Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance...
Transcript of Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance...
![Page 1: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/1.jpg)
Automating Service Self-Healing and Security Management
Davide Cherubini
Cloud & Automation CoE
![Page 2: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/2.jpg)
C2 General
ONAP Roadmap
R1 AMSTERDAM
December 2017
R3 CASABLANCA
December 2018
R4 DUBLIN
June 2019
R2 BEIJING
June 2018
![Page 3: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/3.jpg)
C2 General
• Modularity
• Flexibility (seamlessly integrate with existing deployment & 3rd party systems)
• Promote adoption of standard interfaces and APIs - internal and external
• Avoid proprietary interfaces
• Consistent implementation
ONAP & Openness
![Page 4: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/4.jpg)
C2 General
Vodafone Contributions to ONAP
ONAP R3CasablancaDec 2018
ONAP R4 Dublin
June 2019
CCVPN Use Casecross-technology, cross-domain, cross-operator
E2E Service fulfillment and assurance
CCVPN Extension5 sub-use cases
(MP2MP, VAS+AI, DR, L0/L1)
VSP Compliance [SDC]VNF/CNF Certification + Testing
![Page 5: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/5.jpg)
C2 General5
Portal
External API External API
SDCSDC
SOSO
SDNCSDNC
3rd party
SDNC
3rd party
SDNC
Northbound – East/West TMF APIs
Integration of 3rd
party SDNC
CPECPE
End-to-End Connectivity Service
Vodafone CMCC Cross-ONAP links
CMCC
Network
(LAB)
Vodafone
Network
(LAB)
CCVPN Use Case
ONAP R3Casablanca
![Page 6: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/6.jpg)
C2 General
• Enhancing ONAP security– Projects (security by design)
– CII badging
• ONAP used to enhance Service security
ONAP Security Considerations
![Page 7: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/7.jpg)
C2 General
Possible Service Security Scenarios for ONAP
Security Controller
3rd Party Security
Solution
OR
![Page 8: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/8.jpg)
C2 General
ONAP Ericsson ESM Demo
VNF (e.g. vFW)
ESM
Trigger ACTION
Take ACTION MONITOR
• 3 Use Cases demonstrated1. Misconfiguration detection2. Threat detection & Self-Healing3. Forensics & Root Cause Analysis
![Page 9: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/9.jpg)
Ericsson Internal | 2018-02-21
Automating service self-healing and security management
Open Networking SummitNorth AmericaApril 2019
Kari-Pekka Perttula Ericsson Security Solutions 2019-04-05
![Page 10: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/10.jpg)
Ericsson Internal | 2018-02-21
Assets at risk
![Page 11: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/11.jpg)
Ericsson Internal | 2018-02-21
Core NetworkAccess Network Other Networks
OSS/BSS
User Equipment
Management TrafficControl SignalingUser Payload
Mobile network threat vectors
![Page 12: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/12.jpg)
Ericsson Internal | 2018-02-21
Most common issues resulting in security breach or incident
Current operational procedures prone for mistakes
Security policies are not enforced or monitored
Lack of visibility, control and continuous monitoring
Lack of hardening
Insecure configurations of the network
“Through 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities."
-Gartner
![Page 13: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/13.jpg)
Ericsson Internal | 2018-02-21
Service provider security challenges
Privacy
Untrusted identities
Network resilience
OPEX
Lack of automation in security
ISO 27001 and GDPR compliance
False base stations
Signaling vulnerabilities
Malicious devices
Lack of end-to-end security visibility
Security and privacy compliance
Manual processesare not scalable
Limited ability to detect and respond
to threats
No end-to-end view of security status
Dynamic anddistributed networks
![Page 14: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/14.jpg)
Journey towards intelligent security management
Automated threat detection with ML/AI
based security analytics
Automated security policy configuration &
compliance monitoring
Adaptive security andthreat intelligence
Static
Cognitive
Intelligent
Dynamic
Manual security baseline configuration
& audits
![Page 15: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/15.jpg)
Security managent challenges with ONAP
—Security focus in the ONAP community is currently on the platform security and selected VNF use cases
—ONAP lacks security framework and APIs, that would facilitate connection to external security analytics and management tools
—These are needed to automate security operations use cases both for the NFs and the ONAP platform
![Page 16: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/16.jpg)
Ericsson Internal | 2018-02-21
Summary
—Security management is a challenge in current networks – lack of control and visibility
—Networks are becoming dynamic and distributed, at the same time new threats continuously emerge – manual security processes are not scalable and effective
—Automation of security use cases is an imperative for intelligent security management
![Page 17: Automating Service Self-Healing and Security Management...E2E Service fulfillment and assurance CCVPN Extension 5 sub-use cases (MP2MP, VAS+AI, DR, L0/L1) VSP Compliance [SDC] VNF/CNF](https://reader034.fdocuments.in/reader034/viewer/2022051811/60275fbab98d8c2f8d57c635/html5/thumbnails/17.jpg)
ericsson.com/security