3 minute read
Why network intelligence is vital in addressing RAN threats
Telecommunication networks are an obvious target for high-impact attacks. In the Radio Access Network (RAN) domain, which is the most physically accessible part of mobile networks, the limited awareness of the scale and sophistication of the false base station (FBS) threat makes it attractive to malicious actors. Learn how Ericsson is using network intelligence to address RAN threats.
An FBS can perform active or passive attacks against mobile devices or user equipment to steal private information through techniques such as eavesdropping, tracking, identity spoofing, data and traffic modification or denial-of-service (DoS) invasions.
Manual threat detection is resourceintensive and prone to human errors and false positives. But without adequate detection capabilities, these threats will remain unknown to service providers.
Ericsson Security Manager (ESM) addresses the needs of next-generation security operations by making security visible and automating security processes.
Key benefits of ESM
• Protection: Baseline Automation functionality provides repeatable processes for systematic selection of technical security and privacy policies and controls.
• Detection: ESM provides a detection engine that supports telco-specific detection logics, addressing RAN domain, telco cloud-native threats and operational and management (O&M) activities-related threats.
• Certificate automation: Ericsson Certificate Automation reduces time to market and lowers lifecycle management costs due to a preintegrated solution with 5G cloudnative network functions (CNFs) and other network nodes.
Announcing new capabilities in network intelligence
Ericsson is launching new capabilities in both ESM and Ericsson basebands (RBS components) to improve our customers’ security posture even further. In addition to existing features, these capabilities make it possible to reduce risks by better protecting the network and detecting RAN-specific threats.
The two new capabilities are:
• In baseband products, we are adding the Advanced RAN Defense software, which provides the new security-related capabilities that enable ESM to detect FBS-specific attacks.
• In ESM, we are adding the RAN Detection Logic software, which supports the detection of false base stations.
These two features, working with the Ericsson Network Management (ENM) system, collectively comprise the Ericsson RAN Security Threat Detection solution.
How it works
Ericsson RAN Security Threat Detection is built on common data flows, or measurement reports, between the user equipment (UE)—typically mobile phones—and base stations in the service provider’s network. Since we know the network topology around a specific UE, we know what these measurement reports should look like. We then use smart algorithms in the ESM software to find any discrepancies between the topology ENM knows to be correct and the topology information reported by the UEs. Any incremental differences indicate the possible presence of FBSs.
How it’s implemented
First, security operations personnel work with network operations personnel to decide where and when to activate the detection solution and which frequencies to monitor. Threat detection is typically deployed in sensitive areas such as military installations, near police stations and in political neighborhoods. The solution can also be deployed for the entire network.
The challenging cybersecurity environment
There are more than 24 trillion threat signals daily. (Microsoft)
Ransomware-related data leaks increased by 82% in 2021. (Crowdstrike)
48% of organizations do not have an efficient incident response plan in place. (Crowdstrike)
Read the blog post at t.eric.sn/3TbaUSE to learn more about:
• The main challenges with detecting FBSs
• How FBS detection works
• The benefits of FBS threat detection, including:
– No need for additional hardware
– Lower OPEX through automated detection with precise alerts
– Brand and customer protection
