CPC H04L 63/20 (2013.01) [H04L 63/029 (2013.01); H04L 63/0236 (2013.01); H04L 63/0263 (2013.01); H04L 63/0876 (2013.01); H04W 12/06 (2013.01); H04W 12/088 (2021.01); H04W 12/48 (2021.01); H04L 67/02 (2013.01); H04L 67/12 (2013.01); H04W 84/042 (2013.01)] | 20 Claims |
1. A system, comprising:
a hardware processor configured to:
monitor network traffic on a service provider network at a security platform to identify a device identifier for a new session, comprising to:
extract the device identifier from a message associated with the new session, wherein the device identifier is a mobile device identifier, and wherein the mobile device identifier includes an Internet of Things (IoT) equipment identity that includes International Mobile Equipment Identity Software Version (IMEISV) information that is extracted by parsing a GTP-C message;
determine an application identifier for user traffic associated with the new session at the security platform, comprising to:
monitor, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; and
enforce a security policy at the security platform applied to the new session based on the device identifier that includes the IMEISV information and the application identifier; and
a memory coupled to the hardware processor and configured to provide the hardware processor with instructions.
|