edge, but they also have major security implications.

In order to understand the security impacts of the introduction of the 5GC SA core, Heavy Reading launched the 5G Core Security Market Leadership Study (MLS) in 3Q20. The study-based survey developed with sponsors A10 Networks, Ericsson, Hewlett Packard Enterprise (HPE) and NetNumber attracted 115 global survey respondents and addressed a broad range of security topics, including 5GC, security investment strategies for 4G, 5G and multi-access edge computing (MEC) core networks and threat mitigation strategies.

In addition to commencing 5G SA rollouts, some communications service providers (CSPs) are starting to implement MEC-based services. Given that 5GC SA and MEC are edge-based cloud-native technologies, there are clear synergies associated with deploying both.

Effective edge security strategy

However, as shown in the table below, MEC and 5GC both inject a great deal of complexity into optimizing investment in foundational capabilities such as firewalls and distributed denial-of-service (DDoS) mitigation infrastructure. As a result, by 2023, CSPs will make substantial investment to support DDoS detection and mitigation in MEC nodes utilizing a mix of physical (13-15%), non-container (8-16%) and container-based functions (11-19%) even within the same network technology.

These data points also confirm that MEC nodes and 5GC SA are both becoming important components of an effective edge security strategy. Also of note is that existing gateways, firewalls, network address translation (NAT) and DDoS infrastructure will remain important security functions. Only a small range of survey participants (11-24%) expect that these will not be required in three years, which validates that they remain important security functions.

Figure 1: Security support in 2023 Question: How will the following security and GiLAN capabilities be supported in 2023? (Select all that apply) (n=76-98) (Source: Heavy Reading) Question: How will the following security and GiLAN capabilities be supported in 2023? (Select all that apply) (n=76-98)
(Source: Heavy Reading)

As the table above confirms, DDoS detection and mitigation investment will need to be spread among 4G, 5G and MEC. One of the reasons a multi-network investment strategy is necessary is that DDoS attacks are opportunistic and target any interface in any cloud location, on any device.

Investment priorities

The figure below documents this reality. The key takeaway is that based on the highest level of investment input (Rank 1), DDoS investment in MEC will necessitate substantial security investment to deal with a range of DDoS attacks — especially for those affecting MEC nodes (39%).

Figure 2: Highest network-level threat investment priorities (Rank 1) Question: On a scale of 1 to 4 where 1 is the greatest priority and 4 is the lowest priority, please rank your investment priorities in 4G, 5G, or MEC networks to address the following security threats? (n=111) (Source: Heavy Reading) Question: On a scale of 1 to 4 where 1 is the greatest priority and 4 is the lowest priority, please rank your investment priorities in 4G, 5G, or MEC networks to address the following security threats? (n=111)
(Source: Heavy Reading)

The requirement to support a multi-interface or application-level MEC and 5GC SA DDoS security strategy is emphasized in the bulleted mitigation implementation options below. Although a few survey respondents (13%) did not yet have a strategy at all, 27% plan to mitigate DDoS attacks via core network interfaces (including 5GC), while 23% will deploy DDoS mitigation functions in each MEC node monitoring internet interfaces:

  • DDoS attacks will be mitigated at core network interface only: 27%

  • DDoS mitigation functions will be deployed in each MEC node at the internet interface: 23%

  • DDoS attacks will be mitigated at both MEC and core network interfaces: 16%

  • Applications hosted in MEC will provide their own DDoS protection: 21%

  • Still working on a strategy: 13%

Question: How will MEC nodes be protected from DDoS and other attacks? (n=107)

A third approach is to develop DDoS monitor and mitigation protection in the application layer (21%) itself. This is logical given DDoS attacks manifest themselves in various forms (e.g., application-layer attacks and volume-based attacks).

Overall, these data points and others we will present in future related blogs confirm that edge security in either a 5G or MEC context is fundamentally different from previous mobile generations. Successful investment and execution strategies in this distributed world will hinge on the ability to integrate a flexible mix of fixed, virtualized and containerized multi-interface solutions at the edge.

Looking for additional information?

Plan to watch this archived version of a recent webinar where we presented more of the research data from this study. You can register here.

— Jim Hodges, Chief Analyst, Cloud & Security, Heavy Reading

This blog is sponsored by A10 Networks.

Read more about:

Omdia

About the Author(s)

Jim Hodges

Chief Analyst - Cloud and Security, Heavy Reading

Jim leads Heavy Reading's research on the impact of NFV on the control plane and application layers at the core and edge. This includes the evolution path of SIP applications, unified communications (UC), IP Multimedia Subsystem (IMS), session border controllers (SBCs), Diameter signaling controllers (DSCs), policy controllers and WebRTC. Jim is also focused on the network and subscriber impact of Big Data and Analytics. He authors Heavy Reading's NFV and SDN Market Trackers. Other areas of research coverage include Subscriber Data Management (SDM) and fixed-line TDM replacement. Jim joined Heavy Reading from Nortel Networks, where he tracked the VoIP and application server market landscape and was a key contributor to the development of Wireless Intelligent Network (WIN) standards. Additional technical experience was gained with Bell Canada, where he performed IN and SS7 network planning, numbering administration, technical model forecast creation and definition of regulatory-based interconnection models. Jim is based in Ottawa, Canada.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like