Artificial intelligence and machine learning systems may help 5G cloud providers detect the presence of sophisticated attackers and other security incidents, according to new guidance from the National Security Agency.
In a report published on Thursday, the intelligence agency said that while technology providers would have to balance data confidentiality requirements with the ability to inspect network traffic, sophisticated real-time continuous monitoring may be crucial in detecting the malicious use of cloud resources.
“Stakeholders at all layers of the 5G cloud stack should leverage an analytic platform to develop and deploy analytics that process relevant data (cloud logs and other telemetry) available at that layer. The analytics should be capable of detecting known and anticipated threat, but also be designed to identify anomalies in the data that could indicate unanticipated threat,” the agency said in the document.
5G cloud refers to cloud-native services that are paired with the benefits of 5G networks.
The NSA detailed the potential use of AI monitoring systems in the first part of a new four-part report series it is publishing to provide guidance for 5G network stakeholders, including service providers and systems integrators.
Also in the report, the NSA outlined key security protocols that cloud providers should follow to prevent and detect lateral movement in the 5G networks by adversaries. These include the implementation of secure identity and access management, the speedy patching of any n-day and 0-day vulnerability, and the secure configuration of networking within the 5G cloud.
NSA recommends also that communications between network functions on 5G networks be isolated. According to the intelligence agency, this is especially important because of the significant increase in communications sessions between network elements on a 5G network, compared with a 4G network.
The guidance from NSA follows preliminary analysis and threat assessment carried out by a cloud working panel earlier this year, which concluded that the top 5G cloud infrastructure security challenges could be divided into four parts.
NSA will in short order publish the remaining three parts of the series, which are focused on: securely isolating network resources, protecting data in transit, in use and at rest, and ensuring the integrity of infrastructure.