VoIP Security by AaaS

Our Analytics as a Service technology relies on collection of information from various sources, analysing them, confronting them with end-users and launching an automated response. That helps us to block DoS and fraud threads before they develop their damaging power.

While many other security solutions claim to offer universal security for any application we prefer to have specialised solutions for VoIP that reflect VoIP complexity and specifics of cloud age. VoIP is complicated and VoIP security even more: alone the SIP specifications, RFC3261, admits that '

SIP is not an easy protocol to secure. Its use of intermediaries, its multi-faceted trust relationships, its expected usage between elements with no trust at all, and its user-to-user operation make security far from trivial.

Already previous generation of security products, created a special branch of firewalls specialised on VoIP and known as "Session Border Controllers". (see a more detailed article on how the SBCs actually evolved). Still state-of-the-art network protection needs to be advanced. The VoIP technology has increased in complexity and so did actually security threats to it. Caida reported DDoS attack "Slash Zero" back in 2011 using three million bots[1]. That means the attack was at the same time very powerful and hard to detect. Definitely a type of situation that cannot be handled using manual intervention: rapid automated response is required. A vulnerable VoIP system can otherwise easily generate six to seven digit bill over weekend. CFCA reported $1.95B damage in VoiP hacking for 2017.

Our solution therefore attacks network security problems from a different angle. We collect logs, analyse them in real-time using specific VoIP logic and eliminate traffic from undesired sources. We are using the "Security Information Event Management" (SIEM) concepts and place them in cloud for better data leverage and easier deployment -- concept emerging as Analytics as a Service (AaaS). We combine big data with intuition about what network traffic is inappropriate and we manage network rules to eliminate such using SDN instruments. All of this in real-time to block the inappropriate traffic already at network ingress before the attacks can develop. The centralised nature of collected intelligence is good to keep pace with modern attacks scattered over sources, destinations and applications. This is particularly important in cloud environments where machines are ephemeral, launch and terminate quickly, and network needs to have a consistent picture of network incidents. At the same time we engage end-users in refining security policies: we raise alerts and ask the kind of questions "was this really you" you know from hosted email.

When an attacker mounts a SIP-based dictionary attack using the Oxford Learner's Dictionary at a pace of 40 attempts per second, a password chosen from the dictionary will be found within 90 minutes?