Community based threat detection and prevention has been a fundamental principle in anti-virus and intrusion detection systems for years. Pooling the information and experience of multiple organisations to rapidly identify emerging threats, this collaborative approach enables security companies to quickly create a patch and disseminate it globally to minimise a hacker’s opportunity with that specific attack vector.
This model is now being extended to voice security in a bid to combat the escalating threats, including toll fraud, telephony denial of service and voice mail hacking attacks, leveraging the cloud based Session Border Controller (SBC) and community collaboration to deliver rapid protection against emerging global events.
So why is community led threat detection and prevention fast becoming a critical component of the VoIP security model?
Security is not static; and the concept of ‘working together we are stronger’ is well proven. The ability to pool information and experience has proved key in the fight against a continuously evolving threat landscape.
The difference today is that the threat landscape increasingly includes voice. With the huge growth in companies adopting voice over IP (VoIP) and unified communications (UC) to drive down costs and improve productivity, the inherent insecurity of standard deployments has driven an explosion in telephony denial of service attacks, voice mail hacking and toll fraud.
The frequency of this voice related activity will only increase all the while voice security models remain outdated and static. Given the growing complexity hackers face to break through multi-layered security systems to gain access to personal data, the contrasting ease with which a telephony denial of service attack can be launched on an unsecured or inadequately secured voice network is stark.
Cloud based SBCs
Traditional models for protecting the voice network were based on hardware devices – an ‘install once’ Session Border Controller (SBC) that simply could not protect an organisation against continually evolving threats. More recently, that model has shifted towards software based SBCs that can be upgraded in response to new security risks.
It is, however, the evolution towards cloud based SBC deployments that now enables the adoption of this community led voice security model. By working together, a community of organisations sharing breach information radically extends the number of touch points into hacking events, transforming understanding and insight into the ways in which hackers are looking to compromise companies.
Moreover, each hacking attempt to compromise a specific customer environment creates a fingerprint which can then be used by the security vendor to create a security patch or update that will actively immunise every other user of the cloud based SBC from being compromised with the same attack fingerprint.
This community model is particularly effective in highlighting and combatting global attacks. An organisation operating single site security policies could be unaware that attacks are being launched simultaneously against multiple locations.
With a community, cloud based SBC approach, companies will be made immediately aware of the scale of any international attack and therefore able to enforce policies that protect the entire environment against breach.
The ability to prioritise activity is also key. Every threat will be profiled and organisations have the option as to how frequently updates are made. For example, most will opt to be immediately protected from critical risks, while high or medium risk updates could be made weekly, and low risks just once a month.
In addition, the community model supports continual assessment of past threats by using validation techniques to track activity. If a specific fingerprint is not seen again, and the patch is no longer required, it can be removed from the SBC or replaced by a different approach, such as diverting any calls from a previously blocked number to a security desk.
It is this depth of security intelligence that is transformative. With growing consensus that the burden facing organisations attempting to fight security issues individually is simply too high, it is clear that joining a specific community of companies willing to work together is a far more effective approach to locking down a business
against new threats affecting voice and UC.
Combining this community led collaboration with the ability to rapidly disseminate patches and update via a cloud based SBC will enable organisations to lock down the business against escalating VoIP security threats.
Sourced by Paul German, CEO, Voipsec
The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here