MantisNet and Palo Alto Networks Partner to Deliver 5G Security

5G Security with Palo Alto Networks ML-Powered NGFW and MantisNet's Tawon Containerized Visibility Fabric (CVF): a Joint Solution for Establishing Visibility into Subscriber ID and Other 5G Identifiers for N6 NGFW Deployments

July 27th, 2023

Reston, VA  -- MantisNet, the leading developer of cloud-native monitoring and security tools, announced today the joint partnership with Palo Alto Networks to deliver more robust 5G security for Next-Generation Firewall (NGFW) deployments placed outside of the 5G core.

When it comes to securing a mobile network (e.g., 4G or 5G), the firewall is often placed on the perimeter of the network. In a 5G network, this location or interface has a name, and is called the N6 interface. When a Palo Alto Networks Next-Generation Firewall (NGFW) is located on N6, it is challenging for it to know the “who” of each flow, which is needed for an effective Zero Trust security posture. In an enterprise deployment the “who” is answered by User-ID, which is populated by information from Active Directory (AD) and LDAP, but in a mobile network, we often don’t have AD or LDAP. In a mobile network there are other identifiers, which can be used to identify the “who” of each flow. In a 5G network, one of the primary identifiers is the Subscriber Permanent Identity (SUPI). When the NGFW is located on other interfaces other than N6, such as the N3 and N4 interfaces, it has visibility into the SUPI (and other identifiers). On N6, however, it does not, which is where additional information from the 5G Core control plane signaling is needed.

JSBmainpage

In this joint solution, MantisNet’s CVF acts as the probe/sensor layer within the 5G core and extracts 5G identifiers from the messaging between network functions. The CVF agents send these identifiers to the Palo Alto Networks NGFW via the User-ID API. The MantisNet CVF observes the UE attach signaling and at that time uses a Python script to make an API call to the Palo Alto Networks NGFW located on the N6 interface. Upon UE detach from the network, the SUPI to IP address mapping is removed via the User-ID XML API. This provides visibility into the SUPI for all log types. It also allows customers to create differentiated policies using User-ID, where the User-ID values are the SUPIs of the mobile devices.

 

 
Posted by MantisNet on Jul 27, 2023 2:10:31 PM
MantisNet
 
 
 
 
 
 
 
 
 
 
 
 
11160 C1 South Lakes Drive, Suite 190 Reston, VA 20191 (571)306-1234 info@mantisnet.com
© MantisNet 2024