5G is now not an thought. It’s right here, and it’s reshaping how service suppliers construct, function, and safe their networks. Workloads are transferring to the sting, latency is changing into important, and attaining versatile, adaptive safety has by no means been tougher.
At Cisco, we’re leveraging our platform benefit to unravel these issues with modern architectures. Over the previous couple of years, we have now been laborious at work—reshaping how we strategy the evolving wants of cellular infrastructure safety. A few of what I’ll share is already reside with clients, and a few is nonetheless being examined internally.
This isn’t a product launch or a roadmap. It’s only a glimpse into what’s retaining us busy and why I’m so enthusiastic about what’s coming subsequent.
Safety Gateway: Designed for Scalability
Let’s start with the Safety Gateway.
We’ve already shipped distributed VPN on the Cisco Safe Firewall 4200 Sequence platform, with assist coming quickly to the Cisco Safe Firewall 6100 Sequence. This permits massive IPsec tunnels to be unfold throughout a number of cluster members (as much as 16), offering near-linear scalability.
We additionally launched loopback tunnel termination, which simplifies underlay routing and fault tolerance. When speaking to our service supplier shoppers, a recurring theme we hear from them is their seek for new 5G use circumstances to generate income. This naturally pushes workloads nearer to the sting, whether or not on telco cloud or public cloud.
For Open RAN deployments, Cilium CNI from Isovalent, now a part of Cisco, supplies native encryption on the OS layer throughout Kubernetes pods. For prime-performance IPsec VMs, our three-year partnership with NVIDIA continues to ship. We’re seeing spectacular ends in crypto offload and stream acceleration, and with some tuning, our Safe Firewall Risk Protection Digital equipment can carry out even higher when high efficiency is important.
Securing the Signaling Layer
The signaling layer in cellular networks stays some of the difficult elements to safe. Like the remainder of the business, we’re repeatedly enhancing our inspection and filtering capabilities for GTP, Diameter, and SCTP, aligning with the most recent 3GPP and GSMA requirements.
We purpose to include location-aware Diameter filtering, PFCP inspection… and different superior options, however requirements are now not adequate.
Signaling assaults are changing into extra refined, and SOC and NOC groups require visibility and correlation that surpass fundamental detection.
That’s the place Cisco’s strengths really shine: AI and enormous language fashions supported by community telemetry and Cisco Talos risk intelligence. We’ve began experimenting with our open-source Cisco Basis AI 8B mannequin to perceive whether or not these information sources may also help establish mobile-specific threats. The purpose is to discover how AI can help in recognizing advanced patterns throughout signaling protocols, not as a alternative for present detection strategies however as a complementary strategy.
One other main problem with securing signaling protocols is correlation. A basic instance of this might be linking GTP-C and GTP-U periods, which is notoriously tough as a result of these protocols will not be essentially destined for the identical tools. With the acquisition of Splunk, we’re actively working to simplify and automate this correlation use case for our clients.
GI and N6 Firewall: Enhancing Visibility and Context
Efficiency is important in cellular networks, and our 4200 and 6100 platforms ship the pace and scalability operators want. The 6100 now helps over 80 cases, offering flexibility for giant deployments.
A key differentiator is the Encrypted Visibility Engine, or EVE. It’s perfect for the N6 interface as a result of it will probably detect compromised or contaminated subscribers even in absolutely encrypted visitors, defending each efficiency and consumer expertise.
We’re coaching EVE to acknowledge mobile-specific risk patterns and plan to make its insights shareable by way of APIs so different instruments like DPI methods can make the most of this data. We’re additionally exploring methods to make firewall insurance policies extra “mobile-aware.” One of many methods we’re in a position to obtain that is by utilizing eBPF instruments to hint artifacts, corresponding to IMSI and IMEI, from the packet core. By coupling eBPF with firewall expertise, we are able to obtain extra granular firewall insurance policies.
And naturally, we preserve advancing on CGNAT. At the moment, we supply wonderful efficiency and optimized logging. Within the close to future, we purpose so as to add deterministic NAT and DS-lite together with dashboards in Grafana and Splunk to make monitoring and troubleshooting extra simple.
Packet Core Microsegmentation
Just lately, 3GPP made it a requirement to implement microsegmentation, mTLS, 0Auth, and encryption contained in the packet core. This requirement emphasizes the significance mitigating unauthorized lateral motion as a regular apply, nonetheless, deploying these controls are difficult for a lot of service supplier organizations.
Cilium CNI from Isovalent helps simplify assembly this requirement by offering identity-aware segmentation, mTLS, and 0Auth inbuilt. Operators can apply the required 3GPP controls by means of a single enforcement mannequin, simplifying operations for a lot of service suppliers and serving to them extra simply meet compliance.
With Hypershield quickly to be accessible on-premises and powered by Isovalent runtime safety, we take proactive safety to the following stage by introducing Distributed Exploit Safety. This functionality leverages the Tetragon agent to robotically inform us about vulnerabilities earlier than patches are launched and supply focused compensating controls—a essential benefit to decrease threat publicity the place uptime is important.
Remaining Ideas
As talked about earlier, this isn’t a roadmap or advertising pitch. It’s a window into what Cisco groups are constructing to make cellular infrastructure smarter, safer, and extra resilient.
Some options are already accessible, others are nonetheless in growth, however all purpose to assist service suppliers keep forward of what’s subsequent.
I’ll share extra particulars and reside demos throughout upcoming Cisco Stay periods. Keep tuned, we’re simply getting began.
You may register for Cisco Stay Amsterdam 2026.
We’d love to listen to what you assume! Ask a query and keep linked with Cisco Safety on social media.
Cisco Safety Social Media
LinkedIn
Fb
Instagram
X
