“IoT sensors have small code footprints and are constrained in memory, CPU, and bandwidth to host built-in security modules, hence, riddled with vulnerabilities”
Palo Alto Networks has released what it describes as the “first 5G-ready” firewall, the K2, designed to protect infrastructure carrying a growing torrent of cellular Internet of Things (CIoT) traffic, including across so-called “Narrow Band IoT” (NB-IoT) networks.
NB-IoT is one of a competing array of standards (backed by Huawei, Ericsson, Qualcomm, and Vodafone) that proposes tapping unused 200-kHz bands to connect billions of IoT devices across “Low Power Wide Area Networks”.
The firewall’s launch comes as analysts expect more than 25 billion IoT connections (cellular and non-cellular) by 2025, driven largely by growth in the industrial IoT market, as connected devices proliferate in an anticipated $1.1 trillion market.
But with the roll out of such LPWANs, come risks.
As Palo Alto Networks puts it: “While NB-IoT opens the doors for new types and classes of applications serving new revenue opportunities to the operators, these low-power, low-cost, and unsecured IoT sensors also pose expanded security risks for the operator’s network and end users.”
“The IoT sensors have small code footprints and are constrained in memory, CPU, and bandwidth to host built-in security modules, hence, riddled with vulnerabilities. Even the simplest of vulnerabilities can turn into a serious threat concerning the business service, infrastructure, as well as subscribers consuming the service.”
5G Security: Needs to Handle Huge Traffic Volumes
The firewall can handle traffic throughput of an impressive 1 Tbps – using dedicated processing and memory for networking, security, threat prevention, and management – and has been designed to offer granular visibility over traffic, and use machine learning to help identify malicious IoT network deployment.
The new tool will “protect the mobile network from signalling storms, including various tunnelling and application layer attacks coming through the GRX/IPX networks on S8, S6a/S6d interfaces,” the company said.
The K2-Series also comes with what is fast becoming industry standard, automated cloud-based threat intelligence.
It supports all mobile use cases, such as RAN, roaming, SGi, and non-3rd Generation Partnership Project (3GPP) access protection, Palo Alto Networks said.
The release comes as cybersecurity industry focus increasingly shifts to 5G security. The reasons are obvious: unlike previous generations of cellular technology, the 5G business model is based on supporting highly sophisticated use cases for enterprise verticals, including the automotive and health sectors: in both, human lives are at stake.
5G’s arrival comes in a different security era to 4G. As a recent Cisco whitepaper notes: “5G is the first cellular generation to launch in the era of the “weaponization” of the Internet.”
“It’s worth recalling that when 2G and 3G were launched most security threats were posed by a small subset of insiders using mostly manual attack vectors, as well as an elite of ultra-sophisticated encryption experts. Even back in 2009 when 4G was launched, the security threat landscape was nothing like today’s.”