Network security

These solutions manage the security credentials, digital identities and processes used to authenticate network elements and users for network access and data exchange. Specific applications include managing the privileged access of administrators as they tap into physical or virtual networks infrastructure, the creation and lifecycle of security certificates and public keys used to establish digital trust in network communications, and new Secure Identify Management (SIM) solutions designed for secure, mass-scale 5G IoT deployments

Security orchestration tools unify multiple network security products, technologies, and data sets to provide operators with greater insight and control of the many security threats impacting their networks. Data from multiple sources are aggregated, enriched, and used to drive security policies that reduce time to detection, investigation, and remediation. Security orchestration tools can be packaged with endpoint security, threat intelligence, and other elements to provide comprehensive security operations authentication and remediation (SOAR) out-of-the-box, or they can be provided as part of cloud-based security-as-a-service offerings.

DDoS defense tools are used to quickly identify and mitigate Distributed Denial of Service attacks that target service provider networks and the many endpoints, services, and corporate networks they support. DDoS detection requires big-data security analytics augmented with machine learning and a multi-dimensional view of networks to quickly – and accurately - identify the many types of DDoS attacks plaguing today’s networks, including botnet, reflection, amplification, syn flood, and ransomware. Modern IP routers that support mass-scale, high-performance, silicon-based filtering play an important role in DDoS detection and DDoS mitigation by allowing big-data security analytics to protect all network assets and customers from DDoS attacks, not just a select few.

Network cryptography is used to protect the integrity, authenticity and confidentiality of data being transported across networks. Network cryptography capabilities are available across multiple network layers. New security techniques focused on MPLS, Segment Routing and other transport mechanisms are being embedded in network silicon to help protect all in-flight-data from an increasingly hostile threat landscape. IPsec gateways are heavily used in mobile networks and critical industry networks to protect traffic between network domains or provide secure remote access. With the evolution of quantum computers, new cryptographically relevant quantum computers (CRQC) will posses the ability to compromise our historic asymmetric cryptography frameworks. New Quantum-Safe Networks with both Quantum-Safe physics and mathematics-based keys, combined with network encryption technologies such as symmetric AES-256 block cipher encryption, will be required to provide secure and trusted network connectivity in the quantum-era.

Firewalls are used to stop unsolicited or illegitimate traffic from entering a secure network zone by creating pinholes that allow only solicited or legitimate traffic to pass through. Firewalls keep track of Transmission Control Protocol (TCP), GPRS Tunneling Protocol (GTP), administration and maintenance (OAM), and other solicited network flows to quickly identify and block unsolicited attempts to access the control, user and management planes of network functions and applications. Best-of-breed firewalls for mobile gateways also provide DDoS protection against amplification attacks, anomaly attacks, and botnet attacks that specifically target mobile subscribers and RAN resources.

Self-defending network infrastructure allows the network to provide a more scalable and cost-effective way of protecting itself and all the services that depend on it by integrating DDoS filtering, encryption, and other security capabilities that would otherwise be provided by external stacks of security appliances. Security capabilities, and considerations are built into every layer of network infrastructure from the network silicon all the way to the net OS, to provide a zero-trust network foundation.