Security Controller: Use Case Summary

In order to define and build client interfaces for the I2NSF security controller, we must understand the security industry landscape from the user's perspective and determine where I2NSF work could potentially be valuable. The use cases would help I2NSF to develop the client interface framework applicable to wide variety of deployment scenarios. Basically, without a set of use cases, it is hard to know whether the client interfaces, developed by I2NSF WG, actually meet the targeted industry requirements. This draft makes an attempt in categorizing the security users into various market segments and providing a list of common use cases in each market segment. This is by no means a complete list, but an attempt to list the most common use cases.

(3GPPP) Evolved Packet Core. Firewall. Hardware Gramm-Leach-Bliley Act. Health Insurance Portability and Accountability Act. Intrusion Detection System. Intrusion Protection System. Mobile Edge Computing (ETSI-MEC). Network Security Function, defined by . Payment Card Industry Data Security Standard. Role Based Access Control. (Telecom) Service Provider. Software. Small and Medium-sized Business. Web Application Firewall. Everything As a Service.

There is a need for security solutions in almost every market segment, but the use cases vary based on the requirements in that segment. It would not be feasible to look at every industry and list all the use cases. Instead, we categorize the industry into various groups or domains with each group having similar use cases.

The service providers need a large network presence to provide connectivity services to their clients and usually divide the large network into multiple domains or zones. We consider two such segments for security use cases. Access: This part of the network usually deals with basic connectivity, but lately this is undergoing rapid changes and services are being deployed for various use cases. There is a new working group ETSI MEC in this space. Core: This is where a service provider deploys 3G, 4G and other managed services. The SP's data center hosts various applications to deliver these services.

The Enterprise network varies based on the organization's size and needs. We consider the following segments for use cases. Branch: An organization's remote location that hosts workers, some applications and data for efficiency reasons. Campus: An organization's regional or corporate headquarters where workers and applications are hosted. A small or medium Enterprise may have just one location where all workers and applications are hosted. Data Center: The large Enterprise may have multiple hosting places for their applications and data.

The primary use cases for a cloud service provider are related to managed security services and security needs for deploying applications in the public cloud. Data Center: The Cloud Service Provider may have one or more locations to deliver all its services.

This includes residential and enterprise users with different requirements.

The SP provides these as managed security services which may be bundled in the subscription or separately sold These services can be broadly categorized as the following: Parental Control: Block inappropriate web contents based on identity. Filter web URLs. Identity based usage controls on web contents. Identity based usage controls on web contents. Content Management: Identify and block malicious activities from web contents Attack mitigation using email cleaning and file scanning External Threat Management: Identify and block threats such as malware and botnets

The Enterprises are rapidly moving to the cloud. This comes with more services consumed from the cloud instead of being deployed at their premise. The reason for this is to cut costs and avoid constant HW/SW upgrades. The managed security services for Enterprise can be broken into two broad categories: External Threat Management: An Enterprise might subscribe to one of the following services. Clean pipe, which means SP will filter known malwares, botnets and attack vectors DDoS attack mitigation. Application and phising attack mitigation Managed FW service as per Enterprise’s requirements WAF for regulatory or compliance reasons such as PCI Lateral Threat Management: An Enterprise might subscribe to one of the following services in addition to connectivity services such as VPN. Detect threats moving from one location to another within the organization using IPS, IDP and malware analysis Encryption services Endpoint security compliance management

The SPs selling the security services must also protect their own infrastructure to ensure that there is no disruption to their customers. Threat Management: Manage DDoS attacks on networking and server infrastructure. Identify and block botnets and malwares Robust Service Delivery: Deliver services such as VoIP, LTE, VPN in a secure manner Security for multi-tenant service delivery Gi FW: The set of security features needed to protect the SP's mobile infrastructure and mobile user handset. Encryption services to secure mobile user’s identity Protocol attack mitigation using IPS, IDP and Application controls Block DoS/DDoS attack on mobile user end-point Block DoS/DDoS attack on EPC core elements Web content filtering GiLAN Services: The set of security services configured for mobile users. FW Services Clean pipe service MEC Service Delivery: The set of security features needed to deliver MEC services MEC server protection from DDoS and malware attacks Encryption services

The Enterprise Branch and Campus security use cases are simple and usually related to threat management from Web. These are categorized as following: Threat Management: Manage DDoS attacks on networking and server infrastructure Identify and block application attacks using IPS and IDP Identify and block attacks from the Web using WAF Identify and block botnets and malwares Access and Data Management: Isolation across various Enterprise functional groups Encryption service from Branch to Campus Block certain social media applications Data loss prevention by filtering social media contents

The Enterprise landscape is evolving rapidly due to virtualization and the move towards cloud based XaaS consumption models. The data centers are now built with mutli-vendor devices, in physical and virtual form factors. This creates a problem for data center operators as the attack vectors multiply. The cloud data centers have more dimensions such as a large presence and multi-tenant environment, but must still deliver services in a secure manner. The use cases in this category are fairly large and diverse, so we are listing the most common ones below: Threat Management: Same as above Regulatory and Compliance: Payment industry's PCI DSS Finance industry's GLBA Health industry's HIPPA Orgnaziation's resource (Data and Application) access policy based on location or device

This document requires no IANA actions. RFC Editor: Please remove this section before publication.