Posts

Why 5G Needs to Start with Secure Network Access

5G comes with enormous possibilities — and increased risks. Here’s what you need to consider when securing your network in preparation for this game-changing technology.

The latest cellular connectivity standard, 5G, has taken wireless performance to the next level. Apart from improving throughput speeds, efficiency and latency, 5G will be able to support a massive scale of devices and simultaneous connections.

The software-defined architecture of 5G, including 5G security, brings forward use cases that were not previously imaginable. 5G is the first generation of cellular technology that is designed with virtualization and cloud-based technology in mind. With cloud-based technologies, software execution can now be disconnected from specific physical hardware by utilizing Software Defined Networking (SDN) and Network Function Virtualization (NFV).

Mobile security has significantly evolved since the 4G days, and today’s 5G standard offers several strong security capabilities, such as features for user authentication, traffic encryption, secure signaling and user privacy. However, as the technology is still new and evolving, the concept of “5G security” lacks an official definition.

While 5G networks are still in the deploy-and-expand mode, the introduction of untested and unverified 5G-enabled products and services has created opportunities for bad actors to exploit the new technology and architecture.

As 5G adoption accelerates, organizations will need higher levels of network security and reliability to protect both their users and their business-critical applications. Here are a few reasons why:

  • 5G enables digital transformation, but also enables opportunities for cybercrime.
  • The migration of applications and network functions to the cloud, along with network slicing, opens new attack surfaces.
  • An ever-increasing number of endpoints and the adoption of distributed or remote work arrangements redefine the network perimeter daily.
  • Network and threat visibility challenges lead to an increased attack surface, thus creating new entry points for bad actors.
  • This expanded and undefined security perimeter is hard to control and monitor.

5G and Secure Network Access

Security teams have a gigantic task ahead of them when it comes to securing their network for 5G, including implementing the right policies for users, devices and applications. Organizations must adopt models like Zero-Trust Network Access (ZTNA), which allows security teams to set up least-privilege and granular access alongside authentication and authorization of every user and device throughout the network, which substantially lowers the chances of bad actors infiltrating your network.

ZTNA’s emphasis on eliminating implicit trust and requiring validation of each access request is the new secure way to move forward. A Zero Trust framework ensures complete visibility and control of the 5G infrastructure, including connecting devices, networking interfaces, applications and workloads. Zero Trust security can help organizations quickly identify and act against various security threats.

ZTNA is flexible enough to be adapted for various systems. 5G Zero-Trust architecture is end-to-end — including radio access network, transport and core — and consists of multiple layers. Zero-Trust Architecture Logical Elements (as defined in NIST SP 800-207) security establishes trust in user identity and device, enhanced end-to-end visibility, and control of every device accessing the network using any cloud deployment model. Below is the logical Zero-Trust architecture for 5G (as per NIST SP 800-207) that can be employed by 3GPP-based systems:

This graphic illustrates zero trust architecture (zta) and policy components described in the article.

Together, the Policy Engine (PE) and Policy Administrator (PA) form the Policy Decision Point (PDP), which makes decisions enforced by the Policy Enforcement Point (PEP). Policy frameworks are employed in 3GPP-based systems to manage access to resources in different security domains.

While adopting Zero-Trust principles for 5G security, organizations can improve security from multiple angles:

  • Least Privilege: Allows precise access, clubbed with context, to 5G network functions.
  • Identity Validation: Defines identity to encompass all users and devices that require access to protected resources.
  • Network Segmentation: Protects sensitive data and critical applications by leveraging network segmentation, preventing any lateral movement.
  • Security Policies: Implement precise 5G security policies for granular control over data and applications.
  • Continuous Validation: Eliminates implicit trust and continuously validates every stage of digital interaction.
  • Protection of Cloud-Native Network Function (CNF) Workloads: Protects CNF running on public or private cloud throughout their Continuous Integration / Continuous Deployment lifecycle.
  • Monitoring and Auditing: Monitors all interactions between users, devices and network functions at various layers.

The bottom line is this: ZTNA for 5G presents an opportunity for organizations to rethink how users, applications and infrastructure are secured — and ensure that they’re secured in a way that is scalable and sustainable for modern cloud, SDN-based and open-sourced environments while supporting a smoother, more efficient path to digital transformation.

 

Wireless Security, Wi-Fi Management Hot Topics at RSA Conference 2019

Like the many years before it, RSA Conference 2019 in San Francisco was full of buzz, energy, product “noise” and, this year, lots of heavy rain. And, of course, I forgot to bring my umbrella.

Rain or shine, RSA draws over 50,000 attendees each year. The event provides a chance to get to know the hot products shaping the security industry, hear from industry experts and connect with peers.

Although many fantastic cybersecurity products were on display on the expo floor, there were a few that completely stood out — and the end-to-end SonicWall wireless solution was among them.

Wireless security, planning and management from a single solution

The SonicWall wireless solution is comprised of SonicWave access points, WiFi Cloud Manager, WiFi Planner and the SonicWiFi mobile app. In fact, Biztech named the SonicWave wireless access points among the new and useful technology seen at the show. (Go to the 3:30 mark in the video below.)

SonicWave access points (AP) combine high-performance IEEE 802.11ac Wave 2 wireless technology with flexible deployment options. The APs can be managed via the cloud using SonicWall WiFi Cloud Manager or through SonicWall’s industry-leading next-generation firewalls. The result is a solution that could be untethered from the firewall to provide you a superior WiFi user experience that’s as secure as any wired connection.

SonicWave access points take advantage of the Wave 2 standard with MU-MIMO support, which enables simultaneous transmission to numerous Wave 2-enabled wireless clients, providing an enhanced user experience. You can also easily extend your Wi-Fi networks and effortlessly set it up with mesh technology.

Wireless security — even without a firewall

SonicWall integrates advanced security right on the access points. The cloud-based, multi-engine Capture Advanced Threat Protection (ATP) sandbox and Content Filtering Service (CFS) can be enabled on the access points to provide advanced threat detection and protection.

SonicWave access points provide you comprehensive wireless security with features including a dedicated third radio for security scanning, wireless intrusion detection and prevention, wireless firewalling, secure Layer 3 wireless roaming and more.

Easy Wi-Fi planning, management from the cloud

If you aren’t an RF expert, getting the right AP placement for optimal coverage or density is somewhat impossible. Prior to AP deployment, designing and planning Wi-Fi networks with a site survey tool is essential.

This is where SonicWall WiFi Planner comes to your rescue. It is a predictive, cloud-based site-survey tool to ensure you have the best RF plan.

Once you have a plan, next you need to onboard the devices. The SonicWall SonicWiFi mobile app, available on iOS and Android, helps you monitor networks, easily onboard wireless access points and set up wireless mesh networks.

After onboarding you need to manage maybe dozens or even thousands of SonicWave access points. Named one of the 16 hottest network and endpoint security products at RSA by CRN, SonicWall WiFi Cloud Manager streamlines the process. It is available via the cloud-based Capture Security Center and delivers single-pane-of-glass visibility to reduce costs and simplify Wi-Fi management.

Wave 2 wireless access points are reliable, easy to manage

SonicWave access points are ideal for most deployments as they provide reliable user experience with flexible management. SonicWave 200 series access points are best suited for medium-to-low density requirements.

For example, the SonicWave 231c can be used indoors in retail stores or classrooms and can be installed on ceilings. While the SonicWave 224w can be used in indoor locations like hotel and hospital rooms.

On the other hand, the SonicWave 231o outdoor access points are IP67-rated to withstand tough outdoor conditions and fit perfectly in outdoor spaces like parks, playgrounds and parking lots. For higher density requirements, SonicWave 400 series access points is ideal.

SonicWall Now a California Multiple Award Schedule (CMAS) Vendor

SonicWall has received the California Multiple Award Schedule (CMAS) and is now a CMAS vendor in the state of California.

What is CMAS?

The California Multiple Award Schedule (CMAS) allows state agencies and local governments to streamline purchasing and ensure the payment of appropriate prices for information technology and non-information technology products and services.

The program is a part of the State of California Department of General Services Procurement Division. Vendors among the CMAS Unit have the capability of offering goods and services that have been competitively bid and awarded on a Federal General Services Administration (GSA) Schedule. The GSA is an independent agency of the United States government established in 1949 to help manage and support the basic functioning of federal agencies.

“SonicWall is dedicated to providing our partners every available competitive advantage during the selling process and reduce obstacles they may face,” said SonicWall general manager John Mullen, who oversees the company’s State, Local, Education (SLED) initiatives. “We look forward to working with them as a CMAS contractor to bring proven cyber security defenses to California’s highly depended upon state and local agencies that provide a range of services to the community.”

Being awarded CMAS means SonicWall has even more of an opportunity to support K-12 education through the use of the E-rate program.

What is the E-rate program?

Who Can Use CMAS?

Educational institutions in the state of California in the following categories are eligible for CMAS products or services.

  • K-12 public schools in California
  • Community colleges that spend public funds
  • California State University and University of California systems
  • State agencies
  • Any city, county or district

E-rate is a U.S. federal program that funds technology in schools and libraries. Many SonicWall network security products and services can be purchased by school districts and libraries through E-rate funding.

Many SonicWall network security products and services — including firewalls, high-speed wireless, and content filtering — can be purchased by school districts and libraries through E-rate funding, a Federal program funding technology in schools and libraries.

Leveraging the E-rate program enables cost savings which can help your district better comply with CIPA while safeguarding students, faculty, staff, data, and applications with state-of-the-art network security technology from SonicWall.

For more information, or to inquire about SonicWall solutions under the CMAS program, please contact John Mullen (jmullen@sonicwall.com) or Holly Davis (holly@komplement.us).

Save Money with E-rate Funding

If you are utilizing E-rate funding to assist you in buying your networking and cyber security solutions, SonicWall can help. Talk to our team of E-rate funding experts who can ensure your SonicWall solution aligns with the rules and regulations of the E-Rate program.