Secure access service edge (SASE) and 5G are two of the biggest buzzwords in the network world, and according to Palo Alto Networks, the technologies represent an opportunity for managed service providers to drive revenues and combat a vastly expanded security perimeter.
The world is changing and so is the threat landscape, Keith O’Brien, CTO of worldwide service providers at Palo Alto Networks, said during a virtual panel discussion at MWC Barcelona. “More remote users — people working from home — obviously increase the threat surface that’s available to attackers,” he said. “Moving applications to the cloud also increases and changes the threat surface.”
Meanwhile, threat actors are using advanced technologies like machine learning to automate and target their attacks. Access to a workload allows attackers to mine cryptocurrency or inject ransomware, he said.
“Addressing these challenges requires greater visibility,” O’Brien said. “You can’t secure what you can’t see.”
This is where technologies like SASE and 5G network slicing come into play.
Sliced and Segregated
Network slicing effectively allows service providers to extend a private 5G connection to customers by virtually segregating traffic from the rest of the network, according to Sree Koratala, VP of mobility security product management at Palo Alto Networks.
“Slicing is a fundamental component of securing 5G networks,” Jeremy Capell, director of information and security at Dish Network, said during the event.
“Imagine for a second you’ve got a radio and everything on that radio site is virtualized. This means that the radio access network that distributes the signal is virtualized, the core network functions that allow you to operate the network and send an SMS or make a call are virtualized, and the supporting business systems are virtualized,” he said. “We can then package that slice for an enterprise, giving them their own network functions. … In essence, giving you your own 5G network.”
From a security perspective this has numerous advantages, including protection against eavesdropping, person-in-the-middle, and denial of service attacks, Capell explained.
Network slicing, however, remains a relatively nascent technology that relies on a 5G network core, something few operators can claim. However, Koratala argues that when widely available, network slicing will enable service providers to offer better security and unique service level agreements.
5G Gets SASE
Koratala expects carriers to offer an array of secure networking services on these 5G network slices.
Many carriers, including AT&T and Verizon, already offer SASE as a managed service. AT&T tapped Fortinet and Palo Alto Networks for its managed SASE platform, and Verizon is using Versa Networks and Zscaler.
Dish also contracted Palo Alto Networks as a key security partner but has yet to bring its 5G network online.
Coined by Gartner in 2019, SASE knits together a wide range of networking, edge, and security products ranging from SD-WAN and cloud-based firewalls to zero-trust network access and secure web gateways into a single cloud-delivered package.
In addition to traditional point-to-point connectivity provided by SD-WAN, SASE allows users to inspect and apply policy to traffic as it traverses the network.
“SASE provides a new degree of security down to the user and device level,” Rupesh Chokshi, VP of Cybersecurity at AT&T Business, said during the panel.
This visibility enables service providers to extend threat intelligence and prevention at the network level.
“We’re able to instantaneously and automatically respond to security incidents across our network,” Capell said of Dish Network’s emerging 5G network. “The way that we’re going to be architecting that service-based, software-defined network, we’re going to be able to literally see into every nook and cranny of the network and find any critter that’s causing problems.”
"dish" - Google News
June 29, 2021 at 06:04AM
https://ift.tt/3hepqYv
Palo Alto Networks, AT&T, Dish Boost SASE 5G Security - SDxCentral
"dish" - Google News
https://ift.tt/2MXZLF4
No comments:
Post a Comment