WAN Edge Security Built for LTE and 5G

Reduce attack surface

The vast number of connected devices within each organization means an equally large number of IP addresses within the WAN and an ever-expanding attack surface. Thus, enterprises face the key question of how to reduce their attack surface.

Instead of providing open access, many organizations are minimizing IP address vulnerabilities and subsequent east-west movement by leveraging tools that obscure networks and restrict access. Ericsson NetCloud Exchange uses private network addressing schemes to obscure the network from outside elements, which protects against network intrusions.

Restrict access with ZTNA solution

Organizations that deal with sensitive personal information must not only prevent that information from being stolen but also stop unauthorized access to applications, data, and services — often within strict compliance regulations. Zero Trust Network Access (ZTNA) is a concept that removes default access by requiring automatic ongoing verification and utilizing an adaptive verification policy on a per-session basis. A zero trust strategy through a ZTNA solution uses identity principles and continuous monitoring to limit access to trusted users and devices as needed to protect information.

Use next-gen firewalls, content filtering, and more to safely offer Wi-Fi

Customers expect Wi-Fi and employees depend on it, which means IT departments must provide wireless LAN without allowing unwanted online activity that could compromise network security. The differences between a next-gen firewall vs. traditional firewall are significant, as the former uses much more thorough security features that go beyond the IP address. Deploying cloud-managed routers with a built-in application-aware firewall can help organizations safely provide guest and employee Wi-Fi. Most wireless edge solutions support content filtering services, application-based analytics, and URL reputation filtering through one platform.

Detect and respond to breaches with IDS and IPS

It can take days, weeks, or more for network administrators and IT teams to notice and respond to a network breach. Intrusion prevention and detection systems (IDS and IPS) expedite detection of threats and attacks and minimize long periods of unresolved network breaches. Ericsson’s cloud-managed edge routers support IDS and IPS, and they include an application-aware firewall and comprehensive security dashboards with alerting and log data to help keep administrators informed of attacks.

Deploy flexible private WAN

Businesses and agencies need the ability to securely send encrypted data outside a corporate LAN, via a private WAN. There are various ways to configure and manage a private WAN, each with its own complexities. Ericsson’s NetCloud and cellular broadband routers make some of these options easier.

• VPNs: Industry-standard IP Security (IPsec) for terminating encrypted tunnels on two ends over the public Internet
• NetCloud Exchange Secure Connect: Ericsso’s zero trust network — built for Wireless WAN — that provides faster deployment and management, a drastically reduced network attack surface, and improved scalability in comparison to traditional VPN technology.
• Private Carrier APN: Leveraging a carrier’s private network provisioned to an individual customer, accomplished with SIM cards connected to a private Access Point Name (APN)

Access cloud and SaaS resources securely

With organizations’ resources in cloud and SaaS environments more at risk than ever, IT teams are embracing strategies that place all users under scrutiny. ZTNA and Secure Access Service Edge (SASE) vet users and optimize data flow by inspecting traffic and applying policies based on one set of criteria. SASE — combining SD-WAN and network security capabilities into a single service model — includes Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Firewall as a Service (FWaaS). ZTNA ensures trusted users and traffic connect to cloud-based and SaaS resources with the same restrictions as within organizational zones.

Maintain security while adding 5G into WAN architecture

As organizations continue assessing how 5G fits into their enterprise networking plans, they’re also asking key questions about how they can integrate Wireless WAN use cases without sacrificing security. The cellular transition from 4G to 5G has provided several extra layers of data protection:

• Advanced integrity of the user plane
• Enhanced subscriber privacy
• Expanded roaming security
• Improved core network agility and security
• New authentication framework

Visualize and manage potential security events

Most IT teams are now responsible for a more widely distributed network than ever, which means they need the ability to identify and respond to security problems immediately — without necessarily being on-site. The best cloud-based management platforms provide these two features:

• Security dashboards and automatic alerts: Ericsson’s NetCloud Security Dashboard aggregates intrusion events as well as blocked and allowed web content into an easy-to-read format. When problems are detected, IT teams instantly and automatically receive email notifications that set troubleshooting in motion.
• Security updates and configuration changes: Security patches, updates, and configuration changes can be pushed out to all routers on a network at the same time through Ericsson NetCloud Manager.