Ericsson Launches 5G Integrated Packet Core Firewall

Ericsson announced a new security offering for 5G core, one that is integrated directly into its Packet Core Gateway. The Ericsson Packet Core Firewall will monitor the User Plane Traffic (UPF) for The Third Generation Partnership Project (3GPP) and non-3GPP access, monitor subscriber and roaming traffic, protect Internet Protocol Version 6 (IPv6) migration and Radio Access Network (RAN) security access gateways. Notably, the time-to-mitigation will closely align with 5G bandwidth requirements (100 Milliseconds (ms) response time), with key target deployments for edge applications in mobile broadband and the Internet of Things (IoT). This solution is based on technology from A10 networks, which is providing the network security capabilities of Ericsson’s Packet Core Firewall.

The advantages for Ericsson in partnering with A10 are three-fold. First is the security expertise that it can leverage from the cybersecurity vendor. Ericsson is a global leader in the cellular Network Equipment Provider (NEP) market. Prior to 5G, it had focused on the cellular proprietary space in tight relation with Communication Service Providers (CSPs). The cloud-native and software-centric nature of 5G are a significant market disruptor, ushering in new required competencies by virtue of being a software architecture by design, so 5G introduces new security challenges. Such challenges fall outside of NEPs’ expertise. It is key for Ericsson to ensure that it obtains these new competencies quickly; one key method is through partnerships with vendors who already have that expertise. A10, among many others like Palo Alto Networks and Fortinet, is a strong player in the network security market. Key to its appeal for Ericsson is its cloud-native and 5G security deployment capabilities, and past experience in cellular deployments.

Second, direct integration of a firewall within its packet core gateway can potentially reduce complexity and provide cost savings. Ericsson claims a 50% reduction in Total Cost of Operations (TCO) with its firewall solution. Because the UPF and firewall cloud-native functions are both integrated into one single solution, rather than being split into two separate functions, the number of connections between the upper layers of the stack (Security Information and Event Management (SIEM), Network Functions Virtualization Orchestrator (NFVO), network management systems), and the lower layers (Communication-as-a-Service (CaaS), Platform-as-a-Service (PaaS)) are halved. This is an attractive proposition for potential users.

Third, it opens up the market for cybersecurity vendors to come in and work with NEPs directly, and not only offer these solutions to CSPs, but potentially directly to enterprises in private networks. NEPs will need to adopt a more modular approach to 5G networks and cultivate the ability to provide a variety of different security solutions with their network offerings, in a sort of plug-and-play fashion. Not only do enterprises sometimes have their preferred cybersecurity vendors that they will want to leverage, but the cybersecurity market is highly competitive and dynamic, providing a broad and varied choice of very capable vendors that are constantly innovating. The ability for NEPs to provide this kind of security vendor choice and flexible change-over will be key.

5G is still a nascent network technology, with the latest release (R16) frozen only very recently (July 2020). Commercially mature security capabilities are still a little way off, whether it is for core, new radio, user or control plane, standalone and non-stand-alone, Enhanced Mobile Broadband (eMBB), Massive Machine Type Communication (mMTC) or Ultra-Reliable Low-Latency Communication (URLLC). The transition from Long Term Evolution (LTE) and the various new enterprise application categories make for a complex environment that presents many new areas outside of NEPs’ and CSPs’ expertise. However, this offers significant opportunities for new entrants. Certainly, the closed, proprietary models, and monopolies enjoyed by past stakeholders in older cellular generations are coming to an end. Software-centric, virtualized functions, and cloud-native are the mots d’ordre and all stakeholders will need to open up their supply chains and partnership opportunities in order to remain competitive. And while the 5G standards provide many improved security functionalities, these still need to be deployed and managed appropriately, be of carrier-grade quality, and ensure compliance with existing security regulations. The 5G security market will be a multi-vendor one, and key to NEPs’ success will be their ability to embrace vendor-agnostic platforms, in security as elsewhere.