ZTE’s Software-Defined Security Solution for 5G Networks

ZTE’s advanced persistent threat (APT) solution has been completely virtualized for 5G networks. The system works at the virtual machine level to detect attacker-injected malware residing inside guest machines. Essentially, ZTE has developed a deep software inspection mechanism (user security logs and network traffic) that can provide real-time threat analysis. In parallel, the system leverages big data analysis at scale, and is able to handle multi-terabytes of data per day, which has a strong appeal for large-scale infrastructure and service providers. The solution is already being leveraged by all three leading mobile service providers in China, where it has won a number of national technology awards. Further, the technology has been submitted and published as an International Telecommunications Union (ITU) Recommendation (ITU-T X.1218: Requirements and guidelines for dynamic malware analysis in a sandbox environment) in the field of unidentified threat detection and prevention.

The core detection engine of ZTE’s solution creates a separation between the virtual environment where malware is running from the rest of the operating environment. Using the engine, ZTE thoroughly inspects the malware behavior using only machine-layer data rather than analyzing event operating system data. As such, there is no dependence on data provided by operating systems, which is the current method of APT threat analysis today. ZTE takes into account instruction-level analysis of software execution exceptions, capturing both code-injection attacks and code-reuse attacks. Significantly, ZTE has designed the system so that it can also adapt to advanced micro service architecture, which is key for the ultimate cloud-based infrastructure that will dominate 5G networks. Users will be able to deploy the system on the fly and customize it based on preferences.

The software and cloud-based nature of 5G networks requires a new approach to network security, a market which has focused heavily on hardware-based security appliances. There are higher traffic and user equipment download bandwidth requirements, as well as many more elastic features that require high throughput and reliability as well as low latency. Software-defined technologies can provide security solutions that are highly programmable and performant.

Systems such as ZTE’s APT Detection Solution fit right into that new architecture. Also, it is part of a larger effort that ZTE has put in place to ensure software-defined security is a key component of its 5G network portfolio. Underscored by hardware acceleration units, it has built a virtualized security resource pool in the form of a distributed cluster architecture, with security functions (such as virtual firewalls, virtual VPNs, and virtual IPS systems) operating on multiple virtual machines simultaneously. This novel security resource pool is programmable in the sense that control and forwarding functions have been separated, allowing for dynamic deployment, flexible orchestration, and automated scaling, depending on needs.

For 5G network settings, these types of programmable and flexible infrastructures are key to secure network slices or micro-services that may need to be spun up or scaled quickly to meet end user demands. From a business model perspective, this becomes the most cost-effective way to create security customization without expanding heavily on hardware capex.

The network security industry has been focused on developing solutions that can adapt to new 5G network demands. While 5G stand-alone is still a few years away, it is key for stakeholders to ensure that they can offer compelling software-defined and service-enhanced solutions. The 5G network security market is expected to be worth US$9 billion by 2025, and 75% of that opportunity will be in software and services. Network equipment providers (NEP), such as ZTE, are in a position of strength today, leveraging their traditional relationships with communication service providers (CSP). But going forward, they will face increased and aggressive competition from hyperscalers who excel in virtualized and cloud environments. With the enterprise market being the most lucrative opportunity for selling security for 5G stand-alone (especially in a private network scenario), the competitive advantage of hyperscalers in this target space is significant. NEPs and CSPs will have to work hard and smart to become value-added providers or risk remaining simply dumb pipes.