Demystify the key benefits of network security automation

What if asset security protection could be automated? As networks are dynamic and evolving, automating network security with intelligent, policy-based solutions can help communications service providers minimize business risk.

Northampton, MA –News Direct– Ericsson

By: Keijo Mononen, Managing Director, Security Solutions at Ericsson

Communications Service Providers (CSPs) and mission-critical service providers face increasing security challenges and a rapidly changing threat landscape. To deliver reliable 5G services, CSPs need increased capabilities to continuously protect these services and detect and respond to threats. Additionally, these capabilities must be well integrated and managed throughout the lifecycle with the network infrastructure.

To minimize business risk in their operations, CSPs must change the way they manage security and move towards automated, policy-based, intelligent, fit-for-purpose security solutions that support emerging dynamic networks. . The earlier this transition is made, the better. With decades of experience in the telecommunications security industry, here is my take on how CSPs can protect their assets and gain a better understanding of network security automation.

Facing the Reality of Security for CSPs

Network evolution introduces dynamic, distributed, and open networks to support various services, including industry-specific use cases. These networks open up endless opportunities for society and accelerate digitization. However, as networks become dynamic, distributed and smarter, security must keep pace.

Increased pressure on the network

New and advanced industry use cases put pressure on network requirements. With 5G, networks will serve as critical infrastructure to facilitate digitalization, automation and connectivity to machines, robots, transport solutions, etc. Thus, there is significant value at stake and, therefore, also a significantly different risk tolerance. 5G marks the beginning of a new era of network security.

The telecommunications industry and 5G are their own domains with critical assets and specific protocols. This requires both skills, an understanding of relevant security risks, and ensuring solutions are well integrated into the telecommunications and 5G environment.

Dealing with dynamic and evolving networks

Additionally, an additional challenge from a security perspective is the dynamic nature of networks. It happens in two dimensions; First, networks are dynamic and distributed to adapt to business needs and support different industry use cases. Therefore, security must follow these dynamic networks in real time. Second, networks must constantly evolve with new features and add value to businesses. This imposes continuous integration and continuous deployment (CI/CD) requirements. Security monitoring and management should be tightly integrated into network products to reduce time to market for new features. As networks become the foundation of society, there is also an increase in network security regulations that drive the need for security visibility and control – this is effectively achieved through automation.

How prepared are communication service providers?

When I try to understand the readiness level of communication service providers, my conversations with them and my research indicate a major shift. This is not a surprise and many trends point in the same direction. According to Ernst & Young, CSPs are dealing with these shifting sentiments amid growing cyberattacks, with 75% reporting an increase in cyberattacks over the past twelve months. Responding effectively is a critical concern: 47% say they have never been more concerned about their own ability to manage cyber threats.

IBM data shows that in 2019, 16% of companies said they had a fully automated network security solution, 36% said they had a partially automated solution. Another 36% said they don’t have automated security, but plan to implement it in the next 24 months. Finally, 12% did not have an automated security solution and did not plan to deploy it. These figures relate to companies in general and are not specific to CSPs. The degree of automation is probably even lower in telecommunications networks; however, it is obvious that telecommunications networks will follow the same path towards automation. ENISA’s 2020 Telecom Security Incident Report highlights that incidents caused by human error in 2020 reached 26% of the total number of incidents. All the more reason to increase the level of automation.

Armed with 3 pillars of security: protect, detect and react – managed by automation


I see a strong trend towards increasing automation of threat detection and incident response in the security market; it is for very good reasons. One area that should always be a priority is protection; the better protected you are at all times, the better off you are when attacked.

One of the main challenges is the introduction of dynamic and distributed networks and native cloud environments – protection must follow. This challenge is solved through security automation and orchestration, where appropriate security policies are automatically defined in the network infrastructure. Security policies ensure that the infrastructure has the desired and consistent level of security across all domains. This means policies that enable comprehensive security, such as identity and access security, data and traffic protection, and valid certificates. Additionally, automation ensures strong network configurations across the board, making it difficult for an attacker to intrude or move laterally. It also serves as a solid reference of “what is normal in the complex system” – this also allows violations to be detected effectively. This is one of the reasons why automated security management solutions that combine protection and detection functions are becoming so effective.

The value of security automation is already evident with traditional networks up to 4G. With 5G, network security automation becomes mandatory and offers benefits in scaling security, especially with the introduction of network slicing. With security automation, you also have the ability to carve out specific sets of security rules. This enables tailored security for different network slices targeting different industries, including mission-critical enterprises or government functions.


Once the effective protection of the network has been established and mastered, the emphasis will be placed on the detection of threats and vulnerabilities. One obvious vulnerability that needs to be monitored is breaches of security policies. Compliance must be continually detected and corrected. It is also recommended to analyze the root cause of a policy change. For example, it could be a legitimate temporary change to a policy configuration or an attacker tampering with security to gain increased access to the system or by disabling security logging. This can be effectively managed with automation.

Additionally, CSPs need to detect threats in their domains such as Radio Access Network (RAN), Core, and OSS/BSS infrastructure, given the transformation to a cloud-native architecture.


What can we learn? Leveraging lessons learned is such a fundamental strength for humanity, and likewise, it is necessary in the field of network security. A successful security strategy must start with strong protection, always including detection of domain-specific threats and vulnerabilities, and then response. Some threats are so significant that they must be assigned to incident response teams. Resources who have the right domain knowledge to analyze threats at a deeper level based on data and insights from fit-for-purpose security tools understand what is happening and what action needs to be taken. Violations and incidents are also sent back to the security solution for continuous improvements, for example leading to new or improved security policies.

What we often discover is that the answers are often very manual, even for fairly basic needs like non-compliance with policies. These have a clear action that can be automated. To respond quickly, security automation must be tightly integrated with other software involved in network management and orchestration, such as telecom orchestrators.

Benefit from network security automation

In my view, the end goal is for security to always adapt to the dynamic network and constantly evolve with the threat landscape. To achieve this, automated processes are the answer providing security assurance to CSPs for their ongoing network deployment and operations. This will save a lot of manual and error-prone work, address understaffing for security operations, and be a key enabler for advanced network security management. Additionally, CSPs will benefit from automation to protect, detect, and respond with fully network-integrated security automation; the sooner this journey begins, the better.

With an ever-evolving, fit-for-purpose, automated security orchestration solution that is well integrated with a multi-vendor telecommunications infrastructure, CSPs achieve the end goal by continuously monitoring security compliance, detecting and responding to new threats and supporting cost-effective security operations.

Find out how we can protect your assets.


The references:

How can predicting risks lead to new insights? | EY – World

2019 Cost of a Data Breach Report (

ENISA Telecom Security Incident Report

Discover additional media content and other ESG stories from Ericsson on

View source version at