Founded on Research
Our research into the signaling threat landscape, vulnerabilities in mobile networks, and technology to counter threats and attacks has always been the foundation for our products and services. It ensures our solutions protect against all threat categories and keeps us ahead of threat actors.
Recently, we have researched the potential for attacks exploiting transport protocols carrying signaling traffic within a mobile network’s perimeter and found potential attacks pertinent to 3G, 4G and 5G. While previously these internal risks may not have been seen as relevant, they become more pronounced as operators increase access to cloud environments in pursuit of new business opportunities, as well as the general trend to outsource to others to manage and maintain their network. In our recent research we have validated and demonstrated how threat actors could exploit these vulnerabilities to intercept communication, degrade service quality, or carry out DoS attacks.
A Zero-Trust Approach is Needed
However, this research is just the beginning, once we accept internal telecom threats are real. Several threat actors have strong interests in these internal exploits, whether that be for internal compromised nodes, supply-chain attacks or some means of injecting attacks within a network. It can, for example, be criminals intercepting communication to commit fraud for financial gain or nation-states seeking to disrupt communication by disrupting the operation of critical infrastructure. There has already been a steady stream of supply-chain or internal-exploiting attacks uncovered within IT networks, and there is no reason to think that telecom networks will be immune to these.
To counter these new attack vectors, we have pioneered a more zero-trust approach that provides mobile networks with a security overlay capable of monitoring traffic between any nodes within the network. Together with lead customers, we are refining and optimizing this novel technology.
The concept extends traditional signaling firewall visibility, into detecting anomalies in transport layer protocols carrying network signals between nodes. This allows detection of attacks originating from within the network, e.g. man-in-the-middle, or man-on-the-side type of attacks. Combining strong perimeter security with anomaly detection on networks’ internal interfaces solidifies and deepens any mobile operator’s network security.
Security In-Depth for Mobile Networks
The overlay architecture is based on probes distributed across the network, where they tap and filter packets for protocols transmitted over SCTP (which has been our research focus so far), TCP and UDP. This is a non-intrusive and very efficient process where each probe only uses minimal system resources and reports only what is important. The probes hook into the existing environment, regardless if it is a bare-metal, virtualized, or containerized cloud environment.
Information collected and filtered by the probes is fed to the signaling firewall, which performs correlation and analysis to find anomalies and produce relevant insights and responses. This process lends itself well to AI-powered algorithms in combination with explicit rules for specific cases that, for example, are discovered through threat intelligence gathering.
Thanks to making the signaling between network functions in radio and mobile cores visible, network interfaces and software behaviour on the nodes can be monitored. With that, security-in-depth can be achieved for 3G, 4G, and 5G networks.
Leading the Way in Mobile Network Security
Signaling firewalls have long been a foundation for building network security capabilities in mobile networks. Because mobile networks have been relatively closed, the perimeter security offered by signaling firewalls has, in most cases, been enough. However, as mobile networks are opening up to create conditions for new services and new use cases, a new, broader and deeper security scope is needed. Enea is leading the way in developing new security technology to extend signaling firewall capabilities for this new landscape.
