5G is not an concept. It’s right here, and it’s reshaping how service suppliers construct, function, and safe their networks. Workloads are transferring to the sting, latency is changing into crucial, and reaching versatile, adaptive safety has by no means been tougher.
At Cisco, we’re leveraging our platform benefit to unravel these issues with progressive architectures. Over the previous couple of years, we have now been onerous at work—reshaping how we method the evolving wants of cellular infrastructure safety. A few of what I’ll share is already dwell with clients, and a few is nonetheless being examined internally.
This isn’t a product launch or a roadmap. It’s only a glimpse into what’s maintaining us busy and why I’m so enthusiastic about what’s coming subsequent.
Safety Gateway: Designed for Scalability
Let’s start with the Safety Gateway.
We’ve already shipped distributed VPN on the Cisco Safe Firewall 4200 Sequence platform, with help coming quickly to the Cisco Safe Firewall 6100 Sequence. This enables massive IPsec tunnels to be unfold throughout a number of cluster members (as much as 16), offering near-linear scalability.
We additionally launched loopback tunnel termination, which simplifies underlay routing and fault tolerance. When speaking to our service supplier purchasers, a recurring theme we hear from them is their seek for new 5G use circumstances to generate income. This naturally pushes workloads nearer to the sting, whether or not on telco cloud or public cloud.
For Open RAN deployments, Cilium CNI from Isovalent, now a part of Cisco, offers native encryption on the OS layer throughout Kubernetes pods. For top-performance IPsec VMs, our three-year partnership with NVIDIA continues to ship. We’re seeing spectacular leads to crypto offload and movement acceleration, and with some tuning, our Safe Firewall Risk Protection Digital equipment can carry out even higher when prime efficiency is crucial.
Securing the Signaling Layer
The signaling layer in cellular networks stays one of the vital difficult elements to safe. Like the remainder of the trade, we’re repeatedly enhancing our inspection and filtering capabilities for GTP, Diameter, and SCTP, aligning with the newest 3GPP and GSMA requirements.
We intention to include location-aware Diameter filtering, PFCP inspection… and different superior options, however requirements are not adequate.
Signaling assaults are changing into extra subtle, and SOC and NOC groups require visibility and correlation that surpass primary detection.
That’s the place Cisco’s strengths really shine: AI and enormous language fashions supported by community telemetry and Cisco Talos risk intelligence. We’ve began experimenting with our open-source Cisco Basis AI 8B mannequin to perceive whether or not these knowledge sources can assist determine mobile-specific threats. The objective is to discover how AI can help in recognizing complicated patterns throughout signaling protocols, not as a substitute for present detection strategies however as a complementary method.
One other main problem with securing signaling protocols is correlation. A traditional instance of this is able to be linking GTP-C and GTP-U classes, which is notoriously tough as a result of these protocols usually are not essentially destined for the identical gear. With the acquisition of Splunk, we’re actively working to simplify and automate this correlation use case for our clients.
GI and N6 Firewall: Enhancing Visibility and Context
Efficiency is important in cellular networks, and our 4200 and 6100 platforms ship the pace and scalability operators want. The 6100 now helps over 80 situations, offering flexibility for giant deployments.
A key differentiator is the Encrypted Visibility Engine, or EVE. It’s superb for the N6 interface as a result of it could actually detect compromised or contaminated subscribers even in totally encrypted visitors, defending each efficiency and person expertise.
We’re coaching EVE to acknowledge mobile-specific risk patterns and plan to make its insights shareable by way of APIs so different instruments like DPI programs can make the most of this info. We’re additionally exploring methods to make firewall insurance policies extra “mobile-aware.” One of many methods we’re capable of obtain that is by utilizing eBPF instruments to hint artifacts, similar to IMSI and IMEI, from the packet core. By coupling eBPF with firewall expertise, we are able to obtain extra granular firewall insurance policies.
And naturally, we hold advancing on CGNAT. At the moment, we provide glorious efficiency and optimized logging. Within the close to future, we intention so as to add deterministic NAT and DS-lite together with dashboards in Grafana and Splunk to make monitoring and troubleshooting extra simple.
Packet Core Microsegmentation
Just lately, 3GPP made it a requirement to implement microsegmentation, mTLS, 0Auth, and encryption contained in the packet core. This requirement emphasizes the significance mitigating unauthorized lateral motion as a regular apply, nevertheless, deploying these controls are difficult for a lot of service supplier organizations.
Cilium CNI from Isovalent helps simplify assembly this requirement by offering identity-aware segmentation, mTLS, and 0Auth in-built. Operators can apply the required 3GPP controls via a single enforcement mannequin, simplifying operations for a lot of service suppliers and serving to them extra simply meet compliance.
With Hypershield quickly to be out there on-premises and powered by Isovalent runtime safety, we take proactive safety to the subsequent degree by introducing Distributed Exploit Safety. This functionality leverages the Tetragon agent to routinely inform us about vulnerabilities earlier than patches are launched and supply focused compensating controls—a essential benefit to reduce danger publicity the place uptime is crucial.
Closing Ideas
As talked about earlier, this isn’t a roadmap or advertising and marketing pitch. It’s a window into what Cisco groups are constructing to make cellular infrastructure smarter, safer, and extra resilient.
Some options are already out there, others are nonetheless in growth, however all intention to assist service suppliers keep forward of what’s subsequent.
I’ll share extra particulars and dwell demos throughout upcoming Cisco Stay classes. Keep tuned, we’re simply getting began.
You may register for Cisco Stay Amsterdam 2026.
We’d love to listen to what you suppose! Ask a query and keep linked with Cisco Safety on social media.
Cisco Safety Social Media
