Is fixed wireless access the new frontier for threats to the mobile network?

4G/5G fixed wireless access (FWA) represents a major growth opportunity for mobile network operators (MNOs) because they bring more traffic, new services, new subscribers, and, importantly, new revenue streams. According to Ericsson, there will be 330 million FWA 5G connections by 2029.

With all this potential new growth comes a looming threat. As MNOs add subscribers, those very same subscribers present a real danger to FWA—literally an enemy within. As FWA increasingly competes with wireline access, the infrastructure within users’ homes or office environments is increasingly being brought onto mobile networks. All of the traditional threats associated with wireline access, such as distributed denial-of-service (DDoS) attacks, aggressive scanning, open proxies, and a whole range of other “bad” behaviors are now going to be impacting mobile networks.

These kinds of threats hold the potential to have a much bigger impact on mobile networks than they do within wireline environments. This is due to the inherent complexity of mobile networks, which are more susceptible to bandwidth bottlenecks from aggressive scanning or DDoS attacks. For this reason, MNOs need visibility and detection capabilities that are geared toward identifying and then managing these kinds of threats.

Supporting the Ultimate Goal of Monetization

As MNOs look to monetize 5G networks, end-through-end visibility and detection within mobile network services are essential in order to assure performance. The most common monitoring tools are looking at traffic as it exits the mobile network onto the internet. However, by this time the damage is done. MNOs are left with only a partial picture of what’s going on. There is no good way to consistently map which subscribers are either sending or receiving good or malicious traffic.

Obviously, monitoring inside the mobile network provides a more complete picture of what’s going on. However, the tricky part is being able to see what individual users are doing within the many different elements of the mobile infrastructure. The control plane within the mobile network offers an effective way to identify subscribers and look at the services they’re connected to. The key is being able to correlate that information with what’s happening in the user plane in order to generate telemetry that can reveal how traffic is going in, how it’s going out, and how it’s traveling across the mobile network.

Monitoring inside the mobile network is the best way to gain a clear understanding of the threats in FWA so that MNOs can better manage and control risk, which is a major concern for any MNO. In this context, risks include the performance and availability of subscriber services that can be impacted by DDoS attacks, synchronous activity from botnets, and other bandwidth bottlenecks. There is also a risk to reputation because any disruptions to subscriber services can lead to customer churn, which in turn impacts revenue. This reputational risk extends to how enterprises will view the reliability of an MNO as they consider mission-critical next-generation 5G services, such as industrial control services and smart environment services that will run over different slices within a 5G network.

Another risk consideration is related to critical infrastructure regulation. In some parts of the world, internet service providers (ISPs) are included in critical national infrastructure. With that comes requirements focused on an ability to investigate security incidents happening on their networks—which requires visibility and detection within the mobile network itself.

The final risks are resources and costs. Mobile network bandwidth is expensive. Wasting that bandwidth simply to move bad traffic around does not make good business sense.

The Advantage of Visibility Without Borders

In order to manage and control these risks, MNOs need good visibility to detect bad traffic. NETSCOUT’s Omnis CyberStream solution delivers what we call Visibility Without Borders using scalable deep packet inspection (DPI) deployed inside the mobile network. In this way, MNOs are able to observe user traffic within GTP-U tunnels and then correlate it in real time with the control plane to obtain a complete picture of traffic in, out, and across the mobile network. Telemetry is then sent to NETCOUT Arbor Sightline Mobile, which visualizes the traffic on the network, including the services that are being used, and provides inbound, outbound, and cross-bound DDoS detection capabilities that are enriched with information about key convergence points within the mobile network and the identity of the subscribers.

This gives MNOs the ability to identify outbound DDoS attacks before they can impact the infrastructure, service performance, and availability. Packet telemetry is also fed into NETSCOUT Omnis Cyber Intelligence (OCI), which identifies compromised devices and botnet populations.

NETSCOUT Visibility Without Borders delivers high-fidelity, consistent visibility into any mobile environment, whether it’s 3G, 4G, 5G, non-standalone, or 5G standalone. This visibility is from the RAN through the core to the offload, voice, video, and data services. And because these solutions are agnostic to network equipment manufacturers, they work in any environment.

As FWA continues to grow and MNOs look to monetize 4G/5G networks, the ability to assure the performance and security of these vital networks will be essential. Monitoring and observability inside mobile networks while delivering a complete picture of what’s happening down to the subscriber level will be needed to achieve growth objectives. Visibility Without Borders will be key to managing and controlling risk. 
    
Watch the Light Reading webinar  “4G/5G Fixed Wireless Access: Great Opportunity, Growing Threat.”

Download the paper “Two-Sided Security for 5G Fixed Wireless Access,” by HardenStance.