INTELLIGENT MOBILE TECHNOLOGY
Secure network frameworks
required to manage 5G, IoT roll outs
Conventional network architectures and conventional
security solutions will fail to manage 5G and IoT rolls out,
argues Kalle Bjorn at Fortinet.
I
n the new digital economy, businesses
that are able to adapt will be the most
competitive and successful. This
will require adopting new technologies,
networking systems and strategies. But
many of the emerging technologies and
strategies that are being deployed across
our networks come with a set of unknowns
that are having a huge impact on security.
The reason is that traditional approaches
to security were never really designed to
protect dynamic, borderless and hyper-
connected environments.
The security challenge is that packets
travel over an encrypted tunnel in SD-
WAN. While there are certain security
advantages to such an approach,
44
what if one end or the other has been
compromised? What if ransomware has
been installed on a particular endpoint
device? It turns out that encrypted tunnels
make an ideal mechanism for hiding the
distribution of malware.
From another viewpoint, some
organisations are starting to adopt
software-defined perimeters because they
can stop network-based attacks against
their applications infrastructure and
control access to applications to ensure
that they can only be accessed by pre-
authorised users and devices.
Software-defined perimeters do this
using a combination of transport layer
security, public key infrastructure and
security assertion markup language
married with a control infrastructure.
The idea is that certificate-based
authentication and transport layer
security tunnels allow secure client
server communications that are immune
to various network-based attacks. This
means that software-defined perimeters
are essentially guaranteeing that only pre-
authorised users and devices can access
the application infrastructure.
But this approach does not really
answer the question: is this encrypted
connection passing potentially malicious
traffic? Because the client device could
still be compromised via an advanced
persistent threat attack, allowing
Issue 12
INTELLIGENT TECH CHANNELS