Palo Alto Networks lays out blueprint for 5G native security offerings

At this stage, the offering is a set of concepts which are being realized into existing products, and there will be some new ones. The most immediate opportunity is in enterprise private networks, which are actively being developed.

Palo Alto Networks has announced what they are terming the industry’s first 5G-native security offering, which will allow service providers and enterprises to provide robust security for 5G networks.

Products are available today, with more coming as the portfolio is fully rounded out.

“It’s a set of concepts being realized into products, which will be available in multiple ways,” said Anand Oswal, senior vice president and general manager, Firewall as a Platform, at Palo Alto Networks. “For example, you can still have a physical firewall, but most customers will want it containerized.”

While most of the market has focused on the whiz-bang impact that 5G will provide to mobile users, the big issue for enterprises is security, Oswal stressed.  5G raises issues of complexity that are more significant than those encountered by its predecessors.

“1G was about voice,” he said. 2G was digital voice. 3G was adding the data. 4G was all IP networks and iPhone. 5G has a lot of benefits for the end user, and will help them get better feeds and speeds on the endpoints. But that’s not enough for service providers in terms of revenue streams. That’s why you need to ensure security is first.”

5G is much more distributed than 4G, which is good in the sense that it makes it more powerful, but bad in the sense that it’s harder to protect.

“There are more touchpoints,” Oswal stated. “It’s more distributed than ever before. 4G was still a closed loop system and not fully open, but 5G is not a closed loop system. In 4G, the packet core was still a box in the data centre. Now, it’s at the edge. In 5G, the software that authenticates your device is now containerized, and no longer in a physical box, as it was in 4G.”

What Palo Alto Networks has done here to provide the needed security, Oswal said, is leverage its experience in securing enterprises and mobile networks and complement it with understanding of the 5G protocols and 5G network interfaces.

“We’ve taken our experience in securing mobile networks, added deep understanding of 5G protocols and added it to existing products and platforms,” he stated. “There will be new products, but this provides 5G capability within existing products, and the ability to seamlessly integrate this into cloud architectures. This gives service provides and enterprises full visibility and control of 5G.”

Oswal said Palo Alto Networks sees three main use cases for 5G in the enterprise, two of which he acknowledged are still more future propositions. One is multi-access edge compute which requires granular secure infrastructure to provide real-time correlation of threats to 5G users and devices. The other is 5G network slicing, which involves service providers giving the enterprises a slice of their network end-to-end. Both of these have been in trials, and are expected to roll out during 2021.

The third use case is already being actively deployed – private enterprise networks, particularly in manufacturing, transportation, and smart supply chains.

“5G is getting into private networks and mobile compute networks, but these are not fully connected and digitized,” Oswal indicated. “Robots and machinery need high precision and low latency, and running private 5G networks can provide this. This use case has already started to be deployed.

“This is the area where the channel can really help enterprises as they build out these private networks, to provide context-driven security at scale around 5G with full automation, connecting the architecture to cloud architecture with deep visibility and granularity,” Oswal added.

Oswal acknowledged that much of the IT channel is conservative, and dreads making deep investments in technologies before firm evidence of broad market acceptance exists. Still, he emphasized that 5G will be such a force, that even though only part of that market is being realized today, the rest will soon follow.

“This market is already taking off in many ways,” he said. “76% of enterprises believe 5G will enable new types of threats. It’s a massive market. Network slicing is a new market. For channel providers, it will be new sources of revenue.”

Oswal said that Palo Alto Networks’ job here is to make it possible for partners and customers to deploy efficient and large 5G deployments through their use of automation and analytics.

“It’s critical to drive complex security at scale,” he stressed “Because we can understand 5G at scale, our job is to simplify it through automation and analytics. It’s very hard to learn new protocols and technologies because the industry moves so fast, so the only answer to how you can scale across a global environment is with automation and analytics.”

Expect to see more of these capabilities rolled out going forward, Oswal indicated.

Today, 5G security capabilities are available on the Palo Alto Networks PA-5200 Series and PA-7000 Series next-generation hardware firewalls, as well as all VM-Series software models running PAN-OS 10.0+. Security Services can be added based on use case requirements.