Access point name and application identity based security enforcement in service provider networks
First Claim
1. A system, comprising:
- a processor configured to;
monitor network traffic on a service provider network at a security platform to identify an access point name for a new session, wherein the new session is associated with an Internet of Things (IoT) device, comprising;
identify, within the network traffic in a mobile network, a create Packet Data Protocol (PDP) request message or a create session request message to create the new session; and
extract access point name information including an access point name network identifier and an operator identifier from the create PDP request message or the create session request message;
determine an application identifier for user traffic associated with the new session at the security platform, comprising to;
monitor, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic;
determine a security policy to apply at the security platform to the new session based on the access point name and the application identifier; and
perform an enforcement action based on the security policy to provide enhanced IoT device security, wherein the security policy includes two or more security rules for threat detection, threat prevention, Uniform Resource Location (URL) filtering, Denial of Service (DoS) detection, and/or Denial of Service (DoS) prevention; and
a memory coupled to the processor and configured to provide the processor with instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for access point name and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for access point name (e.g., APN) and application identity (e.g., application identifier) based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify an access point name for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the access point name and the application identifier.
79 Citations
21 Claims
-
1. A system, comprising:
-
a processor configured to; monitor network traffic on a service provider network at a security platform to identify an access point name for a new session, wherein the new session is associated with an Internet of Things (IoT) device, comprising; identify, within the network traffic in a mobile network, a create Packet Data Protocol (PDP) request message or a create session request message to create the new session; and extract access point name information including an access point name network identifier and an operator identifier from the create PDP request message or the create session request message; determine an application identifier for user traffic associated with the new session at the security platform, comprising to; monitor, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; determine a security policy to apply at the security platform to the new session based on the access point name and the application identifier; and perform an enforcement action based on the security policy to provide enhanced IoT device security, wherein the security policy includes two or more security rules for threat detection, threat prevention, Uniform Resource Location (URL) filtering, Denial of Service (DoS) detection, and/or Denial of Service (DoS) prevention; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
monitoring network traffic on a service provider network at a security platform to identify an access point name for a new session, wherein the new session is associated with an Internet of Things (IoT) device, comprising; identifying, within the network traffic in a mobile network, a create Packet Data Protocol (PDP) request message or a create session request message to create the new session; and extracting access point name information including an access point name network identifier and an operator identifier from the create PDP request message or the create session request message; determining an application identifier for user traffic associated with the new session at the security platform, comprising to; monitoring, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; determining a security policy to apply at the security platform to the new session based on the access point name and the application identifier; and perform an enforcement action based on the security policy to provide enhanced IoT device security, wherein the security policy includes two or more security rules for threat detection, threat prevention, Uniform Resource Location (URL) filtering, Denial of Service (DoS) detection, and/or Denial of Service (DoS) prevention. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer program product, the computer program product being embodied in a non-transitory tangible computer readable storage medium and comprising computer instructions for:
-
monitoring network traffic on a service provider network at a security platform to identify an access point name for a new session, wherein the new session is associated with an Internet of Things (IoT) device, comprising; identifying, within the network traffic in a mobile network, a create Packet Data Protocol (PDP) request message or a create session request message to create the new session; and extracting access point name information including an access point name network identifier and an operator identifier from the create PDP request message or the create session request message; determining an application identifier for user traffic associated with the new session at the security platform, comprising to; monitoring, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; determining a security policy to apply at the security platform to the new session based on the access point name and the application identifier; and perform an enforcement action based on the security policy to provide enhanced IoT device security, wherein the security policy includes two or more security rules for threat detection, threat prevention, Uniform Resource Location (URL) filtering, Denial of Service (DoS) detection, and/or Denial of Service (DoS) prevention. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification