At the 41st GTI Workshop, held from November 24-26 in Nanning, Guangxi, industry leaders gathered to discuss emerging trends and challenges in the telecom sector. Among the standout contributions was China Mobile’s presentation on its innovative "Built-in Micro-Segmentation Plus" solution for fine-granularity segmentation in 5G networks.
Jie Ma, Project Manager at China Mobile, outlined how this approach addresses escalating security challenges in increasingly decoupled and virtualized telecom environments. The evolution from 2G to 5G has seen continuous security advancements, including user authentication, signalling encryption, and network equipment security assurances. Yet, 5G's service-based architecture introduces new risks due to decoupled hardware, software, and virtualization layers, leaving networks vulnerable to lateral movement attacks.
China Mobile highlighted how the traditional security measures, such as firewalls and SDN gateways, provide perimeter protection but fail to address internal threats within a security domain. The decoupling of hardware, virtualization, and services in 5G—and even more in future 6G networks—exponentially increases the internal attack surface.
To mitigate these risks, China Mobile proposed the "Built-in Micro-Segmentation Plus" solution, which:
- Monitors and Segments Internal Traffic: Enables segmentation at virtual machine (VM), container, and service levels, isolating unauthorized traffic and preventing lateral attacks.
- Real-Time Attack Awareness: Integrates advanced traffic visualization and monitoring capabilities, identifying 15 types of potential attacks.
- Policy-Driven Security: Uses a central management centre to define and enforce granular security policies across the network.
- Enhanced Reliability: Incorporates features like hot backup, disaster recovery, and automated failure detection for uninterrupted service.
This innovative approach enables fine-granularity segmentation that extends security beyond the domain perimeter into the internal network fabric, addressing gaps left by traditional solutions.
In 2023, China Mobile successfully piloted the solution, validating capabilities like asset management, security policy management, and critical file tampering detection. The company plans to expand deployment across 200,000 virtual machines in its 5G core network by the end of 2024, aiming to set a benchmark in securing next-generation telecom infrastructure.
The presentation from China Mobile is embedded below and the slides can be downloaded from here:
China Mobile’s "Built-in Micro-Segmentation Plus" exemplifies how operators can proactively tackle the security challenges posed by 5G and beyond. By integrating advanced segmentation and attack awareness capabilities, the proposal strengthens the telecom ecosystem’s resilience against evolving threats.
As the telecom industry moves forward, this solution not only highlights the importance of innovative security strategies but also underscores the collaborative efforts needed to secure the digital future.
Related Posts:
- Operator Watch Blog: A Billion for China and China Mobile
- Operator Watch Blog: World's Largest Mobile Networks by Data Traffic - Q1 2024
- Free 6G Training: China Mobile's view of how to define a 6G Network
- Operator Watch Blog: China Mobile Talks About Orchestration and Automation
- Operator Watch Blog: World's Largest Mobile Networks by Data Traffic - March 2021
- Telecoms Infrastructure Blog: The Myths and Facts of O-RAN Whitebox
- Free 6G Training: China Mobile on the 5G/6G Connectivity Transformation for Sustainability
- Operator Watch Blog: China Mobile on The Next Phase of 5G: Progress, Challenges, and Opportunities
- Operator Watch Blog: China Mobile Establishing "5G+" Competitive Advantages
No comments:
Post a Comment