Leonid Burakovsky

Pleasanton, California, United States Contact Info
3K followers 500+ connections

Join to view profile

About

Leonid Burakovsky currently serves as a VP of Product Management at Palo Alto Networks…

Articles by Leonid

Activity

Join now to see all activity

Experience & Education

  • Palo Alto Networks

View Leonid’s full experience

See their title, tenure and more.

or

By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.

Publications

  • Why Your Private 5G Network Needs An Enterprise-Grade Security Solution

    Palo Alto Networks

    The arrival of 5G technology has reshaped what’s possible for enterprise networks, applications and IT systems by offering far greater capacity, lower latency and higher throughput than previously possible. For that reason, interest in private 5G networks is skyrocketing to accommodate new use cases, services and applications. But enterprise 5G requires enterprise-grade security. That’s why Palo Alto Networks has partnered with NTT to provide the same maximum visibility and security to private…

    The arrival of 5G technology has reshaped what’s possible for enterprise networks, applications and IT systems by offering far greater capacity, lower latency and higher throughput than previously possible. For that reason, interest in private 5G networks is skyrocketing to accommodate new use cases, services and applications. But enterprise 5G requires enterprise-grade security. That’s why Palo Alto Networks has partnered with NTT to provide the same maximum visibility and security to private 5G-as-a-Service as it does to other enterprise networking architectures.

    Other authors
    See publication

  • The imperative of enterprise-grade security for 5G

    Palo Alto Networks

    Volume 5 2021-2022 Cyber Security: A Peer-Reviewed Journal
    The imperative of enterprise-grade security for 5G
    Leonid Burakovsky, Senior Director and Danielle Kriz, Senior Director, Palo Alto Networks
    ABSTRACT
    5G is a major transformational technology, the impact of which will largely be on enterprises and government users. This is a radical change from previous generations of mobile technology, including 3G and 4G, which were arguably largely used by consumers. In contrast, 5G will…

    Volume 5 2021-2022 Cyber Security: A Peer-Reviewed Journal
    The imperative of enterprise-grade security for 5G
    Leonid Burakovsky, Senior Director and Danielle Kriz, Senior Director, Palo Alto Networks
    ABSTRACT
    5G is a major transformational technology, the impact of which will largely be on enterprises and government users. This is a radical change from previous generations of mobile technology, including 3G and 4G, which were arguably largely used by consumers. In contrast, 5G will enable digital transformation of entire industry sectors and government activities and will come to underpin entire economies. Security technologies used in the past (and in many current networks) are incapable of securing the 5G opportunity of the future. Security for 3G and 4G was not focused on detecting and preventing attacks on all layers, all locations/interfaces, all attack vectors and all software life cycle stages. For example, there are no security mechanisms in 3G and 4G networks that can detect and prevent attacks from infected devices/botnets. This paper explains why, given the mission criticality of 5G, its security must be enterprise-grade. The paper further explains what ‘enterprise-grade’ security means.

    Other authors
    See publication

  • Security: Enterprise-Grade Security for Service Provider Networks Today and Tomorrow

    TelecomTV

    With telco, energy, healthcare, and other critical infrastructure connected to 5G, how well is the industry prepared to deal with cyber threats? We must protect 5G networks and the businesses and industries that use them. In this session, Leonid Burakovsky, Senior Director, 5G Product Management from Palo Alto Networks will discuss and recommend how to mitigate different attack vectors on all 5G layers (signaling, data, applications, management). In this panel session with Intel, we’ll cover…

    With telco, energy, healthcare, and other critical infrastructure connected to 5G, how well is the industry prepared to deal with cyber threats? We must protect 5G networks and the businesses and industries that use them. In this session, Leonid Burakovsky, Senior Director, 5G Product Management from Palo Alto Networks will discuss and recommend how to mitigate different attack vectors on all 5G layers (signaling, data, applications, management). In this panel session with Intel, we’ll cover automation aspects of 5G security, best practices to use AI and ML technologies. For 5G to live up to its promise of transforming industries, companies need the confidence that 5G networks and services have enterprise-grade security today and in the future.

    Other authors
    See publication

  • 5G native security

    LANline

    The promise of 5G is much more than lower latencies or higher speed: 5G can bring massive business transformation and digitization with it, it can advance the future of Industry 4.0 and critical infrastructure.
    Enterprise-grade 5G-native security will help unlock the potential of technology and give businesses the confidence they need to move forward with business transformation.

    See publication

  • Are we prepared to deal with the impact of cyber threats on 5G?

    GSMA

    With critical infrastructure as well as industries such as energy and healthcare connected to 5G, are we prepared to deal with the impact of cyber threats? Are we able to protect 5G networks and the businesses and industries that use them? Do we have a 5G security reference document ready to help detect and prevent cyber-attacks?

    See publication

Patents

  • Multi-access edge computing services security in mobile networks by parsing application programming interfaces

    Issued 11343285

    Abstract: Techniques for providing multi-access edge computing (MEC) services security in mobile networks (e.g., service provider networks for mobile subscribers, such as for 5G networks) by parsing Application Programming Interfaces (APIs) are disclosed. In some embodiments, a system/process/computer program product for MEC services security in mobile networks by parsing APIs in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to…

    Abstract: Techniques for providing multi-access edge computing (MEC) services security in mobile networks (e.g., service provider networks for mobile subscribers, such as for 5G networks) by parsing Application Programming Interfaces (APIs) are disclosed. In some embodiments, a system/process/computer program product for MEC services security in mobile networks by parsing APIs in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to identify an API message associated with a new session, wherein the mobile network includes a 5G network or a converged 5G network that includes a multi-access edge computing (MEC) service; extracting mobile network identifier information from the API message at the security platform; and determining a security policy to apply at the security platform to the new session based on the mobile network identifier information.

    See patent

  • Mobile equipment identity and/or IOT equipment identity and application identity based security enforcement in service provider networks

    Issued 11323483

    Abstract: Techniques for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider…

    Abstract: Techniques for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a device identifier for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the device identifier and the application identifier.

    Other inventors
    See patent

  • Security for cellular internet of things in mobile networks based on subscriber identity and application

    Issued 11323486

    Abstract: Techniques for providing security for Cellular Internet of Things (CIoT) in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for enhanced security for CIoT in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, in which the session is associated…

    Abstract: Techniques for providing security for Cellular Internet of Things (CIoT) in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for enhanced security for CIoT in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, in which the session is associated with a CIoT device; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.

    Other inventors
    • Jesse C. Shu
    • Lei Chang
    See patent

  • Network layer signaling security with next generation firewall

    Issued 11283766

    Techniques for network layer signaling security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for network layer signaling security with next generation firewall includes monitoring a network layer signaling protocol traffic on a service provider network at a security platform; and filtering the network layer signaling protocol traffic at the security platform based on a security policy.

    See patent

  • Application layer signaling security with next generation firewall

    Issued 11283765

    Techniques for application layer signaling security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for application layer signaling security with next generation firewall includes monitoring application layer signaling traffic on a service provider network at a security platform; and filtering the application layer signaling traffic at the security platform based on a security policy.

    See patent

  • Diameter security with next generation firewall

    Issued 11283767

    Techniques for Diameter security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for Diameter security with next generation firewall includes monitoring Diameter protocol traffic on a service provider network at a security platform; and filtering the Diameter protocol traffic at the security platform based on a security policy.

    Other inventors
    See patent

  • Transport layer signaling security with next generation firewall

    Issued 11265290

    Techniques for transport layer signaling security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for transport layer signaling with next generation firewall includes monitoring transport layer signaling traffic on a service provider network at a security platform; and filtering the transport layer signaling traffic at the security platform based on a security policy.

    See patent

  • Dynamic per subscriber policy enablement for security platforms within service provider network environments

    Issued 11233829

    Techniques for dynamic per subscriber policy enablement for security platforms within service provider network environments are disclosed. In some embodiments, a system/process/computer program product for dynamic per subscriber policy enablement for security platforms within service provider network environments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber with a new IP flow; associating the subscriber with the new IP flow at…

    Techniques for dynamic per subscriber policy enablement for security platforms within service provider network environments are disclosed. In some embodiments, a system/process/computer program product for dynamic per subscriber policy enablement for security platforms within service provider network environments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber with a new IP flow; associating the subscriber with the new IP flow at the security platform; and determining a security policy to apply at the security platform to the new IP flow based on the subscriber.

    Other inventors
    See patent

  • Cellular internet of things battery drain prevention in mobile networks

    Issued 11190547

    Techniques for cellular Internet of Things (IoT) battery drain prevention in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for cellular IoT battery drain prevention in mobile networks includes monitoring network traffic on a service provider network at a security platform to identify a misbehaving application based on a security policy, wherein the service provider network includes a 4G…

    Techniques for cellular Internet of Things (IoT) battery drain prevention in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for cellular IoT battery drain prevention in mobile networks includes monitoring network traffic on a service provider network at a security platform to identify a misbehaving application based on a security policy, wherein the service provider network includes a 4G network or a 5G network; extracting subscription identifier information for network traffic associated with the misbehaving application at the security platform; and enforcing the security policy at the security platform to rate limit paging messages sent to an endpoint device using the subscription identifier information and based on the security policy

    See patent

  • Radio access technology based security in service provider networks

    Issued 11122435

    Techniques for radio access technology based security in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for radio access technology based security in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a Radio Access Technology (RAT) type for a new session; associating the RAT type with the new session at the…

    Techniques for radio access technology based security in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for radio access technology based security in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a Radio Access Technology (RAT) type for a new session; associating the RAT type with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the RAT type

    Other inventors
    See patent

  • SIGTRAN SECURITY WITH NEXT GENERATION FIREWALL

    Issued JP 6924884

    Other inventors

  • 5G MULTI-ACCESS DISTRIBUTED EDGE SECURITY

    Issued EU EP3735770B1

    See patent

  • Location based security in service provider networks

    Issued US 11,050,789

    Other inventors
    See patent

  • Network slice-based security in mobile networks

    Issued US 10,944,796

    Techniques for providing network slice-based security in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for network slice-based security in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network;…

    Techniques for providing network slice-based security in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for network slice-based security in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting network slice information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the network slice information.

    See patent

  • Access point name and application identity based security enforcement in service provider networks

    Issued US 10,834,136

    Techniques for access point name and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for access point name (e.g., APN) and application identity (e.g., application identifier) based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify an…

    Techniques for access point name and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for access point name (e.g., APN) and application identity (e.g., application identifier) based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify an access point name for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the access point name and the application identifier.

    See patent

  • Service-based security per data network name in mobile networks

    Issued US 10,812,971

    Techniques for providing service-based security per data network name in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for service-based security per data network name in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G…

    Techniques for providing service-based security per data network name in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for service-based security per data network name in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting network name information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the network name information.

    See patent

  • Service-based security per user location in mobile networks

    Issued US 10,812,972

    Techniques for providing service-based security per user location in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for service-based security per user location in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a…

    Techniques for providing service-based security per user location in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for service-based security per user location in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting user location information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the user location information.

    See patent

  • Security for cellular internet of things in mobile networks

    Issued US 10,812,532

    Techniques for providing security for Cellular Internet of Things (CIoT) in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for enhanced security for CIoT in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, in which the session is associated with a…

    Techniques for providing security for Cellular Internet of Things (CIoT) in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for enhanced security for CIoT in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, in which the session is associated with a CIoT device; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.

    Other inventors
    • Lei Chang
    • Jesse Shu
    See patent

  • Service-Based Security per Subscription and/or Equipment Identifier in mobile networks 

    Issued US 10,531,305

    See patent

  • Convergence of telephone signaling, voice and data over a packet-switched network

    Issued US 6515985

    Other inventors
    See patent

  • Application layer signaling security with next generation firewall

    US 10,701,032

  • Diameter security with next generation firewall

    11283767

    Other inventors

  • Diameter security with next generation firewall

    US 10,715,491

  • Dynamic per subscriber policy enablement for security platforms within service provider network environments

    US 10,594,734

  • Mobile equipment identity and/or IOT equipment identity and application identity based security enforcement in service provider networks

    US 10721272

  • Mobile user identity and/or SIM-based IoT identity and application identity-based security enforcement in service provider networks

    US 10,708,306

  • Multi-Access Distributed Edge Security in mobile networks

    US 10,574,670

  • Network layer signaling security with next generation firewall

    US 10,701,033

  • Radio access technology-based security in service provider networks

    US 10,693,918

  • Security platform for service provider network environments

    US 10,601,776

  • Service-Based Security per Data Network Name in mobile networks

    US 10,462,653

  • Service-based security per user location in mobile networks

    US 10,477,391

  • Service-based security per user location in mobile networks

    US 10,477,390

  • Transport layer signaling security with next generation firewall

    US 10,693,838

Honors & Awards

  • INNOVATION AWARD for 5G Security Patents

    Palo Alto Networks

    Palo Alto Networks INNOVATION AWARD for 5G Security Patents is hereby granted to Leonid Burakovsky. Granted: Q3 FY20

  • Excellence Star Award 2012

    Juniper Networks

    Juniper Networks Excellence Star Award 2012

Recommendations received

3 people have recommended Leonid

Join now to view

More activity by Leonid

View Leonid’s full profile

  • See who you know in common
  • Get introduced
  • Contact Leonid directly
Join to view full profile

Other similar profiles

Explore collaborative articles

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Explore More

Add new skills with these courses

See all courses