Follow on Twitter using the following hashtags or usernames: #MFD14
Watch on YouTube
Watch on Vimeo
The OneLayer Introduction and Overview presentation addresses the critical visibility and security gaps in private LTE and 5G networks. While traditional IT environments rely on device-centric IP identifiers, cellular networks were originally designed for telecommunications providers to track SIM cards for billing rather than identifying the hardware itself. This disconnect leaves IT administrators with limited data, such as IMSI or IMEI numbers, which fails to provide the necessary context for modern enterprise security and operational policies. OneLayer introduces its “OneLayer Bridge” solution to solve this fundamental problem by allowing enterprises to see and manage every device connected to their private cellular network, including those hidden behind SIM-enabled routers.
The lack of visibility in private cellular environments creates significant operational challenges, such as manual and inefficient device onboarding often managed via error-prone spreadsheets. OneLayer automates this by correlating SIM identifiers with actual device data, which is vital for lifecycle management and preventing unauthorized SIM swaps or security breaches. The platform is designed to be vendor-agnostic, integrating with major private core providers like Nokia and Ericsson, as well as security tools like Palo Alto Networks firewalls. By acting as the middle glue between cellular and IT domains, OneLayer enables the application of zero-trust principles and segmentation to mission-critical infrastructure in industries like utilities, manufacturing, and mining, where downtime is not an option.
In the final portion of the overview, the speakers clarify that OneLayer is not a direct replacement for traditional Network Access Control (NAC) or Mobile Device Management (MDM) tools but rather an essential enabler for them. Standard NAC solutions struggle with cellular networks because they lack traditional IP identifiers like MAC addresses to make informed policy decisions. Similarly, MDM tools cannot manage industrial equipment or the cellular routers connected to them. OneLayer bridges this data gap by providing rich device context to existing enterprise tools, allowing them to remain effective within the new attack surface created by private 5G deployments. This strategic enrichment helps organizations scale their private networks confidently while maintaining established security workflows.
Personnel: Ryan Matthews, Stephen Banda
Watch on YouTube
Watch on Vimeo
This presentation addresses the critical visibility and security gaps in private LTE and 5G networks. While traditional IT environments rely on device-centric IP identifiers, cellular networks were originally designed for telecommunications providers to track SIM cards for billing rather than identifying the hardware itself. This disconnect leaves IT administrators with limited data, such as IMSI or IMEI numbers, which fails to provide the necessary context for modern enterprise security and operational policies. OneLayer introduces its OneLayer Bridge solution to solve this fundamental problem by allowing enterprises to see and manage every device connected to their private cellular network, including those hidden behind SIM-enabled routers.
The cellular security model has historically focused on three pillars defined by mobile network operators: SIM authentication for billing, encrypted transmission to prevent eavesdropping, and core network protections like rate limiting to ensure uptime. However, this model assumes all devices are equal and simply require internet access, which contradicts the enterprise reality where devices must be segmented and privileged based on their specific function. OneLayer identifies that cellular identifiers such as IMSIs and IMEIs are foreign to existing enterprise security tools like NACs and firewalls, which typically operate on MAC and IP addresses. Consequently, the cellular core often obscures device identities, leaving security teams blind to the specific nature of the traffic crossing their perimeter.
To resolve this, OneLayer positions itself as a bridge that lives on both sides of the equation, ingesting data from the cellular core and correlating it with the traditional enterprise network. By translating cellular-specific metadata into a format that IT security tools can understand, the platform allows administrators to apply established 802.1X and NAC-like policies to their private cellular deployments. This enables organizations to follow a device’s journey as it transitions from a cellular signal to an Ethernet wire, ensuring that usernames and device types are accurately mapped to network activity. This integration ensures that the robust, high-coverage benefits of private 5G can be utilized without creating a security silo or an unmanaged attack surface.
Personnel: Ryan Matthews, Stephen Banda
Watch on YouTube
Watch on Vimeo
The OneLayer Visibility and Observability presentation focuses on how the company’s platform integrates into existing private cellular architectures to provide deep device awareness. OneLayer utilizes an on-prem component to connect with mobile network operators (MNOs) and private cellular cores via direct API integrations. This allows the platform to ingest subscriber IDs, SIM card identifiers, and hardware IDs like the International Mobile Equipment Identity (IMEI). By capturing information on signal strength, attachment events, and movement between cells, OneLayer maps cellular-specific data to traditional IP addresses, effectively turning the black box of a cellular core into a transparent and manageable part of the enterprise network.
A key differentiator for OneLayer is its advanced fingerprinting capability, which goes beyond standard database lookups. While a basic IMEI lookup often only identifies the radio manufacturer, OneLayer leverages signaling data and direct partnerships with CPE vendors like Digi and Cradlepoint to identify the exact device model. Crucially, the platform overcomes the inherent visibility barrier of cellular routers by using protocols such as SNMP, NetConf, and SSH to see and fingerprint non-cellular equipment hidden behind them. This granular visibility is then shared with existing enterprise administrative and security tools, such as ServiceNow for CMDB enrichment or firewalls and NACs for unified policy enforcement across both cellular and traditional IT environments.
During the session, the speakers addressed security concerns regarding IMEI spoofing, a primary threat vector in private LTE and 5G networks. While SIM cards can be locked to specific IMEIs, sophisticated attackers can still spoof these identifiers to gain unauthorized access. OneLayer mitigates this risk by analyzing signaling and control traffic to validate that a device’s radio capabilities match its reported identity; for instance, if a device claiming to be a smart meter exhibits the radio behavior of a laptop, the system flags the anomaly. This multi-layered approach ensures that organizations can move beyond a mere confidence build to a high-assurance security model, allowing them to group devices and apply consistent access policies based on verified identities.
Personnel: Ryan Matthews, Stephen Banda
Watch on YouTube
Watch on Vimeo
The OneLayer presentation at Mobility Field Day 14 focuses on the transition from traditional SIM-based authentication to a comprehensive zero-trust device onboarding and segmentation model for private cellular networks. While standard cellular security only authenticates the subscriber’s SIM card, OneLayer’s “zero-trust onboarding” process ensures that the actual device and its security posture are validated before gaining network access. This is achieved by initially placing new devices onto a staging APN–a restricted VLAN with no external access–where OneLayer can fingerprint the hardware and any equipment connected behind it. After verifying the device’s identity and posture through integrations with enterprise tools like ServiceNow or MDM solutions, the system dynamically assigns a new profile in the cellular core, triggering the device to reattach to the appropriate production APN.
OneLayer significantly reduces the operational burden of managing large-scale deployments by automating what is typically a manual, multi-step process involving various IT teams. In one real-world utility use case, the manual onboarding of a single device took 27 minutes and required coordination across core, DHCP, and firewall administrators; OneLayer reduced this to a one-minute automated workflow triggered by a simple request form. This automation extends to complex security chains, such as in manufacturing, where the platform can validate a specific combination of a SIM card, a cellular router, and the non-cellular equipment (like an autonomous guided vehicle) attached to it. If any part of the chain is mismatched, access is denied, preventing unauthorized devices from exploiting the network even if they possess a valid SIM.
Beyond initial onboarding, OneLayer enables granular, per-device segmentation by dynamically updating firewall policies in real-time. Instead of relying on broad, static subnet rules for entire APNs, the platform identifies devices and groups them into dynamic objects within firewalls like Palo Alto Networks. This allows for precise access control based not only on what a device is but also on how it is behaving. If a device shows anomalous traffic patterns or undergoes an unexpected SIM swap, OneLayer can immediately update its enforcement status to quarantine the device. While the platform currently focuses on machine-level authentication–reflecting the historical design of cellular standards–it provides the framework to integrate higher-level user identity and posture checks into a unified enterprise security strategy.
Personnel: Ryan Matthews, Stephen Banda
Watch on YouTube
Watch on Vimeo
This discussion addresses the critical visibility and security gaps in private LTE and 5G networks. While traditional IT environments rely on device-centric IP identifiers, cellular networks were originally designed for telecommunications providers to track SIM cards for billing rather than identifying the hardware itself. This disconnect leaves IT administrators with limited data, such as IMSI or IMEI numbers, which fails to provide the necessary context for modern enterprise security and operational policies. OneLayer introduces its OneLayer Bridge solution to solve this fundamental problem by allowing enterprises to see and manage every device connected to their private cellular network, including those hidden behind SIM-enabled routers.
The core value of the OneLayer platform lies in its “actionable insights,” which transform raw cellular visibility into automated security outcomes. By integrating with the cellular core and monitoring traffic via network taps or span ports, OneLayer detects behavioral anomalies such as unauthorized SIM swaps or unusual data spikes that might indicate a compromised SCADA device. Because OneLayer has all the keys and speaks the language of the cellular core, it can correlate encrypted radio control data with the actual payload, providing a level of oversight that standard security tools cannot achieve. When an issue is detected, the system can automatically trigger alerts or move devices into “untrustworthy” groups within an enterprise’s existing security infrastructure.
To ensure the solution is both scalable and IT-friendly, OneLayer utilizes a two-part Kubernetes-based architecture consisting of a local “edge” component for low-latency monitoring and a centralized “bridge” for management. Rather than forcing firewall administrators to allow a third-party app to change core policies directly, OneLayer integrates with platforms like Palo Alto Networks using Dynamic Address Groups (DAGs). This allows OneLayer to push real-time identity and behavioral updates to the firewall, which then applies the appropriate pre-defined security rules. By bridging the gap between cellular protocols and standard IT enforcement engines, OneLayer enables enterprises to manage private 5G security with the same granularity and confidence they apply to their traditional wired and Wi-Fi networks.
Personnel: Ryan Matthews, Stephen Banda
Watch on YouTube
Watch on Vimeo
The OneLayer Bridge live demo illustrates the transition from the garbled view of a traditional cellular core–filled with 15-digit IMSI and IMEI identifiers–to a device-aware management platform. Without OneLayer, administrators are forced to manage critical infrastructure through abstract numbers, making the activation or deactivation of SIM cards a high-risk manual task. OneLayer replaces this with a zoomed-out, user-friendly interface that identifies devices by their actual function and model, such as GE Orbit routers or Sierra Wireless modems. By combining data from the cellular core with direct router integrations via SNMP and SSH, the platform provides a detailed triad of identifiers: the subscriber (IMSI), the SIM card (ICCID), and the hardware (IMEI), alongside historical logs and real-time signal data.
One of the standout features showcased in the demo is the platform’s ability to maintain a historical and topological view of the network, which standard cellular cores often lack. The topology view serves as a critical troubleshooting tool, allowing operators to see if specific radios are underserved or overloaded compared to neighboring cells. Furthermore, the platform bridges the black box of the cellular router by identifying non-cellular devices connected behind it, such as PLCs or laptops, and tracking their movement or MAC address shifts over time. While the cellular information is provided in near real-time via event-based data from the core, the platform periodically polls connected hardware to ensure the inventory of the entire network “behind the SIM” remains accurate.
The final segment of the demo highlights actionable insights and behavioral analysis, focusing on security outcomes like geofencing and anomaly detection. OneLayer can detect and alert on unauthorized SIM swaps, unusual data spikes that deviate from a device’s baseline communication patterns, or the appearance of hardware from unpermitted manufacturers like Huawei. These events are not just logged but can be pushed to an enterprise’s SIEM or used to dynamically update firewall policies. Regarding the role of AI, the speakers noted that while their mission-critical clientele is generally conservative, OneLayer is leveraging large language models in proofs of concept to translate massive streams of raw logging data into clear operational insights, such as identifying devices that are failing to attach or flopping between cells too frequently.
Personnel: Ryan Matthews, Stephen Banda
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
