9
PROTECT EVERY STRATEGIC CONTROL POINT A GUIDE TO SECURITY FOR SERVICE PROVIDERS
PROTECTEVERY STRATEGIC CONTROL POINTA GUIDE TO SECURITY FOR SERVICE PROVIDERS
2
PROTECT EVERY STRATEGIC CONTROL POINT
Attacks can interrupt your core business and disrupt your bottom line. According to a recent study, 34 percent of all service providers report that they’ve lost revenue because of attacks in the past year, while 30 percent said they lost customers or business opportunities as a result of these attacks.1
According to our 2018 F5 Labs Threat Analysis Report, 98 percent of the top 50 attacking IP addresses resolve to ISP/telecom companies and hosting providers.2
Not long ago, an unprecedented Mirai-based botnet malware attack blocked Internet access to millions of users in the U.S. The same Mirai botnet—a global network of infected cameras, printers, digital video recorders, and other Internet of Things (IoT) devices—attacked the CPE devices of a service provider and took an estimated 900,000 home routers offline in Germany.
Data security for service providers focuses on two core issues: maintaining network availability and preventing data loss. Failure in either area can irreparably damage your reputation and directly impact your business.
YOUR NETWORK AT RISK
At least 46 million home devices are thought to be vulnerable worldwide to this type of attack.2
A 2018 report3 identified more than 53,000 incidents and 2,216 confirmed data breaches in 65 countries in just one year. It identified ransomware as the most common type of malware—found in 39 percent of malware-related data breaches.
Three key measures will help ensure that your security environment is robust today—and together lay the groundwork for future growth and change:
• Apply security at strategic control points to limit network vulnerability.
• Adopt a hybrid hardware/software approach to optimize the way you mitigate volumetric attacks.
• Prepare your network to manage IoT today and as it continues its exponential growth.
ATTACKS CAN INTERRUPT YOUR
CORE BUSINESS AND DISRUPT YOUR
BOTTOM LINE.
1 http://b2me.cisco.com/en-us-annual-cybersecurity-report-2017 | 2 https://f5.com/labs/articles/threat-intelligence/ddos/the-hunt-for-iot-the-growth-and-evolution-of-thingbots-ensures-chaos | 3 https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf
PROTECT EVERY STRATEGIC CONTROL POINT
3
GTP & DNSSESSION DIRECTOR
MOBILE EDGE AND COREMOBILE ACCESS
EPC NETWORK SLICING
SGW PGWEPC n
EPC 2
EPC 1
•••
ACCESS NETWORK
RAN SGi-LAN Consolidation
SGI SERVICE LAN
Gi FirewallCGNAT
IoT FirewallDDoS
DNS Firewall
Tra�c SteeringDPI and Analytics
TCP OptABR Video OptURL Filtering
WIRELINE, CABLE, AND WIFI ACCESS
DSL/FTTxCable
WiFiSERVICE LAN
DPI & AnalyticsCGNAT
URL FilteringDNS Firewall
CONTROL PLANE
ENTERPRISE
ADC & Security Services
CPEEnterpriseData Center
DATA CENTER SERVICES
CloudServices
PUBLIC CLOUD
GTP FirewallDiameter Firewall
INTERCONNECT
Cloud-Based Security Services
GRX/IPXMVNO
INTERNET
CLOUD
VNF
DNS
DNS LB,Cache & Firewall
LDNS Resolver
EPC & IMS
Diameter & SIP Session Director
HSS, PCRF,OCS X-CSCF, SBC
ADC & Security Services
TRADITIONAL IT
ANALYTICS
+Partners
+Partners
DDOS
Flow Collector,DDoS Scrubber
+Partners+Partners+Partners
+Partners
Virtual L4–L7 Services
TELCO CLOUD & NFV
vCPE vDNS vGi-LAN
VNF
Container Connector for N-S L4-L7 Services
MICROSERVICES
MQTT Tra�c Management &
Security
IOT PLATFORM
BNG/CMTS
VNF
SILVERLINE
SECURE EVERY STRATEGIC CONTROL POINTProtecting your entire network services infrastructure requires a disciplined, organized approach. You must adopt targeted measures to secure every potential vulnerability, including your data center, control plane, and applications. The three most effective strategic control points in your network are the data center, the network edge/SGi-LAN, and the roaming interconnect.
BEING ABLE TO INSTANTLY IDENTIFY AND HANDLE ATTACKS IS PARAMOUNT TO PROTECTING YOUR NETWORK.
Different types of traffic transiting to and through your network might require different security techniques. Stopping a high-volume, distributed denial-of-service (DDoS) attack requires a different approach than stopping an intruder from gaining access to hosted data storage (even through those attacks might occur to, or within, the same network). Being able to instantly identify and handle attacks is paramount to protecting your network.
Let’s look at how securing the strategic control points in your network fit together to optimize security.
NETWORK ARCHITECTURE INCLUDING ACCESS NETWORK, CONTROL PLANE, DATA CENTER, AND CLOUD
FIGURE 1Multiple security tools support each strategic control point (network edge/SGi-LAN, data center, and roaming interconnect)
PROTECT EVERY STRATEGIC CONTROL POINT
4
• Apply a full-proxy, data center firewall-based approach—Adopt a comprehensive data center strategy to enhance visibility and control throughout ISO layers 4 through 7. A data center, firewall-based approach can help ensure infrastructure security while the network scales by
GTP & DNSSESSION DIRECTOR
MOBILE EDGE AND COREMOBILE ACCESS
EPC NETWORK SLICING
SGW PGWEPC n
EPC 2
EPC 1
•••
ACCESS NETWORK
RAN SGi-LAN Consolidation
SGI SERVICE LAN
Gi FirewallCGNAT
IoT FirewallDDoS
DNS Firewall
Tra�c SteeringDPI and Analytics
TCP OptABR Video OptURL Filtering
WIRELINE, CABLE, AND WIFI ACCESS
DSL/FTTxCable
WiFiSERVICE LAN
DPI & AnalyticsCGNAT
URL FilteringDNS Firewall
CONTROL PLANE
ENTERPRISE
ADC & Security Services
CPEEnterpriseData Center
DATA CENTER SERVICES
CloudServices
PUBLIC CLOUD
GTP FirewallDiameter Firewall
INTERCONNECT
Cloud-Based Security Services
GRX/IPXMVNO
INTERNET
CLOUD
VNF
DNS
DNS LB,Cache & Firewall
LDNS Resolver
EPC & IMS
Diameter & SIP Session Director
HSS, PCRF,OCS X-CSCF, SBC
ADC & Security Services
TRADITIONAL IT
ANALYTICS
+Partners
+Partners
DDOS
Flow Collector,DDoS Scrubber
+Partners+Partners+Partners
+Partners
Virtual L4–L7 Services
vCPE vDNS vGi-LAN
VNF
Container Connector for N-S L4-L7 Services
MQTT Tra�c Management &
Security
BNG/CMTS
VNF
SILVERLINE
GTP & DNSSESSION DIRECTOR
MOBILE EDGE AND COREMOBILE EDGE AND COREMOBILE ACCESS
EPC NETWORK SLICINGEPC NETWORK SLICING
SGW PGWEPC n
EPC 2
EPC 1
•••
ACCESS NETWORK
RAN SGi-LAN Consolidation
SGI SERVICE LANSGI SERVICE LAN
Gi FirewallCGNAT
IoT FirewallDDoS
DNS Firewall
Tra�c SteeringDPI and Analytics
TCP OptABR Video OptURL Filtering
WIRELINE, CABLE, AND WIFI ACCESSWIRELINE CABLE AND WIFI ACCESS
DSL/FTTxCable
WiFiSERVICE LANSERVICE LAN
DPI & AnalyticsCGNAT
URL FilteringDNS Firewall
ENTERPRISEENTERPRISE
ADC & Security Services
CPEEnterpriseData Center
VNF
BNG/CMTS
VNF
GTP FirewallDiameter Firewall
INTERCONNECTINTERCONNECT
GRX/IPXMVNOMVNO
EPC & IMSEPC & IMS
Diameter & SIP Session Director
HSS, PCRF,OCS X-CSCF, SBC
TELCO CLOUD & NFV MICROSERVICES IOT PLATFORM
DATA CENTER SECURITY
Service providers are continually expanding their network to accommodate rapid deployment of data center-based services, ongoing adoption of 4G and 5G technologies, and higher customer demand for video and content streaming.
In addition to impacting service quality and increasing capital and operational expenses, these changes strain the security architecture’s ability to handle an increasingly sophisticated threat landscape. You need solutions that enable growth without sacrificing reliable, scalable security.
You can partially address these concerns in the data center with specific security measures:
DATA CENTER SECURITY
A COMPREHENSIVE DATA CENTER STRATEGY CAN PROVIDE VISIBILITY AND CONTROL THROUGHOUT ISO LAYERS 4 THROUGH 7.
leveraging granular connectivity control, security functionality, and end-to-end protection against DDoS and other attacks.
• Implement data-center security best practices—Deploy cohesive, integrated solutions that protect targeted network elements, the DNS infrastructure, devices, and applications. Key capabilities to apply include application health monitoring, a web application firewall, web access controls, web acceleration, and broad Secure Sockets Layer (SSL) support including inspection and offload.
FIGURE 2Multi-layered data center security including DNS, firewall, and DDoS protection
PROTECT EVERY STRATEGIC CONTROL POINT
5
support and interoperate with IPv4 devices and content. In addition, CGNAT can provide flexible, high-speed logging capabilities.
types of attacks. This would be handled via specialized hardware that accelerates DDoS protection.
• Intelligent DNS firewall—Shield the DNS infrastructure from infected subscribers and undesired DNS queries/responses by leveraging an intelligent DNS firewall. Service providers use DNS to enable subscriber access to critical services and web applications. If DNS is unavailable, services will fail to function properly, leading to network and service degradation or failures. An intelligent DNS firewall can inspect and validate protocols while dropping invalid requests or refusing to accept unsolicited responses.
• CGNAT—Carrier-grade NAT (CGNAT) capabilities offer high-performance, highly scalable tools that enable you to successfully migrate to IPv6 while continuing to
MOBILE ACCESS
RAN
MOBILE ACCESS
RAN
SGW PGWEPC n
EPC 2
EPC 1
•••
ACCESS NETWORK
SGi-LAN Consolidation
Gi FirewallCGNAT
IoT FirewallDDoS
DNS Firewall
Tra�c SteeringDPI and Analytics
TCP OptABR Video OptURL Filtering
DSL/FTTxCable
WiFi
DPI & AnalyticsCGNAT
URL FilteringDNS Firewall
CONTROL PLANE
ADC & Security Services
CPEEnterpriseData Center
DATA CENTER SERVICES
CloudServices
PUBLIC CLOUD
GTP FirewallDiameter Firewall
INTERCONNECT
Cloud-Based Security Services
GRX/IPXMVNO
INTERNET
CLOUD
VNF
DNS LB,Cache & Firewall
LDNS Resolver
EPC & IMS
Diameter & SIP Session Director
HSS, PCRF,OCS X-CSCF, SBC
ADC & Security Services
TRADITIONAL IT
+Partners
+Partners
Flow Collector,DDoS Scrubber
+Partners+Partners+Partners
+Partners
Virtual L4–L7 Services
TELCO CLOUD & NFV
vCPE vDNS vGi-LAN
VNF
Container Connector for N-S L4-L7 Services
MICROSERVICES
MQTT Tra�c Management &
Security
IOT PLATFORM
BNG/CMTS
VNF
SILVERLINE
EPC & IMSEPC & IMS
Diameter & SIP Session Director
HSS, PCRF,OCS X-CSCF, SBC
GTP FirewallDiameter Firewall
INTERCONNECTINTERCONNECT
GRX/IPXMVNOMVNO
CLOUD
Cloud-BasedSecurity Services
SILVERLINESILVERLINE
CloudServices
PUBLIC CLOUDPUBLIC CLOUD
+Partners
ADC & Security Services
TRADITIONAL ITTRADITIONAL IT
+Partners+Partners+Partners
Virtual L4–L7 Services
TELCO CLOUD & NFVTELCO CLOUD & NFVLO
vCPE vDNS vGi-LAN
VNF
Container Connectorfor N-S L4-L7 Services
MICROSERVICESMICROSERVICESE
MQTT Tra�cManagement &
Security
IOT PLATFORMIOT PLATFORMA
ANALYTICS DNS DDOSMOBILE EDGE AND CORE
WIRELINE, CABLE, AND WIFI ACCESS
ENTERPRISE
GTP & DNSSESSION DIRECTOR
EPC NETWORK SLICING SGI SERVICE LAN
SERVICE LAN
NETWORK EDGE/SGI-LAN SECURITY
The network edge/SGi-LAN is a crucial network segment in which IoT services meet the network infrastructure. A multi-faceted approach can provide security at the network edge/SGi-LAN and help you manage risks posed by the growing diversity of online devices.
• Advanced firewall—An advanced firewall located at the network edge/SGi-LAN can defend your network infrastructure and subscribers from attacks, regardless of the source. This capability includes mitigation of large-scale DDoS attacks. In a mobile network, an advanced SGi firewall can prevent congestion and overloading of the control and bearer planes by detecting and stopping these
YOU NEED A MULTI-FACETED APPROACH TO PROVIDE SECURITY AT THE NETWORK EDGE/SGI-LAN.
NETWORK EDGE/SGI-LAN SECURITY
FIGURE 3Multi-layered network edge security including DNS, firewall, DDoS, and CGNAT
• Managed Security—You can also provide your enterprise customers with managed security services at the network edge/SGi-LAN by leveraging high-throughput capable DDoS mitigation hardware and other advanced security capabilities.
PROTECT EVERY STRATEGIC CONTROL POINT
6
• General Packet Radio Service Tunneling Protocol (GTP)
security solutions—GTP security solutions can scale and protect both control and data plane traffic while implementing FS.20 protections on roaming traffic. Protections include the ability to filter many aspects of the GTP control protocol per roaming partner, such as access point names (APN), information elements, and message types. Invalid and malformed messages can be blocked or reported, and tunnels with an unknown tunnel endpoint identifier (TEID) can be blocked.
MOBILE ACCESS
RAN
MOBILE ACCESS
RAN
SGW PGWEPC n
EPC 2
EPC 1
•••
ACCESS NETWORK
SGi-LAN Consolidation
Gi FirewallCGNAT
IoT FirewallDDoS
DNS Firewall
Tra�c SteeringDPI and Analytics
TCP OptABR Video OptURL Filtering
CONTROL PLANE
DATA CENTER SERVICES
CloudServices
PUBLIC CLOUD
GTP FirewallDiameter Firewall
Cloud-Based Security Services
GRX/IPXMVNO
CLOUD
VNF
EPC & IMS
Diameter & SIP Session Director
HSS, PCRF,OCS X-CSCF, SBC
ADC & Security Services
TRADITIONAL IT
+Partners
+Partners+Partners+Partners
+Partners
Virtual L4–L7 Services
TELCO CLOUD & NFV
vCPE vDNS vGi-LAN
VNF
Container Connector for N-S L4-L7 Services
MICROSERVICES
MQTT Tra�c Management &
Security
IOT PLATFORM
SILVERLINE
Cloud-BasedSecurity Services
SILVERLINESILVERLINE
CloudServices
PUBLIC CLOUDPUBLIC CLOUD
+Partners
ADC & Security Services
TRADITIONAL ITTRADITIONAL IT
+Partners+Partners+Partners
Virtual L4–L7 Services
TELCO CLOUD & NFVTELCO CLOUD & NFVLO
vCPE vDNS vGi-LAN
VNF
Container Connectorfor N-S L4-L7 Services
MICROSERVICESMICROSERVICESE
MQTT Tra�cManagement &
Security
IOT PLATFORMIOT PLATFORMA
ANALYTICSMOBILE EDGE AND CORE
GTP & DNSSESSION DIRECTOR
EPC NETWORK SLICING SGI SERVICE LAN
WIRELINE, CABLE, AND WIFI ACCESS
DSL/FTTxCable
WiFiSERVICE LAN
DPI & AnalyticsCGNAT
URL FilteringDNS Firewall
ENTERPRISE
ADC & Security Services
CPEEnterpriseData Center
BNG/CMTS
VNF
WIRELINE, CABLE, AND WIFI ACCESSWIRELINE CABLE AND WIFI ACCESS
DSL/FTTxCable
WiFiSERVICE LANSERVICE LAN
DPI & AnalyticsCGNAT
URL FilteringDNS Firewall
ENTERPRISEENTERPRISE
ADC & Security Services
CPEEnterpriseData Center
BNG/CMTS
VNF
INTERNET
DNS
DNS LB,Cache & Firewall
LDNS Resolver
+Partners
DDOS
Flow Collector,DDoS Scrubber
DNSDNS
DNS LB,Cache & Firewall
LDNS Resolver
+Partners
DDOSDDOS
Flow Collector,DDoS Scrubber
INTERCONNECT
ROAMING INTERCONNECT SECURITY
IP-based mobile networks are inherently susceptible to security attacks that are increasing both in volume and diversity. Equally troublesome are signaling storms associated with operational issues or due to malicious attacks. Roaming agreements and third-party content providers complicate the situation by adding outside network connections. Several specific policies and measures can help to reduce roaming interconnect security risks.
• Consolidated diameter signaling platform—You can help protect against signaling security threats with a
TO BLOCK ROAMING ATTACKS FROM PENETRATING YOUR INFRASTRUCTURE, YOUR ENTIRE NETWORK MUST BE PROTECTED.
consolidated diameter signaling platform. This helps to ensure that attacks from the roaming environment do not penetrate your network.
ROAMING INTERCONNECT SECURITY
FIGURE 4Roaming interconnect security including Diameter and GTP security
PROTECT EVERY STRATEGIC CONTROL POINT
7
DATA CENTER SERVICES
CloudServices
PUBLIC CLOUD
ADC & Security Services
TRADITIONAL IT
+Partners+Partners+Partners
+Partners
Virtual L4–L7 Services
vCPE vDNS vGi-LAN
VNF
Container Connector for N-S L4-L7 Services
MQTT Tra�c Management &
Security
TELCO CLOUD & NFV MICROSERVICES IOT PLATFORM
MOBILE ACCESS
RAN
MOBILE ACCESS
RAN
SGW PGWEPC n
EPC 2
EPC 1
•••
ACCESS NETWORK
SGi-LAN Consolidation
Gi FirewallCGNAT
IoT FirewallDDoS
DNS Firewall
Tra�c SteeringDPI and Analytics
TCP OptABR Video OptURL Filtering
DSL/FTTxCable
WiFi
DPI & AnalyticsCGNAT
URL FilteringDNS Firewall
ADC & Security Services
CPEEnterpriseData Center
VNF
BNG/CMTS
VNF
MOBILE EDGE AND CORE
WIRELINE, CABLE, AND WIFI ACCESS
ENTERPRISE
GTP & DNSSESSION DIRECTOR
EPC NETWORK SLICING SGI SERVICE LAN
SERVICE LAN
CONTROL PLANE
GTP FirewallDiameter Firewall
INTERCONNECT
GRX/IPXMVNO
INTERNET
CLOUD
EPC & IMS
Diameter & SIP Session Director
HSS, PCRF,OCS X-CSCF, SBC
ANALYTICS
+Partners
EPC & IMSEPC & IMS
Diameter & SIP Session Director
HSS, PCRF,OCS X-CSCF, SBC
GTP FirewallDiameter Firewall
INTERCONNECTINTERCONNECT
GRX/IPXMVNOMVNO
DNS LB,Cache & Firewall
LDNS Resolver
DNS
+Partners
Flow Collector,DDoS Scrubber
DDOS
Cloud-Based Security Services
SILVERLINE
HYBRIDIZE YOUR SECURITY ENVIRONMENT MULTI-TIER DDoS MITIGATION
The ability to Instantly upgrade, move, modify, and spin up or spin down services is a service provider’s holy grail. Leveraging virtualized network functions is how you will get all of that done, but becoming fully virtualized will be an evolution.
Security is one area that is often best served by hardware options in production environments due to the requirements of high-bandwidth applications. But dedicated-hardware solutions can be expensive. Hybrid hardware/software strategies blend high performance, flexibility, and cost effectiveness to optimize your investments.
BLEND HIGH PERFORMANCE, FLEXIBILITY, AND COST EFFECTIVENESS TO OPTIMIZE YOUR INVESTMENT.
A software firewall is commonly used in the data center, but a hardware firewall is typically deployed at the SGi-LAN or network edge to provide enhanced security performance.
A best practice for optimizing network security against sophisticated attacks is to apply a hybrid of dedicated hardware and virtualized capabilities in a multi-tiered architecture. Consider a three-tiered DDoS mitigation scheme:
• The first tier of defense would be aimed at mitigating volumetric attacks that occur inside the service provider network. When volumetric attacks are detected, the routers are instructed to drop traffic or redirect it to a “scrubbing center” featuring dedicated high-throughput hardware that will clean the traffic and reinject it into the data path.
• The second tier of defense is an inline solution that is either deployed as a clean pipe service on the customer premises
(for an enterprise), or at the service provider data center in front of application servers and control plane elements.
• For off-net subscribers, a third tier can be delivered by F5® Silverline™, our cloud-based DDoS mitigation service. This service mitigates against attacks aimed at saturating peering and/or transit links. No “on-network” solution can isolate an attack that saturates incoming peering links.
DDOS MITIGATION STRATEGY EXAMPLE
FIGURE 5Hybrid security including out-of-path (control plane), inline, and cloud-based (Silverline) DDoS
PROTECT EVERY STRATEGIC CONTROL POINT
8
Two important capabilities can help secure your IoT landscape:
• Device-aware IoT firewalls—Device- and subscriber-aware IoT firewalls enable mobile operators to manage and control security policies via the SGi-LAN on a per-IoT-device basis. With such devices, you can use a single IoT
MOBILE ACCESS
RAN
MOBILE ACCESS
RAN
SGW PGWEPC n
EPC 2
EPC 1
•••
ACCESS NETWORK
SGi-LAN Consolidation
Gi FirewallCGNAT
IoT FirewallDDoS
DNS Firewall
Tra�c SteeringDPI and Analytics
TCP OptABR Video OptURL Filtering
DSL/FTTxCable
WiFi
DPI & AnalyticsCGNAT
URL FilteringDNS Firewall
ADC & Security Services
CPEEnterpriseData Center
VNF
BNG/CMTS
VNF
MOBILE EDGE AND CORE
WIRELINE, CABLE, AND WIFI ACCESS
ENTERPRISE
GTP & DNSSESSION DIRECTOR
EPC NETWORK SLICING SGI SERVICE LAN
SERVICE LAN
CONTROL PLANE
DATA CENTER SERVICES
CloudServices
PUBLIC CLOUD
GTP FirewallDiameter Firewall
INTERCONNECT
Cloud-Based Security Services
GRX/IPXMVNO
INTERNET
CLOUD
DNS
DNS LB,Cache & Firewall
LDNS Resolver
EPC & IMS
Diameter & SIP Session Director
HSS, PCRF,OCS X-CSCF, SBC
ADC & Security Services
ANALYTICS
+Partners
+Partners
DDOS
Flow Collector,DDoS Scrubber
+Partners+Partners+Partners
+Partners
Virtual L4–L7 Services
TELCO CLOUD & NFV
vCPE vDNS vGi-LAN
VNF
Container Connector for N-S L4-L7 Services
MICROSERVICES
MQTT Tra�c Management &
Security
SILVERLINE
+Partners+Partners
Virtual L4–L7 Services
TELCO CLOUD & NFVTELCO CLOUD & NFV
vCPE vDNS vGi-LAN
VNF
Container Connectorfor N-S L4-L7 Services
MICROSERVICESMICROSERVICES
CloudServices
PUBLIC CLOUDPUBLIC CLOUD
+Partners
Cloud-BasedSecurity Services
SILVERLINESILVERLINE
DNSDNS
DNS LB,Cache & Firewall
LDNS Resolver
EPC & IMSEPC & IMS
Diameter & SIP Session Director
HSS, PCRF,OCS X-CSCF, SBC
+Partners
DDOSDDOS
Flow Collector,DDoS Scrubber
GTP FirewallDiameter Firewall
INTERCONNECTINTERCONNECT
GRX/IPXMVNOMVNO
CLOUD
TRADITIONAL IT IOT PLATFORM
IOT RISKS AND OPPORTUNITIESThe explosive growth of IoT is driving digital transformation toward a connected society. Gartner forecasts that there will be at least 20.4 billion connected devices worldwide by 2020.4 5G will be a key wireless technology that supports the continued evolution of IoT.
Billions of diverse devices are already flooding IoT with real-time communications. These communications expose network vulnerabilities, but with the emergence of even more advanced mobile and fixed-network capabilities, the volume and variety of attacks will only increase. Every device carries the potential to become a target for hackers and denial-of-service attacks.
EVERY DEVICE CARRIES THE POTENTIAL TO BECOME A TARGET FOR HACKERS AND DENIAL-OF-SERVICE ATTACKS.
access point name (APN) to aggregate a wide variety of use cases, avoiding network redesigns and simplifying service rollout.
• IoT MQTT traffic management and security—Integrated SSL offloading, Message Queuing Telemetry Transport (MQTT) message validation, MQTT message transformation, and intelligent MQTT load balancing are all techniques that can enhance your ability to protect resource availability and data security on your network. The objective is to scale and secure IoT brokers, platforms, and applications.
MANAGING IOT RISKS IN THE NETWORK
4 https://www.gartner.com/newsroom/id/3598917
FIGURE 6IoT security including IoT firewalls and MQTT traffic management and security
F5 has the expertise and experience to help you navigate the uncertainties and demands
of your changing landscape. We are driven to provide industry-leading service provider
solutions that help you address traffic management, network function virtualization,
advanced mobile architectures, cable and fixed networks, and infrastructure security.
Our proven ability to deliver high-performance enterprise IT capabilities informs the way
in which we address every service provider-focused concern and requirement.
We’re here to help you make the best infrastructure choices and to deploy the most
cost-effective, secure, and robust solutions possible.
Learn about our comprehensive approach to securing
service provider networks F5.com/serviceprovider.
OUR SERVICE PROVIDER COMMITMENT.
US Headquarters: 401 Elliott Ave W, Seattle, WA 98119 | 888-882-4447 // Americas: [email protected] // Asia-Pacific: [email protected] // Europe/Middle East/Africa: [email protected] // Japan: [email protected] ©2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, expressed or implied, claimed by F5. EBOOK-SP-243323203 | 7.18
