Standalone security: MEC and DDoS implications
Although 5G service is already available in many countries and markets, it is poised to enter a new phase with the deployment of the 5G core (5GC) paired with a 5G RAN in a standalone (SA) configuration. 5GC deployments will enable the delivery of low latency services at the edge, but they also have major security implications.
In order to understand the security impacts of the introduction of the 5GC SA core, Heavy Reading launched the 5G Core Security Market Leadership Study (MLS) in 3Q20. The study-based survey developed with sponsors A10 Networks, Ericsson, Hewlett Packard Enterprise (HPE) and NetNumber attracted 115 global survey respondents and addressed a broad range of security topics, including 5GC, security investment strategies for 4G, 5G and multi-access edge computing (MEC) core networks and threat mitigation strategies.
In addition to commencing 5G SA rollouts, some communications service providers (CSPs) are starting to implement MEC-based services. Given that 5GC SA and MEC are edge-based cloud-native technologies, there are clear synergies associated with deploying both.
Effective edge security strategy
However, as shown in the table below, MEC and 5GC both inject a great deal of complexity into optimizing investment in foundational capabilities such as firewalls and distributed denial-of-service (DDoS) mitigation infrastructure. As a result, by 2023, CSPs will make substantial investment to support DDoS detection and mitigation in MEC nodes utilizing a mix of physical (13-15%), non-container (8-16%) and container-based functions (11-19%) even within the same network technology.
These data points also confirm that MEC nodes and 5GC SA are both becoming important components of an effective edge security strategy. Also of note is that existing gateways, firewalls, network address translation (NAT) and DDoS infrastructure will remain important security functions. Only a small range of survey participants (11-24%) expect that these will not be required in three years, which validates that they remain important security functions.
As the table above confirms, DDoS detection and mitigation investment will need to be spread among 4G, 5G and MEC. One of the reasons a multi-network investment strategy is necessary is that DDoS attacks are opportunistic and target any interface in any cloud location, on any device.
The figure below documents this reality. The key takeaway is that based on the highest level of investment input (Rank 1), DDoS investment in MEC will necessitate substantial security investment to deal with a range of DDoS attacks — especially for those affecting MEC nodes (39%).
The requirement to support a multi-interface or application-level MEC and 5GC SA DDoS security strategy is emphasized in the bulleted mitigation implementation options below. Although a few survey respondents (13%) did not yet have a strategy at all, 27% plan to mitigate DDoS attacks via core network interfaces (including 5GC), while 23% will deploy DDoS mitigation functions in each MEC node monitoring internet interfaces:
- DDoS attacks will be mitigated at core network interface only: 27%
- DDoS mitigation functions will be deployed in each MEC node at the internet interface: 23%
- DDoS attacks will be mitigated at both MEC and core network interfaces: 16%
- Applications hosted in MEC will provide their own DDoS protection: 21%
- Still working on a strategy: 13%
Question: How will MEC nodes be protected from DDoS and other attacks? (n=107)
A third approach is to develop DDoS monitor and mitigation protection in the application layer (21%) itself. This is logical given DDoS attacks manifest themselves in various forms (e.g., application-layer attacks and volume-based attacks).
Overall, these data points and others we will present in future related blogs confirm that edge security in either a 5G or MEC context is fundamentally different from previous mobile generations. Successful investment and execution strategies in this distributed world will hinge on the ability to integrate a flexible mix of fixed, virtualized and containerized multi-interface solutions at the edge.
Looking for additional information?
Plan to watch this archived version of a recent webinar where we presented more of the research data from this study. You can register here.
— Jim Hodges, Chief Analyst, Cloud & Security, Heavy Reading
This blog is sponsored by A10 Networks.