Mobile Packet Core Visibility & Threat Detection

Today, a majority of the world’s network service providers use Arbor Networks SP solution for network visibility and advanced threat protection for their fixed networks. As the lines blur between fixed and mobile connectivity, Arbor’s Mobile Network Analysis product enables multi-service network operators to deploy a single solution providing pervasive network visibility and advanced threat protection for their fixed, HSPA/LTE and cloud infrastructures.

Features & Benefits

A Single Solution for Pervasive Network Visibility and Threat Management

Arbor’s MNA product is a fully integrated extension to the SP solution that delivers real-time traffic visibility and network awareness into the mobile packet core so unwanted traffic is detected early and fast—before it threatens service performance and availability.

infographic mna 1 web

MNOs who already own the Arbor Networks SP solution can take advantage of economies of scale and benefits such as:

  • Integrated, best-in-class fixed and mobile network visibility, telemetry and advanced threat protection from a single vendor.
  • Broader detection of network-based threats originating both from within (user-originated) and outside (Internet-originated) the mobile packet core.
  • Reduced total cost of ownership due to familiarity with the Arbor platform, user interface and ATLAS® intelligence feeds—enabling faster rollout in the short-term and greater solution lifecycle and operating efficiencies over the long-term.

Visibility Into The Mobile Packet Core

You cannot address what you do not know. MNA is designed to shine a bright light in a mostly invisible part of the mobile network. It passively collects IPv4/v6 control plane traffic traversing the HSPA/LTE packet core (including GRX/IPX roaming traffic) from existing taps and probes. It stores this time-series data for centralized analytics and visualization, so operators have up-to-the-minute telemetry on all network GTP-c flows including:

  • The frequency and severity of any packet core signaling anomalies.
  • The specific infrastructure nodes causing or affecting the anomalies.
  • The associated signaling messages and ‘transaction’ cause values.

infographic mna 2 web

Threat Detection For The Mobile Packet Core

Having pervasive visibility into the packet core control plane means knowing what represents normal user signaling activity and, most important, recognizing abnormal activity. Arbor Networks MNA exposes anomalous network behavior so operators can efficiently determine whether the events are non-malicious or malicious in nature and can take action if they pose a threat to service availability and performance. Highly configurable detection and alerting algorithms help network managers quickly parse information such as:

  • Signaling storms and malformed signaling: possibly indicating a misconfigured Internet server, errant application or DNS attack.
  • Excessive or abnormally low signaling volumes: which could point to a distressed node or a volumetric/‘low and slow’ malicious attack.
  • Spikes in signaling cause values (e.g., "service not supported" or "context not found") suggeting a sudden influx of misconfigured end-user devices or possibly an attempt to compromise network infrastructure.