Mobile networks involve a large amount of data traffic and large numbers of subscribers (often in the hundreds of thousands and millions).
The different cybersecurity and traffic analytics tools will typically find the amount of traffic and the number of endpoints (subscribers) far too large for them to handle effectively.
Mobile networks are characterized by a decoupled user plane and control plane. The control plane carries the mobile signaling traffic, while the user plane the user data (which is the payload or content of communications). This means that, for a user data session to commence, the user session needs to first be established on the control plane. Changes, such as roaming and mobility or starting a VoLTE call while web browsing, all need to be established and communicated in the control plane before the user can start sending the actual traffic data. Analyzing user data plane traffic in and of itself does not divulge any subscriber-related information and analyzing the control- plane also does not divulge user traffic insights. Therefore, performing native security and traffic analysis without taking into consideration subscriber information, means that analyzing complete data flows of a subscriber not performed. This will often result in incorrect and inaccurate security analysis and performance metrics results.