SA and NSA: The Difference Between 5G Architectures

sa-and-nsa-the-difference
Choosing the right 5G architecture is crucial for enhancing operations while keeping scalability and budget in mind. Learn whether SA or NSA is more suitable for your business needs with this article.

1. Introduction to 5G Network Architectures
2. What is 5G SA? 3. What is 5G NSA? 4. Factors to Consider When Choosing Between SA and NSA 5. Conclusion

1. Introduction to 5G Network Architectures

Widespread implementation of 5G is transforming how businesses across verticals operate, providing enhanced speed, low latency, and massive connectivity. The advancements in 5G system architecture enable new use cases, from autonomous vehicles to smart cities.

There are currently two types of 5G network architecture, namely 5G standalone (5G SA) and 5G non-standalone (5G NSA). These two architectures differ in how they connect to the existing 4G infrastructure, the type of equipment required, and the level of network independence. Therefore, understanding the difference between SA and NSA is crucial for companies and organizations implementing 5G architecture.

2. What is 5G SA?

5G SA architecture is an entirely new technology that uses 5G core network architecture, independent of the current 4G LTE network. It has various use cases, such as combining 5G with AI and edge use cases.

2.1 Characteristics of SA Architecture

Independent Network: All components of the architecture, including the 5G core architecture, radio access network, and user equipment, are not reliant on any 4G technology.

High Performance: 5G SA architecture is optimized for high performance and low latency, enabling fast data transfer rates and near-instantaneous response times.

Distributed Architecture: This allows efficient resource allocation and dynamic management of network resources.

End-to-End Encryption: It provides end-to-end encryption, which ensures that data is secure and protected from unauthorized access.

Higher Cost: 5G SA architecture is more expensive to implement than NSA architecture due to the need for a fully independent 5G network infrastructure.

2.2 Benefits of SA Architecture

Low Latency: Applications of 5G that require real-time processing are only possible with SA architecture.

Customization: As SA does not depend on existing network architecture, it can be tailored to company requirements. It also enables network slicing for 5G enterprise private network use cases.

Security: End-to-end encryptions ensure a more secure network, and 5G network slicing keeps various access levels separate.

Scalability: 5G architecture is designed to be highly scalable and handle large volumes of data and devices.

Future-proofing: SA architecture will be able to support upcoming 5G features and capabilities by design.

3. What is 5G NSA?

5G NSA provides a transition into 'true' 5G architecture by incorporating 4G network infrastructure for deployment.

3.1 Characteristics of NSA Architecture

Non-Independent Network: 5G NSA architecture is designed to leverage the existing 4G infrastructure to deliver 5G services.

Transition to SA: NSA offers lower latencies and faster speeds than 4G LTE without deploying 5G architecture.

Integrated Deployment: 5G NSA can be deployed quickly since it integrates existing infrastructure.

Limited Scalability: As it relies on the existing 4G infrastructure, NSA is limited in scaling.

Low Scalability: There is a lower limit on how many devices can join the network and the data volume that can be processed on NSA.

3.2 Benefits of NSA Architecture

Faster Deployment: 5G NSA architecture can be deployed more rapidly than SA architecture.

Easier Integration: 4G integration with existing networks is easier since it uses architecture.

Cost-effective: 5G NSA architecture is generally less expensive to implement as it doesn't require a complete overhaul of the existing infrastructure to a 5G core architecture.

Improvement Over 4G: While not providing the speed and low latency of 'true' 5G, NSA offers significant improvements over 4G networks.

4. Factors to Consider When Choosing Between SA and NSA

4.1 Cost Implications of Each Architecture

SA architecture requires a complete overhaul of the existing infrastructure, which can result in higher infrastructure and deployment costs. However, SA architecture can be more cost-effective in the long run due to its future-proof design and ability to provide greater scalability and customization.

On the other hand, NSA architecture leverages the existing 4G infrastructure, resulting in lower infrastructure and deployment costs. However, upgrading and maintaining an existing 4G network to support 5G technology can be complex and may result in higher operational costs in the long run.

4.2 Future Implications of Each Architecture

SA architecture is designed to be future-proof and scalable, supporting upcoming 5G features and capabilities. This can give organizations greater flexibility and agility to respond to changing business needs and emerging technologies. On the other hand, NSA architecture may be less future-proof and require additional investments in infrastructure and resources to support new 5G features and capabilities.

5. Conclusion

While NSA architecture may offer lower upfront costs and a faster deployment timeline, SA architecture may be more future-proof and scalable in the long run. Choosing the appropriate 5G architecture is a critical determinant for organizations aiming to utilize 5G technology in building a connected industry of the future. Organizations must evaluate their requirements and consider each architecture's short and long-term costs and operational implications before making a decision.

Spotlight

EtherWAN Systems Inc.

EtherWAN Systems, founded in 1996 in Irvine CA, has become a leader in Ethernet connectivity for applications in various markets.Ether WAN's US headquarters are located in Anaheim, CA with Pacific Rim headquarters and manufacturing facility in Taipei, Taiwan...

OTHER ARTICLES
Wireless, 5G

How to Increase Network Security with SD-WAN

Article | May 18, 2023

Network security today is losing the battle and a lot of it is blamed upon the traditional security devices. Imagine running next-gen IT Infrastructure secured by security tools made to secure legacy IT.Data breaches have increased substantially and IT professionals are continuously looking at new ways to improve their network security. In this scenario, SD-WAN emerges as one formidable option to implementthat will bolster your network security. Table of Contents: - What is SD-WAN? - How does SD-WAN work? - What are the main benefits of SD_WAN to network security? - What are the other advantages of SD-WAN? . Let’s dig into it. What is SD-WAN? SD-WAN stands for software-defined wide area network (or networking). A WAN is a connection between local area networks (LANs) separated by a substantial distance—anything from a few miles to thousands of miles. The term software-defined implies the WAN is programmatically configured and managed. So, it can be easily adapted quickly to meet changing needs. How does SD-WAN work? An SD-WAN connects end users to virtually any application, hosted at any location (e.g., in the public cloud or a company data center), via the best available or most feasible transport service, whether that’s an MPLS (Multiprotocol Label Switching), broadband, cellular or even satellite internet link. To deliver this level of flexibility and performance to users in digital workspaces, an SD-WAN utilizes a control function that continuously analyzes traffic flows across the WAN and intelligently directs traffic in accordance with current policies. Centralized control The primary means of control in an SD-WAN is centralized. It often resides in a SaaS application running on a public cloud. Control is decoupled from the hardware to simplify network management and improve the delivery of services. SD-WAN appliances (and virtual appliances) follow operational rules passed down from the central controller. This greatly reduces or eliminates the need to manage gateways and routers on an individual basis. Multi-connection, multi-transport SD-WAN gateways support hybrid WAN, which implies that each gateway can have multiple connections using different transports—MPLS, broadband Internet, LTE, etc. A virtual private network (VPN) is typically set up across each WAN connection for security. Consequently, the SD-WAN can be an overlay spanning a diverse communications infrastructure. Dynamic path selection Another feature of SD-WAN is dynamic path selection—the ability to automatically and selectively route traffic onto one WAN link or another depending on network conditions or traffic characteristics. Packets may be steered onto a particular link because another link is down or not working very well, or to balance network traffic across all available links. SD-WAN can also identify packets by application, user, source/destination, etc. and send them down one path or another based on those characteristics. Policy-based management Policy is what determines where dynamic path selection will steer traffic and what level of priority (quality of service, or QoS) it is given. Business intentions can be implemented as policies via the central management console. New and updated policies are translated into operational rules and downloaded to all SD-WAN gateways and routers under control. For example, to ensure the best performance for VoIP and interactive web conferences, a policy may be created by giving their packets transmission priority and routing them onto low-latency paths. Cost savings can be realized by sending file back-ups across a broadband Internet connection. WAN traffic that requires a high level of security can be restricted to private connections (e.g., MPLS) between sites and required to pass through a robust security stack when entering the enterprise. Service chaining SD-WAN has the ability chain itself together with other network services. WAN optimization (acceleration) is often combined with SD-WAN to improve network and application performance. Internet traffic leaving and entering a branch office may be routed across a VPN to a cloud-base security service to strike a balance between performance, security, and cost. Read more: GET THE MOST OUT OF YOUR SD-WAN: FEATURES YOU NEED TO START USING TODAY What are the main benefits of SD_WAN to network security? Eliminate VPN concerns One of the first areas in which SD-WAN impacts security is when a company uses the internet as a method of transport. Before SD-WAN came along and companies were using internet as a backup or even a primary transport method, they would build a VPN or a DMVPN to ensure secure transport of their traffic. This introduces a couple of issues, the first of which is this proliferation of VPNs that has to be managed. The company must have firewalls sitting at their data center, along with a VPN device or firewall sitting in the remote locations to be able to do these VPNs. Every site is dependent on the effort to be up on the network. - Hamza Seqqat, Director of Solutions Architecture, Apcela Failover is an issue with this VPN approach, he said. Companies can’t seamlessly failover from a fiber-based type of transport without having to strike some keys in between. It's hard and expensive to do seamless failover. “Now you don't have to have firewalls for VPNs. You don't have to worry about building your own VPNs or encrypting your traffic,” Seqqat said. “Every SD-WAN product comes with a controller that takes care of things seamlessly. That means there is this smart software-defined engine that builds all these IPsec tunnels between all the locations as soon as you plug the device in. You're not actually having to build a VPN—the controller does it automatically for you, so all you have to do is give the device an IP address or enable DHCP and let it pick an IP address from the DHCP server. Suddenly it's on the network and its building tunnels to all the sites.” He added that the SD-WAN controller builds a full mesh, so it can talk to every one of the sites without having to go back to the data center. This feature alone can reduce a company’s security footprint significantly because the site-to-site traffic becomes secure, easy, and seamless. Reduce traffic going through security A second significant benefit of SD-WAN that impacts security strategy is that it reduces the amount of traffic that needs to go through security parameters because all site-to-site traffic is encrypted. This makes security a bit easier to manage.“For a lot of companies, when they do VPNs for site-to-site traffic, they have to go through firewalls or some kind of encryption mechanism, and that increases their security footprint. It increases the complexity and the cost of security,” Seqqat said. “SD-WAN changes how traffic is routed through security.” Seqqat gave an example of a site that has a gig worth of bandwidth, and out of that gig of bandwidth, some traffic goes to the internet and some goes to site-to-site. “Without SD-WAN, generally you would have to run that whole gig through a firewall, and the firewall will split the traffic into what goes to the data center and what goes to the internet,” he said. “When you do SD-WAN, you don't have to do that. You can separate the traffic at the SD-WAN with a split tunnel, so you take half of the traffic and push it through the firewall to go to the internet and the other half goes straight site-to-site without having to go through a security parameter. Now you have a firewall to handle 500 megs as opposed to a gig, and that makes a huge difference because most security products are based on throughput and utilization. So, that can bring some cost benefits and ease management as well.” Security inherent to SD-WAN A third area where SD-WAN changes security strategy is the fact that certain security features can be implemented directly through the SD-WAN platform, which reduces costs and complexity in the actual security platform. “This depends on what aspects of security you're talking about,” Seqqat said. “For example, security is included in the Silverpeak SD-WAN product, so the Silverpeak devices really do most of the security for you. You don't have to deploy another firewall on top of that. With Versa’s SD-WAN, you can virtualize the firewall, so there’s no need to deploy physical firewalls.” For sites that simply need very basic security, SD-WAN has some inherent security capabilities. It can do things such as allow and deny certain sites and limit traffic that goes to certain sites. When you look at most SD-WAN products, you can usually kind of steer toward one or another based on your security requirements. Deploying SD-WAN in itself can really eliminate the need for security at several locations or extend the security you have been using. - Hamza Seqqat, Director of Solutions Architecture, Apcela Simplify use of security platforms In his final point, Seqqat said SD-WAN providers are making a lot of progress in partnering with both cloud security providers and cloud service providers. By making traffic encrypted and secure via SD-WAN, security platforms will only have to deal with public internet traffic. “SD-WAN providers are really working towards partnering and certifying different security products,” he said. “Consider Zscaler as an example. Some SD-WAN products automatically route all your traffic through Zscalar, which does a cloud-based security parameter before it goes out to the internet or to cloud service providers.” Seqqat said the most important part comes in the fact that Zscalar is distributed across 35 or 40 data centers that are all security parameters. “Making that routing decision as to what data center your traffic goes through before it goes out to the Internet is extremely important to performance,” he said. “If your Office 365 instance is hosted in Seattle and your users in Europe are trying to reach that, which Zscalar data center the traffic is going to go through before it goes through the Seattle instance of O365 makes all the difference in what latency is going to be at round trip. “SD-WAN provides somewhat of an automation and optimization of how traffic goes through Zscalar data centers based on performance metrics. SD-WAN can pull latency and jitter and packet loss and all that kind of stuff, so there is some intelligence that happens when a routing decision is being made as to where user traffic is going to go for security scrubbing or security features before it goes out to the cloud provider or to the Internet. That’s a huge feature that comes into play whenever you deploy SD-WAN.” Read more: FOR SERVICE PROVIDERS SD-WAN IS A MIXED BLESSING What are the other advantages of SD-WAN? SD-WAN has many advantages when implemented well: More predictable and reliable application performance, which helps support users in any digital workspace, across all connections. Superior connection security for cloud applications, without the performance tradeoffs of MPLS backhauling. Congestion reduction due to lack of bandwidth or brownouts with aggregation of bandwidth via multiple bonded and disparate or redundant links. More reliable access to apps and fewer slowdowns due to congestion. Resiliency and redundancy with fast failover when outages impact WAN connections. Quality of service for prioritizing business-critical application traffic. Fast deployments that fuel business agility when bringing applications online at a branch office, or simply changing the configurations. Zero-touch provisioning allows fast set up of sites in minutes with local staff instead of hours or days. Reduced network transport costs and more flexibility through the use of MPLS-alternatives like broadband and cellular. Quick procurement of bandwidth from multiple transport services, contrast to the long lead times needed with legacy WAN carrier-based technologies. Simplified administration with a centralized console eliminates the complexity of configuring edge devices in the field. Deep SD-WAN analytics to monitor links for performance characteristics. Analytics benefit administrators who can use them when troubleshooting problems across the WAN. Simpler branch office infrastructure that doesn’t require management of as many single-function devices Intelligent traffic steering and dynamic path selection Integrated security with leading 3rd-party solutions, including those for SaaS security Conclusion Interest in SD-WAN among organizations is on the rise, and we hope to see a tremendous rise in its adoption in network security strategies over the next few years. Vendor selection will be one of the factor for successful implementation of SD-WAN, as many are quickly developing new and effective software-defined platforms. An ideal vendor would be the one who effectively addresses your specific pain points and is able to meet your current as well as future requirements. Read more: SD-WAN SECURITY: THE IMPACT OF ORCHESTRATED SERVICES MULTIPLICITY

Read More
5G

Protection Vs. Privacy: Challenges of Mobile Device Management

Article | May 18, 2023

Digital liberation has opened up several avenues for businesses. The current scenario is a bright example of how a remote or hybrid work model seamlessly became a norm, establishing digital workspaces, including laptops and PCs. But this has also led companies to deal with a lot of challenges in managing their enterprise mobility. Whether it is the security or Bring Your Own Device (BYOD) to the user experience or migration, Mobile Device Management (MDM) plays a significant role in digital transformation. PROTECTION VS. PRIVACY: THE PROBLEM WITH (MDM) – INTRODUCTION Mobile device management pertains to software solutions and reliable practices that enable companies to easily manage and obtain wide-ranging mobile devices in compliance with corporate guidelines. In addition, the MDM functionality addresses the security of devices and data, management of devices, and configurations. Essentially, MDM as security is an element of an enterprise mobility management solution that integrates a clustered set of tools to secure and manage mobile apps, BYOD devices, content data and access, configurations, risk management, software updates, and application management. MDM allows a single-interface control over all connecting devices, enabling each device registered for corporate use through the MDM software to be easily monitored, managed, and controlled as per organizational policies. “It’s clear that our network is better protected. We have solved our BYOD issues and can rely on great support via e-mail, phone, or Skype.” - Raymond Bernaert, IT Administrator at ROC Kop van Noord, the Netherlands However, when it comes to an understanding, this technology is of utmost importance to consider the key challenges that companies face regarding protection vs. privacy of mobile device management. Key Challenges MDM solutions are built to improve visibility and secure better control into an end user’s mobile device activity. However, unrestrained tracking of the device’s activities poses a huge threat to the end user’s privacy. For instance, the mobile device management solution may track real-time location and browsing detail. The information exposes employees’ data and usage habits beyond the employer’s device management and security needs. Moreover, as the mobile device market expands, employees choose devices from various brands and platforms, which companies extend support and manage; nevertheless, unanticipated security issues with a specific platform and software version could emerge at any point. Thus, executing the entire process without compromising the end-user convenience. Now, let’s check out some of the most common mobile device management challenges. Security Using numerous devices and endpoints could potentially increase the risk of hacking. This is because, for hackers, it would be a lot easier to exploit the endpoints. And, no wonder mobile device security is one of the fastest-growing concepts in the cybersecurity landscape today. Incorporating mobile devices under the umbrella of mobile device management would be helpful to bridge the vulnerable gaps and prove to firmly manage the entire digital fleet, including mobile phones and PCs. In addition, this will increase up-time significantly and containerize the personal data from corporate data. The Privacy Issue Though MDM solution helps organizations obviate data breaches, they also open up doubt and questions regarding employee privacy. This is because various MDM tools allow employers to monitor the entire device’s activities, including personal phone calls and web activity, at any point. Subsequently, this empowers the IT team to command control in corporate security, whereby they perform many such remote actions, which harm the employees’ privacy. Organizations over the years have used mobile device management solutions with the intent to put BYOD in place. When an enterprise enables BYOD, employees use their devices to access data to help achieve the tasks. With the intent to secure the endpoints, companies choose MDM as their key solution and take control over the entire mobile device, but with that comes the potential for abuse. So, naturally, there is an unwillingness among employees to get MDM installed on their devices. Network Access Control (NAC) The sudden surge in digital workspace culture has also brought in additional complications with varied mobile devices. It is crucial to ensure the team has access to all the apps and corporate data they need. However, it is also important to note that there should be a check on direct access to the data center. One of the core elements for enterprise mobility is network access control (NAC). NAC scrutinizes devices wanting to access your network and it carefully enables and disables native device capabilities distinctly. With designated devices getting connected to the network as per resource, role, and location, it is relatively easy for NAC to ascertain their access level based upon the pre-configured concepts. User Experience It is essential to consider the end-user experience while managing mobility as it often becomes a big challenge. Therefore, a successful mobile device management structure lies mainly in creating a satisfying user experience. A company that uses various devices and has extensive BYOD users may find VMware Workspace ONE or MobileIron effective. However, if the enterprise is all Apple iPhones, the ideal enterprise mobility management would be Jamf Pro, an Apple-only EMM. A single sign would be a perfect method to get into the virtual desktop to ensure efficiency for the remote workers. Moreover, it won’t ask you to sign into different applications separately. Sturdy enterprise mobile device management is an absolute necessity to have a hassle-free experience. Let’s cite the example of this case study, where ‘The Department of Homeland Security (DHS) Science and Technology Directorate’ (S&T) initiated the Next Generation First Responder (NGFR) Apex program to assist tomorrow’s first responder in becoming protected, connected and aware. DHS S&T held a series of NGFR Integration Demonstrations to incrementally test and assess interoperable technologies presently at the development stage. These demonstrations have changed from tabletop integration to field exercises with partner public safety agencies incorporating increasingly complex technology. The NGFR- Harris County OpEx included 23 varied DHS and industry-provided technologies involving six Internet of Things (IoT) sensors, five situational awareness applications and platforms and live-stream video feeds. Additionally, Opex technologies also integrated body-worn cameras and real-time data aggregation and access across numerous agencies. In a nutshell, this case study identifies and explains the mobile device management (MDM) solutions that provided an application-level cybersecurity evaluation and remote device management. The Opex addresses how nationwide public safety agencies could utilize MDM to enhance the operational deployment of new devices and applications. Final Words There are surely both pros and cons involved in mobile device management. Over the years, the BYOD program has turned out to become a norm in corporate culture. In addition, the use of personal devices has significantly surged due to the gradual increase in remote and hybrid work models. Thus, many believe that the MDM solution is naturally aligned with BYOD. However, the fact is, a perfectly planned BYOD policy is the only way to ensure clarity. Having no policy in place will expose a firm to the so-called ‘Shadow IT’ as users will circumvent the IT infrastructure working from their mobile devices. Though the breach of privacy is likely, the policy can be tailored based on the company’s needs. The IT security is adequately maintained and protected and strikes a balance between protections vs. privacy in mobile device management. Frequently Asked Questions What can mobile device management do? Mobile device management keeps business data safe and protected and secures control over confidential information. MDM also exercises its power to lock and remove all data. This is the capability that sustains the device’s security. What are different mobile management tools? With the introduction of Bring Your Own Device (BYOD), several enterprise mobility management tools have also been inducted into MDM. To name a few, some of the prominent MDM tools are Miradore, Citrix Endpoint Management, and SOTI Mobicontrol. { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [{ "@type": "Question", "name": "What can mobile device management do?", "acceptedAnswer": { "@type": "Answer", "text": "Mobile device management keeps business data safe and protected and secures control over confidential information. MDM also exercises its power to lock and remove all data. This is the capability that sustains the device’s security." } },{ "@type": "Question", "name": "What are different mobile management tools?", "acceptedAnswer": { "@type": "Answer", "text": "With the introduction of Bring Your Own Device (BYOD), several enterprise mobility management tools have also been inducted into MDM. To name a few, some of the prominent MDM tools are Miradore, Citrix Endpoint Management, and SOTI Mobicontrol." } }] }

Read More
Enterprise Mobility, Mobile Infrastructure

Keeping Innovation RuralStar Pro, Connecting the Unconnected

Article | June 16, 2023

According to the GSMA 2020 report, 600 million people do not have mobile network coverage and 3.4 billion people do not have mobile Internet access. Most of these areas are remote, difficult to obtain site transmission and power, and high infrastructure costs. As a result, the return of investment (ROI) of traditional solutions is usually as high as 8 to 10 years. Operators are not willing to deploy networks.

Read More

What's New In 5G - June 2021

Article | June 7, 2021

The next-generation of wireless technologies – known as 5G – is here. Not only is it expected to offer network speeds that are up to 100 times faster than 4G LTE and reduce latency to nearly zero, it will allow networks to handle 100 times the number of connected devices, revolutionizing business and consumer connectivity and enabling the “Internet of Things.” Leading policymakers – federal regulators and legislators – are making it a top priority to ensure that the wireless industry has the tools it needs to maintain U.S. leadership in commercial 5G deployments. This blog provides monthly updates on FCC actions and Congressional efforts to win the race to 5G.

Read More

Spotlight

EtherWAN Systems Inc.

EtherWAN Systems, founded in 1996 in Irvine CA, has become a leader in Ethernet connectivity for applications in various markets.Ether WAN's US headquarters are located in Anaheim, CA with Pacific Rim headquarters and manufacturing facility in Taipei, Taiwan...

Related News

Network Security

Ampliphae, HPE Athonet and Arqit deliver Quantum-Safe Private 5G using Symmetric Key Agreement

PR Newswire | January 19, 2024

Arqit Quantum Inc, a leader in quantum-safe encryption, and Ampliphae Ltd (Ampliphae), a leader in network cyber security solutions, have today announced successful completion of a project that will deliver enhanced quantum-safe security for Private 5G networks. The Security Enhanced Virtualised Networking for 5G (SEViN-5G) project, funded by Innovate UK, the UK Government’s innovation agency, leveraged Ampliphae’s network security analytics technology and Arqit’s Symmetric Key Agreement Platform to deliver a quantum-secure Private 5G testbed that can protect against both current and future cyber threats. Athonet, a Hewlett Packard Enterprise acquisition, provided the Radio Access Network (RAN) equipment for the project with a cloud core hosted on AWS. Private enterprise networks based on 5G cellular technology are accelerating digital transformation across industries including manufacturing, healthcare, defence and smart cities. Private 5G gives enterprises access to high-speed, massively scalable, and ultra-reliable wireless connectivity, allowing them to implement innovative IoT and mobile solutions that enhance productivity, drive automation and improve customer engagement. The security of these networks will be paramount as they will support safety-critical infrastructure and carry highly sensitive data. But like any new technology, 5G comes with potential new threats and security risks including the threat from quantum computing. The project finished in December 2023 and customer engagement has already begun. David Williams, Arqit Founder, Chairman and CEO said: “Enterprises want to deploy Private 5G networks with complete confidence that they will be safe from both current and future cyber threats including from quantum computers. Working alongside Ampliphae, we have shown that a quantum-safe Private 5G network is deliverable using Arqit’s unique encryption technology.” Trevor Graham, Ampliphae CEO said: “Private 5G can be hosted partly or completely in the Cloud, giving enterprises the opportunity to rapidly set up their own cellular networks customised to support their operations. With Ampliphae and Arqit they can now be certain that those Private 5G networks are monitored and secure against eavesdropping and disruption.” Nanda Menon, Senior Advisor Hewlett Packard Enterprise said: “In an era where security is paramount, the completion of the SEViN-5G project is a significant milestone. The delivery of a quantum-secure Private 5G testbed, achieved where Athonet have combined the Athonet core with CableFree radios, underscores the commitment to innovation and reinforces the confidence enterprises can have in deploying networks that are both cutting-edge and secure from both present and future threats.” About Arqit Arqit Quantum Inc. (Nasdaq: ARQQ, ARQQW) (Arqit) supplies a unique encryption Platform as a Service which makes the communications links of any networked device, cloud machine or data at rest secure against both current and future forms of attack on encryption – even from a quantum computer. Compliant with NSA standards, Arqit’s Symmetric Key Agreement Platform delivers a lightweight software agent that allows devices to create encryption keys locally in partnership with any number of other devices. The keys are computationally secure and operate over zero trust networks. It can create limitless volumes of keys with any group size and refresh rate and can regulate the secure entrance and exit of a device in a group. The agent is lightweight and will thus run on the smallest of end point devices. The Product sits within a growing portfolio of granted patents. It also works in a standards compliant manner which does not oblige customers to make a disruptive rip and replace of their technology. Recognised for groundbreaking innovation at the Institution of Engineering and Technology awards in 2023, Arqit has also won the Innovation in Cyber Award at the National Cyber Awards and Cyber Security Software Company of the Year Award at the Cyber Security Awards. Arqit is ISO 27001 Standard certified. www.arqit.uk About Ampliphae Ampliphae’s distributed network analytics technology provides insight into how networks are used to support enterprise operations at every level. A graduate of the prestigious LORCA cyber accelerator in London, and the AWS European Defence Accelerator, Ampliphae’s technology is already used by enterprises across multiple verticals to discover, analyse and secure the network traffic that supports their key applications and business processes. Ampliphae’s Encryption Intelligence product operates at enterprise scale to discover devices and applications that use cryptography, analysing their encryption capabilities to detect risks, including assets that are vulnerable to future quantum computer attack. Using Encryption Intelligence, the organisation can gather effective operational intelligence about their encryption landscape, both within and outside the organisation, and build an effective mitigation program to address current and future vulnerabilities.

Read More

Network Security

Cato Networks Introduces World's First SASE-based XDR

PR Newswire | January 25, 2024

Cato Networks, the leader in SASE, announced the expansion of the Cato SASE Cloud platform into threat detection and incident response with Cato XDR, the world's first SASE-based, extended detection and response (XDR) solution. Available immediately, Cato XDR utilizes the functional and operational capabilities of the Cato SASE Cloud to overcome the protracted deployment times, limited data quality, and inadequate investigation and response experience too often associated with legacy XDR solutions. Cato also introduced Cato EPP, the first SASE-managed endpoint protection platform (EPP/EDR). Together, Cato XDR and Cato EPP mark the first expansion beyond the original SASE scope pioneered by Cato in 2016 and defined by industry analysts in 2019. SASE's security capabilities encompassed threat prevention and data protection in a common, easy-to-manage, and easy-to-adopt global platform. With today's announcement, Cato is expanding SASE into threat detection, incident response, and endpoint protection without compromising on the architectural elegance captured by the original SASE definition. "Cato SASE continues to be the antidote to security complexity," says Shlomo Kramer, CEO and co-founder of Cato Networks. "Today, we extend our one-of-a-kind SASE platform beyond threat prevention and into threat detection and response. Only Cato and our simple, automated, and elegant platform can streamline security this way." An early adopter of Cato XDR is Redner's Markets, an employee-owned supermarket chain headquartered in Reading, Pennsylvania, with 75 locations. Redner's Markets' vice president of IT and Infrastructure, Nick Hidalgo, said, "The Cato platform gave us better visibility, saved time on incident response, resolved application issues, and improved network performance ten-fold." (Read more about Redner's Markets and Cato in this blog. "The convergence of XDR and EPP into SASE is not just another product; it's a game-changer for the industry," said Art Nichols, CTO of Windstream Enterprise, a Cato partner. "The innovative integration of these capabilities brings together advanced threat detection, response capabilities, and endpoint security within a unified, cloud-native architecture—revolutionizing the way enterprises protect their networks and data against increasingly sophisticated cyber threats." (Read more about what Cato partners are saying about today's news in this blog.) Platform vs. Product: The Difference Matters Cato XDR takes full advantage of the enormous benefits of the Cato SASE Cloud platform, the first platform built from the ground up to enable enterprises to connect, secure, and manage sites, users, and cloud resources anywhere in the world. Unlike disjointed point solutions and security appliances, Cato capabilities are instantly on, always available at scale, and fully converged, giving IT teams a single, shared context worldwide to understand their networks, prevent threats, and resolve problems. As an autonomous platform, Cato SASE Cloud sustains its evolution, resiliency, optimal performance, and security posture, saving enterprises the operational overhead of maintaining enterprise infrastructure. Enterprises simply subscribe to Cato to meet their business needs. Cato's cloud-native model revolutionized security and networking operations when it was introduced in 2016, a fact validated three years later in 2019 when the Cato approach was formally recognized by the industry as SASE. Breach Times Still Too Long; Limitations of Legacy XDR Cato is again revolutionizing cybersecurity with the first SASE platform to expand into threat detection, empowering security teams to become smarter and remediate incidents faster. The flood of security alerts triggered by network sensors, such as firewalls and IPS, complicates threat identification. In 2023, enterprises required 204 days on average to identify breaches.1 XDR tools help security analysts close this gap by ingesting, correlating, and contextualizing threat intelligence information with the data from native and third-party sensors. However, legacy XDR tools suffer from numerous problems relating to data quality. Sensor deployment extends the time-to-value as IT must not only install the sensors but also develop a baseline of specific organizational activity for accurate assessments. Data quality is also compromised when importing and normalizing third-party sensor data, complicating threat identification and incident response. Security analysts waste time sorting through incident stories to identify the ones most critical for immediate remediation. Once determined, incident remediation is often hampered by missing information, requiring analysts to master and switch between disparate tools. No wonder in 2023, average breach containment required more than two months.1 Cato XDR and Cato EPP Expands the Meaning of SASE Cato XDR addresses legacy XDR's limitations. Instantly activated globally, Cato XDR provides enterprises with immediate insights into threats on their networks. Incident detection is accurate due to Cato's many native sensors – NGFW, advanced threat prevention (IPS, NGAM, and DNS Security), SWG, CASB, DLP, ZTNA, RBI, and now EPP/EDR. Powered by Bitdefender's world-leading malware prevention technology, Cato EPP protects endpoints from attack – in the Cato way. Endpoint threat and user data are stored in the same converged Cato data lake as the rest of the customer's network data, simplifying cross-domain event correlation. The result is incredibly high-quality data that improves the incident identification and remediation process. Cato AI uses the data to accurately identify and rank incidents, empowering analysts to focus critical resources on an organization's most important remediation cases. Cato AI is battle-tested and proven across years of threat hunting and remediation handling by Cato MDR service agents. Remediation times reduce as detected incident stories contain the relevant information for in-depth investigation. Cato's tools sit in the same console as the native engines, enabling security analysts to view everything in one place -- the current security policy and the reviewed story. Finally, incident reporting is simplified with generative AI. Purpose-built for investigations, this natural language engine provides human-readable explanations of incident stories. Analysts save time sharing incident information with other teams and reporting to their managers.

Read More

Network Infrastructure

DISH Wireless Awarded $50 Million NTIA Grant for 5G Open RAN Integration and Deployment Center

PR Newswire | January 16, 2024

DISH Wireless, a subsidiary of EchoStar, was awarded a historic $50 million grant from the U.S. Department of Commerce's National Telecommunications and Information Administration (NTIA) to establish the Open RAN Center for Integration & Deployment (ORCID). ORCID will allow participants to test and validate their hardware and software solutions (RU, DU and CU) against a complete commercial-grade Open RAN network deployed by DISH. "The Open RAN Center for Integration and Deployment (ORCID) will serve a critical role in strengthening the global Open RAN ecosystem and building the next generation of wireless networks," said Charlie Ergen, co-founder and chairman, EchoStar. "By leveraging DISH's experience deploying the world's first standalone Open RAN 5G network, ORCID will be uniquely positioned to test and evaluate Open RAN interoperability, performance and security from domestic and international vendors. We appreciate NTIA's recognition of DISH and ORCID's role in driving Open RAN innovation and the Administration's ongoing commitment to U.S. leadership in wireless connectivity." To date, this grant represents NTIA's largest award under the Public Wireless Supply Chain Innovation Fund (Innovation Fund). ORCID will be housed in DISH's secure Cheyenne, Wyoming campus and will be supported by consortium partners Fujitsu, Mavenir and VMware by Broadcom and technology partners Analog Devices, ARM, Cisco, Dell Technologies, Intel, JMA Wireless, NVIDIA, Qualcomm and Samsung. NTIA Administrator Alan Davidson and Innovation Fund Director Amanda Toman will join EchoStar Co-Founder and Chairman Charlie Ergen, EchoStar CEO Hamid Akhavan, EVP and Chief Network Officer Marc Rouanne and other stakeholders to announce the grant and tour a DISH 5G Open RAN cell site later today in Las Vegas. During this event, DISH will outline ORCID's unique advantages, including that it will leverage DISH's experience as the only operator in the United States to commercially deploy a standalone Open RAN 5G network. DISH and its industry partners have validated Open RAN technology at scale across the country; today DISH's network covers over 246 million Americans nationwide. At ORCID, participants will be able to test and evaluate individual or multiple network elements to ensure Open RAN interoperability, performance and security, and contribute to the development, deployment and adoption of open and interoperable standards-based radio access networks. ORCID's "living laboratory" will drive the Open RAN ecosystem — from lab testing to commercial deployment. Below are highlights of ORCID: ORCID will combine both lab and field testing and evaluation activities. ORCID will be able to test elements brought by any qualified vendor against DISH's live, complete and commercial-grade Open RAN stack. ORCID will use DISH's spectrum holdings, a combination of low-, mid- and high-band frequencies, enabling field testing and evaluation. ORCID will evaluate Open RAN elements through mixing and matching with those of other vendors, rather than validating a single vendor's stack. DISH's experience in a multi-vendor environment will give ORCID unique insights about the integration of Open RAN into brownfield networks. ORCID's multi-tenant lab and field testing will occur in DISH's secure Cheyenne, Wyoming facility, which is already compliant with stringent security protocols in light of its satellite functions. About DISH Wireless DISH Wireless, a subsidiary of EchoStar Corporation (NASDAQ: SATS), is changing the way the world communicates with the Boost Wireless Network. In 2020, the company became a nationwide U.S. wireless carrier through the acquisition of Boost Mobile. The company continues to innovate in wireless, building the nation's first virtualized, Open RAN 5G broadband network, and is inclusive of the Boost Infinite, Boost Mobile and Gen Mobile wireless brands.

Read More

Network Security

Ampliphae, HPE Athonet and Arqit deliver Quantum-Safe Private 5G using Symmetric Key Agreement

PR Newswire | January 19, 2024

Arqit Quantum Inc, a leader in quantum-safe encryption, and Ampliphae Ltd (Ampliphae), a leader in network cyber security solutions, have today announced successful completion of a project that will deliver enhanced quantum-safe security for Private 5G networks. The Security Enhanced Virtualised Networking for 5G (SEViN-5G) project, funded by Innovate UK, the UK Government’s innovation agency, leveraged Ampliphae’s network security analytics technology and Arqit’s Symmetric Key Agreement Platform to deliver a quantum-secure Private 5G testbed that can protect against both current and future cyber threats. Athonet, a Hewlett Packard Enterprise acquisition, provided the Radio Access Network (RAN) equipment for the project with a cloud core hosted on AWS. Private enterprise networks based on 5G cellular technology are accelerating digital transformation across industries including manufacturing, healthcare, defence and smart cities. Private 5G gives enterprises access to high-speed, massively scalable, and ultra-reliable wireless connectivity, allowing them to implement innovative IoT and mobile solutions that enhance productivity, drive automation and improve customer engagement. The security of these networks will be paramount as they will support safety-critical infrastructure and carry highly sensitive data. But like any new technology, 5G comes with potential new threats and security risks including the threat from quantum computing. The project finished in December 2023 and customer engagement has already begun. David Williams, Arqit Founder, Chairman and CEO said: “Enterprises want to deploy Private 5G networks with complete confidence that they will be safe from both current and future cyber threats including from quantum computers. Working alongside Ampliphae, we have shown that a quantum-safe Private 5G network is deliverable using Arqit’s unique encryption technology.” Trevor Graham, Ampliphae CEO said: “Private 5G can be hosted partly or completely in the Cloud, giving enterprises the opportunity to rapidly set up their own cellular networks customised to support their operations. With Ampliphae and Arqit they can now be certain that those Private 5G networks are monitored and secure against eavesdropping and disruption.” Nanda Menon, Senior Advisor Hewlett Packard Enterprise said: “In an era where security is paramount, the completion of the SEViN-5G project is a significant milestone. The delivery of a quantum-secure Private 5G testbed, achieved where Athonet have combined the Athonet core with CableFree radios, underscores the commitment to innovation and reinforces the confidence enterprises can have in deploying networks that are both cutting-edge and secure from both present and future threats.” About Arqit Arqit Quantum Inc. (Nasdaq: ARQQ, ARQQW) (Arqit) supplies a unique encryption Platform as a Service which makes the communications links of any networked device, cloud machine or data at rest secure against both current and future forms of attack on encryption – even from a quantum computer. Compliant with NSA standards, Arqit’s Symmetric Key Agreement Platform delivers a lightweight software agent that allows devices to create encryption keys locally in partnership with any number of other devices. The keys are computationally secure and operate over zero trust networks. It can create limitless volumes of keys with any group size and refresh rate and can regulate the secure entrance and exit of a device in a group. The agent is lightweight and will thus run on the smallest of end point devices. The Product sits within a growing portfolio of granted patents. It also works in a standards compliant manner which does not oblige customers to make a disruptive rip and replace of their technology. Recognised for groundbreaking innovation at the Institution of Engineering and Technology awards in 2023, Arqit has also won the Innovation in Cyber Award at the National Cyber Awards and Cyber Security Software Company of the Year Award at the Cyber Security Awards. Arqit is ISO 27001 Standard certified. www.arqit.uk About Ampliphae Ampliphae’s distributed network analytics technology provides insight into how networks are used to support enterprise operations at every level. A graduate of the prestigious LORCA cyber accelerator in London, and the AWS European Defence Accelerator, Ampliphae’s technology is already used by enterprises across multiple verticals to discover, analyse and secure the network traffic that supports their key applications and business processes. Ampliphae’s Encryption Intelligence product operates at enterprise scale to discover devices and applications that use cryptography, analysing their encryption capabilities to detect risks, including assets that are vulnerable to future quantum computer attack. Using Encryption Intelligence, the organisation can gather effective operational intelligence about their encryption landscape, both within and outside the organisation, and build an effective mitigation program to address current and future vulnerabilities.

Read More

Network Security

Cato Networks Introduces World's First SASE-based XDR

PR Newswire | January 25, 2024

Cato Networks, the leader in SASE, announced the expansion of the Cato SASE Cloud platform into threat detection and incident response with Cato XDR, the world's first SASE-based, extended detection and response (XDR) solution. Available immediately, Cato XDR utilizes the functional and operational capabilities of the Cato SASE Cloud to overcome the protracted deployment times, limited data quality, and inadequate investigation and response experience too often associated with legacy XDR solutions. Cato also introduced Cato EPP, the first SASE-managed endpoint protection platform (EPP/EDR). Together, Cato XDR and Cato EPP mark the first expansion beyond the original SASE scope pioneered by Cato in 2016 and defined by industry analysts in 2019. SASE's security capabilities encompassed threat prevention and data protection in a common, easy-to-manage, and easy-to-adopt global platform. With today's announcement, Cato is expanding SASE into threat detection, incident response, and endpoint protection without compromising on the architectural elegance captured by the original SASE definition. "Cato SASE continues to be the antidote to security complexity," says Shlomo Kramer, CEO and co-founder of Cato Networks. "Today, we extend our one-of-a-kind SASE platform beyond threat prevention and into threat detection and response. Only Cato and our simple, automated, and elegant platform can streamline security this way." An early adopter of Cato XDR is Redner's Markets, an employee-owned supermarket chain headquartered in Reading, Pennsylvania, with 75 locations. Redner's Markets' vice president of IT and Infrastructure, Nick Hidalgo, said, "The Cato platform gave us better visibility, saved time on incident response, resolved application issues, and improved network performance ten-fold." (Read more about Redner's Markets and Cato in this blog. "The convergence of XDR and EPP into SASE is not just another product; it's a game-changer for the industry," said Art Nichols, CTO of Windstream Enterprise, a Cato partner. "The innovative integration of these capabilities brings together advanced threat detection, response capabilities, and endpoint security within a unified, cloud-native architecture—revolutionizing the way enterprises protect their networks and data against increasingly sophisticated cyber threats." (Read more about what Cato partners are saying about today's news in this blog.) Platform vs. Product: The Difference Matters Cato XDR takes full advantage of the enormous benefits of the Cato SASE Cloud platform, the first platform built from the ground up to enable enterprises to connect, secure, and manage sites, users, and cloud resources anywhere in the world. Unlike disjointed point solutions and security appliances, Cato capabilities are instantly on, always available at scale, and fully converged, giving IT teams a single, shared context worldwide to understand their networks, prevent threats, and resolve problems. As an autonomous platform, Cato SASE Cloud sustains its evolution, resiliency, optimal performance, and security posture, saving enterprises the operational overhead of maintaining enterprise infrastructure. Enterprises simply subscribe to Cato to meet their business needs. Cato's cloud-native model revolutionized security and networking operations when it was introduced in 2016, a fact validated three years later in 2019 when the Cato approach was formally recognized by the industry as SASE. Breach Times Still Too Long; Limitations of Legacy XDR Cato is again revolutionizing cybersecurity with the first SASE platform to expand into threat detection, empowering security teams to become smarter and remediate incidents faster. The flood of security alerts triggered by network sensors, such as firewalls and IPS, complicates threat identification. In 2023, enterprises required 204 days on average to identify breaches.1 XDR tools help security analysts close this gap by ingesting, correlating, and contextualizing threat intelligence information with the data from native and third-party sensors. However, legacy XDR tools suffer from numerous problems relating to data quality. Sensor deployment extends the time-to-value as IT must not only install the sensors but also develop a baseline of specific organizational activity for accurate assessments. Data quality is also compromised when importing and normalizing third-party sensor data, complicating threat identification and incident response. Security analysts waste time sorting through incident stories to identify the ones most critical for immediate remediation. Once determined, incident remediation is often hampered by missing information, requiring analysts to master and switch between disparate tools. No wonder in 2023, average breach containment required more than two months.1 Cato XDR and Cato EPP Expands the Meaning of SASE Cato XDR addresses legacy XDR's limitations. Instantly activated globally, Cato XDR provides enterprises with immediate insights into threats on their networks. Incident detection is accurate due to Cato's many native sensors – NGFW, advanced threat prevention (IPS, NGAM, and DNS Security), SWG, CASB, DLP, ZTNA, RBI, and now EPP/EDR. Powered by Bitdefender's world-leading malware prevention technology, Cato EPP protects endpoints from attack – in the Cato way. Endpoint threat and user data are stored in the same converged Cato data lake as the rest of the customer's network data, simplifying cross-domain event correlation. The result is incredibly high-quality data that improves the incident identification and remediation process. Cato AI uses the data to accurately identify and rank incidents, empowering analysts to focus critical resources on an organization's most important remediation cases. Cato AI is battle-tested and proven across years of threat hunting and remediation handling by Cato MDR service agents. Remediation times reduce as detected incident stories contain the relevant information for in-depth investigation. Cato's tools sit in the same console as the native engines, enabling security analysts to view everything in one place -- the current security policy and the reviewed story. Finally, incident reporting is simplified with generative AI. Purpose-built for investigations, this natural language engine provides human-readable explanations of incident stories. Analysts save time sharing incident information with other teams and reporting to their managers.

Read More

Network Infrastructure

DISH Wireless Awarded $50 Million NTIA Grant for 5G Open RAN Integration and Deployment Center

PR Newswire | January 16, 2024

DISH Wireless, a subsidiary of EchoStar, was awarded a historic $50 million grant from the U.S. Department of Commerce's National Telecommunications and Information Administration (NTIA) to establish the Open RAN Center for Integration & Deployment (ORCID). ORCID will allow participants to test and validate their hardware and software solutions (RU, DU and CU) against a complete commercial-grade Open RAN network deployed by DISH. "The Open RAN Center for Integration and Deployment (ORCID) will serve a critical role in strengthening the global Open RAN ecosystem and building the next generation of wireless networks," said Charlie Ergen, co-founder and chairman, EchoStar. "By leveraging DISH's experience deploying the world's first standalone Open RAN 5G network, ORCID will be uniquely positioned to test and evaluate Open RAN interoperability, performance and security from domestic and international vendors. We appreciate NTIA's recognition of DISH and ORCID's role in driving Open RAN innovation and the Administration's ongoing commitment to U.S. leadership in wireless connectivity." To date, this grant represents NTIA's largest award under the Public Wireless Supply Chain Innovation Fund (Innovation Fund). ORCID will be housed in DISH's secure Cheyenne, Wyoming campus and will be supported by consortium partners Fujitsu, Mavenir and VMware by Broadcom and technology partners Analog Devices, ARM, Cisco, Dell Technologies, Intel, JMA Wireless, NVIDIA, Qualcomm and Samsung. NTIA Administrator Alan Davidson and Innovation Fund Director Amanda Toman will join EchoStar Co-Founder and Chairman Charlie Ergen, EchoStar CEO Hamid Akhavan, EVP and Chief Network Officer Marc Rouanne and other stakeholders to announce the grant and tour a DISH 5G Open RAN cell site later today in Las Vegas. During this event, DISH will outline ORCID's unique advantages, including that it will leverage DISH's experience as the only operator in the United States to commercially deploy a standalone Open RAN 5G network. DISH and its industry partners have validated Open RAN technology at scale across the country; today DISH's network covers over 246 million Americans nationwide. At ORCID, participants will be able to test and evaluate individual or multiple network elements to ensure Open RAN interoperability, performance and security, and contribute to the development, deployment and adoption of open and interoperable standards-based radio access networks. ORCID's "living laboratory" will drive the Open RAN ecosystem — from lab testing to commercial deployment. Below are highlights of ORCID: ORCID will combine both lab and field testing and evaluation activities. ORCID will be able to test elements brought by any qualified vendor against DISH's live, complete and commercial-grade Open RAN stack. ORCID will use DISH's spectrum holdings, a combination of low-, mid- and high-band frequencies, enabling field testing and evaluation. ORCID will evaluate Open RAN elements through mixing and matching with those of other vendors, rather than validating a single vendor's stack. DISH's experience in a multi-vendor environment will give ORCID unique insights about the integration of Open RAN into brownfield networks. ORCID's multi-tenant lab and field testing will occur in DISH's secure Cheyenne, Wyoming facility, which is already compliant with stringent security protocols in light of its satellite functions. About DISH Wireless DISH Wireless, a subsidiary of EchoStar Corporation (NASDAQ: SATS), is changing the way the world communicates with the Boost Wireless Network. In 2020, the company became a nationwide U.S. wireless carrier through the acquisition of Boost Mobile. The company continues to innovate in wireless, building the nation's first virtualized, Open RAN 5G broadband network, and is inclusive of the Boost Infinite, Boost Mobile and Gen Mobile wireless brands.

Read More

Events