Mobile Infrastructure Security Features

Describes the new mobile infrastructure security features in PAN-OS 10.0.
New Mobile Infrastructure Security Features
Description
Network Slice Security in a 5G Network
Network operators lack tools to investigate security events related to enterprises and industry verticals served by network slices in 5G. Also, they are unable to offer customizable, advanced network security capabilities that can be dynamically created per network slice. You can now apply context-aware network security to an enterprise or customer from a vertical industry that is using a 5G network by creating Security policy rules based on network Slice/Service Type (SST). The firewall supports standardized SSTs and operator-specific SSTs.
Equipment ID Security in a 5G Network
In 5G, HTTP/2 replaces the GTP-C and Diameter protocols; therefore, existing network security technologies relying on GTP-C and Diameter protocols for extracting context, such as equipment ID or International Mobile Equipment Identity (IMEI), will not work in 5G. Network operators lack tools in 5G to investigate security events related to equipment and devices. Because the majority of IP addresses assigned to equipment and devices connected to 5G networks are dynamic, context-aware security capability based on Equipment ID is required to secure them and protect the network from compromised or disallowed equipment and devices. You can now apply Security policy rules based on the equipment identity (Permanent Equipment Identifier [PEI] including IMEI) of a device, such as an IoT device, phone, or tablet, in your 5G network.
Subscriber ID Security in a 5G Network
In 5G, HTTP/2 replaces the GTP-C and Diameter protocols; therefore, existing network security technologies relying on GTP-C and Diameter protocols for extracting context, such as subscriber ID or International Mobile Subscriber Identity (IMSI), will not work in 5G. Network operators lack tools in 5G to investigate security events related to subscribers and users. Because the majority of IP addresses assigned to subscribers and users connected to 5G networks are dynamic, context-aware security capability is required to secure them and protect the network from compromised or disallowed subscribers and users. You can now apply Security policy rules based on the subscriber ID (Subscription Permanent Identifier [SUPI] including IMSI) of a subscriber or user in your 5G network.
Equipment ID Security in a 4G Network
Because the majority of IP addresses assigned to equipment and devices connected to 4G/LTE networks are dynamic, context-aware security capability based on equipment identity is required to secure them and protect the network from compromised or disallowed equipment and devices. You can now apply Security policy rules based on the International Mobile Equipment Identity (IMEI) of a device, such as an IoT device, phone, or tablet, in your 4G/LTE network.
Subscriber ID Security in a 4G Network
Because the majority of IP addresses assigned to subscribers and users connected to 4G/LTE networks are dynamic, context-aware security capability based on subscriber identity is required to secure them and protect the network from compromised or disallowed subscribers and users. You can now apply Security policy rules based on the International Mobile Subscriber Identity (IMSI) of a subscriber or user in your 4G/LTE network.

Recommended For You