New-generation mobile broadband networks are more vulnerable to attacks and face a wider variety of security threats than their voice-centric predecessors, according to the report, Next-Generation Mobile Security Gateways for 3G & 4G Networks.
That's because most operators will roll out an entirely different network architecture during the next few years as they launch LTE services and that in itself could introduce new vulnerabilities, as the 4G network has a flat, IP architecture that is more familiar to would-be attackers than previous generations of mobile networks.
"The growing variety of threats and attack vectors in the mobile network mean that both the challenge of threat detection and mitigation, as well as the price of failing to meet that challenge, is steadily increasing," said Patrick Donegan, Heavy Reading senior analyst and author of the report.
Beyond the conventional distributed denial of service (DDoS) attacks, the new threats to mobile networks include the following: application-layer attacks that can bypass traditional security points; smartphone malware; smartphone signaling (while not malicious, large volumes of signaling traffic can have the same effect on the network as an attack); and LTE architecture vulnerabilities, including potential threats from new so-called "untrusted" sites, such as small cells.
And as mobile operators review their network security situation, they face an ever-widening range of technology options from different corners of the telecom and IT markets, from firewall vendors to policy management providers.
The market for mobile infrastructure security products is changing in response to new threats and operator requirements: Firewall vendors are starting to add support for intrusion prevention systems (IPS) and 3GPP-defined security gateway (SEG) functionality; router vendors have plans for adopting some SEG features, firewall and threat detection for their networking products; and enterprise-focused security companies such as McAfee Inc. (NYSE: MFE) or Symantec Corp. (Nasdaq: SYMC) have begun to develop new features for mobile operators as well.
To give an idea of the diversity of security offerings available, some of the vendors profiled in the report include Alcatel-Lucent (NYSE: ALU), Cisco Systems Inc. (Nasdaq: CSCO), Crossbeam Systems Inc. , Ericsson AB (Nasdaq: ERIC), Juniper Networks Inc. (NYSE: JNPR), Huawei Technologies Co. Ltd. , Nokia Networks , Radisys Corp. (Nasdaq: RSYS) and Sandvine Inc. .
"Increasingly, different teams in the operator will find that they are having separate dialogues with some of the same vendors about addressing their own particular security, traffic management or revenue generation issues," said Donegan. "That will serve to alter the shape of many of those conversations, RFPs and network deployments."
- Mobile Network Security Matters
- Mobile Sentiment Begins to Favor IPsec
- The Real Deal on Mobile Network Security
— Michelle Donegan, European Editor, Light Reading Mobile