Upload File

safeguarding the edge of 5g and multi-cloud the edge.pdf · safeguarding the edge of 5g and...

  • Home
  • Documents
  • SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING
23
www.menaisc.com SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD LEE CHEN FOUNDER/CEO

Upload: others

Post on 29-May-2020

6 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

w w w . m e n a i s c . c o m

SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD

LEE CHENFOUNDER/CEO

Page 2: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

2

Reliable Security Always™

SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUDLee ChenFounder/CEO

Page 3: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

3

5G & MULTI-CLOUD ARCHITECTURE EVOLUTION

LATENCY

Beyond just Nuisance

SCALE

Higher Data and attack traffic

MOVE TO MEC

Edge Cloud

IoT ADOPTION

Billions of IoT’s coming online

Page 4: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

4

THE ERA OF EDGE COMPUTINGDEMANDING APPLICATIONS REQUIRES MINIMAL LATENCY

Wireline

3G/4G RAN

5G RAN

Internet Service Provider Applications

Core functions

Applications

Core functions

Applications

Wi-Fi

Users

Closer to Users

Page 5: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

5

LATENCY IS MATTER OF LIFE AND DEATH MISSION CRITICAL APPLICATIONS

• Remote surgery

• Emergency consultations

• Self driving cars

• Industrial automation

Page 6: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

6

Source: NCTA

BILLIONS OF IOT’S COMING ONLINE

Page 7: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

7

HIGHER THROUGHPUT, DENSITY AND SMARTER UE’S

20 XSpeed

10 XDensity

Smarter UE’s

5G converts devices into colossal threat actors

Page 8: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

8

CHALLENGES

Page 9: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

9

SECURITY A TOP PRIORITY FOR 5G DEPLOYMENT

Source: BPI Network, BTIG 5G Survey Results

Concerned about security in 5G

94%

Think DDoS protection is most

important

62%

Have or are planning to upgrade Gi-Firewall

81%

Have or are planning to upgrade

GTP-Firewall

74%

Page 10: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

10

LOW LATENCY IS THE KEY DRIVER OF 5G ADOPTION

• Unpredictable delay is not an option

• Resiliency is built-in, but it is not enough

Page 11: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

11

IOT ATTACKS ARE THE NEW NORMAL

Source: NCTA

Matter of time before a new mega attack is launched

Page 12: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

12

ATTACKS CAN COME FROM INSIDE

Internet Service Provider

Wi-Fi

Wireline

3G/4G RAN

5G RAN

Core functions

Applications

Core functions

Applications

Applications

Page 13: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

13

PROTECTING ONE CENTRAL DATACENTERVS HUNDREDS OF MICRO-DATACENTERS

Internet Service Provider

Wireline

3G/4G RAN

5G RAN

Core functions

Applications

Core functions

Applications

Applications

Wi-Fi

Page 14: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

14

Core functions

Applications

A SINGLE DEVICE CAN BRING DOWN A MEC LOCATION

Infected UE Core functions

Applications

Internet Service Provider

Wireline

3G/4G RAN

5G RAN

Applications

Wi-Fi

Page 15: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

15

TRADITIONAL DEFENSES ARE NOT POSSIBLE

Internet Service Provider

Wireline

3G/4G RAN

5G RAN

ApplicationsCore functions

Applications

Core functions

Applications

Wi-Fi

Page 16: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

16

SOLUTIONS FOR EVOLVING MOBILE NETWORK REQUIREMENTS

RAN Edge Cloud(MEC / MAEC)

Core functions

Applications

Core functions

Applications

EPC

SGW PGW

MME

Gi LAN IP Services

GTP/SCTPFirewall

GTP-LBDiameter LBSub Sess Dir

CGN SDN / NFVReady

SEG/ IPsec

ADC CGN DDoSDPI SDN / NFVReady

Gi/SGiFirewall

IPsecVPN

Scale-out

cluster

TCP Opti-

mization

L4-L7Firewall

ADC/Traffic

Steering

SDN / NFVReady

Visibility(GTP, IP)

IPsecVPN

CGN DDoS

Page 17: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

17

MITIGATE IF POSSIBLEOR TRAFFIC STEER

Local BreakoutAdditional Security

Cloud Scrubbing

Good Traffic -> Local BreakoutSuspect Traffic -> Additional SecurityBad Traffic -> Cloud Scrubbing

Wireline

3G/4G RAN

5G RAN

Internet Service ProviderCore functions

Applications

Core functions

Applications

Applications

Wi-Fi

Page 18: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

18

COMPREHENSIVE PROTECTIONALL NETWORK INTERFACES

SGW PGW

MME

RAN

1

2

3

2

4

Gi-FW:• Gi/SGi-LAN Protection -

2GTP/SCTP* Firewall • S8, S5 - GRX/IPX/EPC

3 SeGW:• IPsec VPN

4Diameter Firewall:• S6a, S9

1

GRX/IPXPEER NETWORK

EPC

EPDG

DDoS/Threat Protection:• All external paths

GI-LAN

5

5

5

5

FUNCTION CONSOLIDATION

Page 19: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

19

DDOS THREAT PROTECTION FOR MNO’S

Data Network/Internet

Radio Access Network

SGSN / SGW GGSN / PGW

MME

A10 Threat Intelligence Service

Tele

met

ry

aXAPI/BGP Blackhole

SIP ServersTPS

DDoS Detection Traffic Analytics

NAT / Firewall

TPS

IPv4/v6 Cloud

Circuit Switched Network

ePDGWi-Fi APWi-Fi Calling

Geo-Distributed WebRTC Servers

WebRTC

DNS Servers

External DNSThunder TPS

Attack Surface

Evolved Packet Core

BBUPool

Thunder CFW

COMPREHENSIVE SECURITY

Page 20: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

20

IDEAL SOLUTION ML BASED DETECTION AND AUTOMATED RESPONSES

AUTO INCIDENTCREATION

CONTINUOUS LEARNING

AUTO TRAFFIC PROFILING

AUTOMITIGATION

AUTO REPORT GENERATIONTHREAT INTELLIGENCE

AUTO ATTACK DISCOVERY

MLSimplify

OperationsMaximize Protection

<10msResponse

Time

Page 21: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

21

IDEAL SOLUTION Scalable L4 Firewall

GTP / Diameter Inspection

IPsec VPN

Scalable L7 FW

HTTP/2 Protection

Scalable TLS Inspection

Security Edge Protection Proxy

Flexible Form FactorsCarrier Grade NAT

Consolidated functions Scalable -Built for Carriers

Protect 4G AND 5G infrastructure

DDoS detection

Consolidated Firewall

Page 22: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

22

BENEFITS OF CONSOLIDATIONFEATURES OF ONE FUNCTION, RATHER THAN MULTIPLE FUNCTIONS

Docker Daemon

Infrastructure

HOST Operating System

BINS/LIBS BINS/LIBS

FW CGN

BINS/LIBS

DPI

Docker Daemon

Infrastructure

HOST Operating System

BINS/LIBS

FW

CGN

DPI

Integrated Network Functions (NF) at Virtual Entity Level:Lower Compute, Memory and latency

NF1 NF2 NF2

NF1

NF2

NF2

FUNCTION CONSOLIDATION

Page 23: SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD the Edge.pdf · SAFEGUARDING THE EDGE OF 5G AND MULTI-CLOUD. Lee Chen. Founder/CEO. 3 5G & MULTI-CLOUD ARCHITECTURE EVOLUTION ... PROTECTING

23

Thank You

Reliable Security Always™


Analytical Energy-Efficient Planning of 5G Cloud Radio

5G MEDIA VERTICAL - ETSIosm-download.etsi.org/ftp/osm-6.0-six/7th-hackfest/5G Verticals/5G... · 5G Media Vertical 5G PaaS VNFs Cloud APIs 5G Service Intent Engine AMF PCF UPF Infrastructure

Beyond 5G Multi-Tenant Private Networks Integrating

Driving 5G performance with Cloud RAN - nokia.com

Convergence of Decentralized Cloud Platforms and …rolcg2016.ifin.ro/prezentari/28.10.2016/1.G.SUCIU-5G,Cloud,USPR...Convergence of Decentralized Cloud Platforms and 5G Networks

Bay Area - Linux Foundation Events...2018/10/30  · Bay Area Agenda • Key drivers for 5G • 5G and Cloud native • Edge Cloud • Core Cloud • Microservices building block •

Multi-Connectivity in 5G New Radio: Configuration

Issues for Multi-Band Multi-Access Radio Circuits in 5G ... · PDF fileIssues for Multi-Band Multi-Access Radio Circuits in 5G Mobile ... massive MIMO and distributed antenna ... Blind

in 5G and Cloud Era - Huawei

MULTI-CLOUD MANAGEMENT - Doublehorn€¦ · MULTI-CLOUD MANAGEMENT 2. MULTI-CLOUD MANAGEMENT: AN OVERVIEW MULTI-CLOUD MANAGEMENT Multi-cloud management is an open cloud platform delivered

5G Whitepaper: The Flat Distributed Cloud (FDC) 5G ... · PDF fileINSTITUTE FOR COMMUNICATION SYSTEMS 5G INNOVATION CENTRE 1 | P a g e 5G Whitepaper: The Flat Distributed Cloud (FDC)

KT 5G IT Edge Cloudeventcheckin.co.kr/fortinet/361security2019/images/T2_04.pdf · 2019-10-21 · 2 5G IT Edge Cloud 3 5G IT Edge Cloud : Use-cases 4 5G IT Edge Cloud : 3 Strengths

Issues for Multi-Band Multi-Access Radio Circuits in 5G

How to Leverage 5G with Cloud Gaming · 2 CASE STUD ow to everage 5G with Cloud Gaming The Explosion of Cloud Gaming on 5G Internet gaming traffic is forecast to increase ninefold

== Rapid Application Development for Cloud · Enter CloudFoundry Open Source Multi language, Multi framework, Multi Application services, and Multi Cloud. Cloud Portability Cloud

Security Guidance for 5G Cloud Infrastructures

Hybrid Cloud and Multi-Cloud

2G/3G/4G/5G Multi-Technology Testing · Power Measurements (30 MHz—6 GHz) • 3GPP: All existing 2G, 3G, 4G, and 5G FR1 bands Multi-Band. Multi-Technology • 5G NR • LTE FDD

Open Source Communities Demonstrate End-to-End 5G Cloud Native Network€¦ · Open Source Communities Demonstrate End-to-End 5G Cloud Native Network 6 A 5G Cloud Native Network Demo

Cloud X: Driving increased value from 5G investments

Unleash the Next Generation of 5G Cloud Services

Analytical energy-efficient planning of 5G cloud radio

Cloud processing for 5G systems v6simeone/Cloud processing for 5G systems v6.pdf · Cloud Processing for 5G Systems Cloud Radio Access Network (C-RAN): Baseband processing offloading

Yin˜Zhang Min˜Chen Cloud Based 5G Wireless Networksmmlab.snu.ac.kr/~mchen/min_paper/2016/2016-5G-Book.pdf · Cloud Based 5G Wireless Networks 123. Yin Zhang School of Information

SRVR Index - 5G Cloud Infrastructure · Mission Critical Assets for 5G & Cloud 5G and Cloud infrastructure are intertwined as both rely on each other’sarchitecture. Todaysdigital

Communications Service Providers 5G Multi-Access Edge

Converged Heterogeneous Advanced 5G Cloud-RAN Architecture

5G, FutureNet e Tecnologie · 5G, FutureNet e Tecnologie • Network Cloud - AT&T Flies 'Airship' to 5G Cloud • 5G Smartphone Modems Cost Nearly 2x as Much as 4G Ones, Claims Latest

5G Core Network - itu.int · PDF file5G Core Network - ZTE 5G Cloud ServCore Zhijun Li, ZTE Corporation . ZTE 5G Cloud ServCore Overview Standard & Open •Compliant 3GPP, ETSI

Converged Heterogeneous Advanced 5G Cloud-RAN Architecture ... · multi-tenancy in the light of the SDN and NFV networking paradigms. The scope of security and multi-tenancy within

Multi-Beam Multi-Stream Communications for 5G and Beyond

5G multi antenna advantage - Wireless@KTH · PDF fileEricsson 5G Roadmap 1st 5 Gbps throughput –June 2014 1st Dual Connectivity LTE-5G ... 5G multi antenna advantage Author: Bo Göransson

5G Whitepaper: The Flat Distributed Cloud (FDC) 5G ... · The Flat Distributed Cloud (FDC) 5G Architecture Revolution January 2016 . INSTITUTE FOR COMMUNICATION SYSTEMS 5G INNOVATION

2018 COURSE CATALOG - awardsolutions.com · 5G Radio Technologies and Deployments 5G Services and Network Architecture Cloud and Open RAN Architectures LTE-M and NB-IoT Multi-Access

GTI 5G and Cloud Robotics White Paper - Huawei