Tuesday 9 June, 2026
With 5G core networks becoming virtualised, they not only face attacks from outside of the 5G core network but also security challenges from east-west traffic inside the core network (see GSMA FS.33 [1] risk 27 & risk 36). If a virtualised network function (VNF) is compromised, an adversary may attempt further enumeration or attacks within the environment, known as moving laterally or lateral movement, which could affect other functions deployed in the same core network resource pool. To prevent attacks in east-west traffic, it is essential to have clear visibility and an appropriate capability to inspect the east-west traffic, identify the attack source and then take corresponding mitigation actions.
One of the techniques for east-west network traffic protection is micro-segmentation. Micro-segmentation is a security strategy that divides a network into smaller segments, allowing traffic in and out of each segment to be monitored and controlled. The main goal is to limit the impact from a breach by isolating segments and improving visibility, enabling granular access control through defined policies. Micro-segmentation can be implemented at the network level, host level, hypervisor level, or workload level. It is easiest and most familiar to create network-level micro-segmentation, however, it offers the least flexibility and granularity for access control and telemetry. On the other end of the spectrum, workload identity-based micro-segmentation offers the most granularity in terms of control and visibility but requires agent software and management software to orchestrate and implement segmentation.
This document provides guidelines for MNOs that are evaluating and deploying micro-segmentation to protect east-west traffic in a 5G core network. It also provides guidance and practices regarding the integration of micro-segmentation, network observability, and abnormal traffic detection and alerting in a 5G core network.
