With the evolution of LTE, LTE-Advanced, and 5G, mobile network architectures are becoming more IP-based. While these new technologies push the performance of wireless cellular networks to new levels, they also increase the attack surface, opening mobile networks, devices, and customers to a host of sophisticated threats. Adding to the challenge, recent innovations including VoLTE and VoWiFi combined with the business imperative to deliver services rapidly, accelerate the need to secure critical “network edge” interfaces and protect the Evolved Packet Core (EPC).

  • To protect against increasing risks and new vulnerabilities from cyber-attacks, mobile operators can deploy comprehensive mobile network solutions to secure their Gi/SGi (internet edge) as well Security Gateway (SecGW) to protect the perimeter between the RAN and the EPC.

Next-Generation Security Gateway solutions for secure mobile backhaul

Cisco is introducing Security Gateway (SecGW) solutions for secure mobile backhaul across physical and virtual environments. Building upon earlier Cisco SecGW offerings, Cisco now offers new SecGW capabilities on physical appliances including Firepower™ 9300, Firepower 4100 Series, ASR 900 Series, as well as virtual form factors on ASAv.

As Mobile Service Providers evolve their macro networks, they also increase the attack surface, specifically:

  • Unsecured backhaul is a primary vector for the risk, but your data has the potential to be compromised at any stage in transmission between the mobile device and EPC.
  • The proliferation of cell towers present an explosion in the number of staging points malicious actors can use to bring down your network.

To protect against these types of threats, mobile operators need a SecGW solution that authenticates and encrypts traffic from the node to protect the EPC and reduce the potential for network disruption and traffic interception.

With Cisco SecGW solutions service providers get the following unique capabilities and benefits:

  • Clustering technology on Firepower enables mobile operators to scale high-throughput IPsec and security gateway functionality across multiple processing modules on Firepower 9300 or across multiple Firepower 4100 Series platforms as needed, to predictably scale as your networks grow
  • Optimized security gateway performance reduces rack space, power, and cooling costs.

Gi/SGi Next-Generation Firewall to secure the internet edge

IP-based elements of your mobile network leave you exposed to a wide range of IP-based attacks. Cisco is offering a new approach to security to combat these threats, protecting data flows and workloads with a consistent security policy for physical and virtualized infrastructures. It includes Cisco’s carrier-class threat defense services together with complementary, tightly integrated services, like DDoS mitigation.

Our next-generation Gi/SGi Firewall solution, on Cisco Firepower 9300 and Firepower 4100 Series, are threat-centric solutions purpose-built to evolve with your network.

Gi/SGi Firewall capabilities include:

  • Software-Defined Networking (SDN)

Stateful firewall:

  • Comprehensive Layer 3 and 4 infrastructure protection
  • Carrier-grade NAT
  • General Packet Radio Service (GPRS) Tunneling Protocol version 2 (GTPv2) inspection
  • Stream Control Transmission Protocol (SCTP) inspection
  • Diameter application inspection

Cluster up to 5 Firepower 9300 chassis or up to 16 Firepower 4100 series chassis to scale performance of both the control-plane as well as the data-plane.

Come to the Cisco booth #3E30 in Hall 3 at Mobile World Congress to learn more about how these two network security solutions can enable you to move down the road to 5G with confidence.


Sam Rastogi

Senior Product & Solutions Marketing Manager