Communication service providers (CSPs) are building next-generation networks, such as 5G and NB-IoT, to accommodate the fast growing number of devices that integrate with the internet of things (IoT). But with these developments come more risks, threats, and other concerns related to IoT security. To help address these concerns, CSPs can adopt network function virtualization (NFV) not only to reduce costs and improve service delivery but also to enable security solutions using technologies such as virtualization, standard servers, and open software.
Designed especially for carrier NFV environments, Trend Micro Virtual Network Function Suite™ (VNFS) provides flexible, reliable, and high-performance virtual network security for CSPs from the core network to the edge. VNFS features virtual patching and cloud-based intelligence to shield IoT devices from exploit attacks and block unwanted connections from network scanners or compromised devices. Dealing specifically with IoT security concerns, VNFS is equipped with these features:
VNFS uses proven deep packet inspection (DPI) technology as the basis for many network security functions, including intrusion prevention, URL filtering, and application control. CSPs can enable all of these capabilities through a single virtual network function (VNF) or flexibly enable them in different VNFs, depending on specific use cases and requirements.
The unified DPI engine in VNFS checks network packets and performs selected functions in a single scan, eliminating the performance impact of checking the same network packets in repetitive cycles with multiple engines. To reach maximum throughput, it also leverages the data plane development kit (DPDK), a program library designed specifically for packet processing.
As traffic volume increases and demands more and more resources, VNFS works with MANO (management and orchestration system of NFV architecture) to provide new VNF instances that increase the processing capability. Later, some VNF instances can terminate as the workload decreases, releasing infrastructure resources to perform other functions. This ability to scale also allows for quick replacement of any abnormal VNF instance to maintain the service and ensure continuity.
CSPs can rely on Trend Micro, which has an industry-leading track record going back over 30 years, to deliver and maintain the very best IoT security solutions far into the future. The Trend Micro™ Smart Protection Network™ infrastructure already uses big data analytics to continuously process more than 15 terabytes of data gathered from around the world every day, so CSPs consistently get reliable protection against the latest threats.
To achieve the highest levels of reliability and interoperability, Trend Micro has integrated its IoT security solutions with a wide variety of NFV ecosystem partners, including hardware vendors, system platform vendors, MANO vendors, and telecommunication equipment manufacturers (TEMs).
An increase in threats to and attacks on IoT devices is expected as carriers and their customers switch to faster 5G networks. In the 5G era, VNFS can be effective as a network security solution. Through VNFS, security functions such as unauthorized-access detection and blocking of threats between devices and carrier cloud platforms can be implemented. By enhancing network security on their cloud platforms, carriers can be equipped with long-term security for devices while reducing the cost of security measures for their customers.
It is often difficult to install and update protection systems on IoT devices. The defense line must start at the telecommunication data center in order to effectively and efficiently provide protection. In combination with the security network at a carrier’s mobile data center, VNFS can detect hacking activities and malicious connections in real time and notify users to take protective measures and strengthen client information safety. As a result, VNFS can help protect widely deployed IoT devices effectively and efficiently, and secure IoT application users’ safety.
VNFS can be integrated into the mobile core network (i.e., in-line deployment) to provide network security and parental control services, filtering improper web content for mobile device users.