This Industry Viewpoint was authored by Walter Kenrich, Senior Product Line Management Director for Analytics & SaaS Applications, Ribbon Communications
As unified communications (UC) adoption grows, so too does the number of bad actors who prey on its vulnerabilities. We’ve seen attacks on voice, messaging, video conferencing and collaboration applications skyrocket recently, as adversaries see opportunities in the transition from working in the office to working from home – and understand how distracted employees can be, including the IT and security operations teams charged with keeping enterprise infrastructure secure.
Without the ability to see across the entire UC network, organizations will only have reactive after-the-fact options when a serious threat strikes – by then, the damage to the business and brand reputation can be extreme.
With advanced software and automation, it is now possible to leverage network behavioral analytics to detect and protect against bad actors. Quality UC security requires a model for how an organization’s system acts in the enterprise at different times of day. By creating a “neighborhood watchlist” through analytics on your network, security intelligence can be shared with other devices and networks as bad actors attempt to undermine thresholds, such as call admission controls, as they look for openings to penetrate your UC network.
As SIP-based communications, which encompasses voice, video, UC&C, VoWiFi and VoLTe, continues its rapid evolution, new security threats are exposed to both service providers and the enterprise. There are many examples of UC security threats, but some notable attack vectors are denial of service attacks, telephony denial of service, toll fraud and network penetration.
Despite this, businesses continue to shift from circuit-switched voice (PSTN/TDM) to SIP, replacing expensive, complex and legacy (TDM) telephony equipment. SIP-based services deliver far more business value, innovation and flexibility as the new “gold standard” in service provider and enterprise communication networks. And – because of SIP’s flexibility – enterprises are beginning to tap its potential as the workplace changes and demands new forms of UC.
The decentralization of the workplace, where employees are increasingly working offsite from home, their cars, airplanes, hotels, client sites and more, is one key factor driving this trend. Most recently, work from home requirements designed to slow and eventually stop the spread of the COVID-19 pandemic have skyrocketed – and with it, the use of employee’s personal devices.
The challenge is to enable all of this in a secure environment. As endpoints become more distant from the core network, it’s harder to control access. More and more SIP communication traffic is carried over the public Internet and often across unsecure WiFi connections. Offsite worker productivity relies on this access, but the associated security risks must be understood and addressed to make it worthwhile.
Since SIP telephony leverages the data network, it no longer has the “walled” protection offered by a dedicated voice network used to support legacy PBX infrastructures. With SIP, UC apps such as voice, video and chat become data applications and without appropriate security measures in place, networks could be opened to hackers, exposing the business’s technology, privacy and compliance to attack threats.
In addition to conventional threats that have long existed with PBXs, SIP exposes the entire network to new threats. Many of these threats can be debilitating for an entire business, such as denial of service (DoS) attacks, data/identify theft and network penetration exposure.
More than one-third of the world-wide UC market is now SIP-enabled. This is for a lot of good reasons, but on the flip side, SIP is easier to spoof. Bad actors are constantly looking for ways to attack and monetize vulnerabilities in corporate networks. When they do find these vulnerabilities, their attacks become more brazen and targeted. Not only can bad actors cause financial loss by accessing corporate data and accounts through a SIP breach, but some may use the same breach to launch DoS attacks to cripple entire networks and bring businesses to a halt. Since voice historically posed limited financial risk, service providers and enterprises have suffered from reactive after-the-fact options when more serious threats strike.
While enterprises are increasingly adopting a layered security posture to address network and data application vulnerability, they often miss UC components of their networks – which carry both voice and video traffic – as a potential vulnerability.
To complete a truly secure environment, service providers and enterprises must add UC analytics to their security stack. By running network behavioral analytics against the UC network to observe and detect malicious activity, organizations can turn data into actionable information. This actionable information can be consumed by a suite of security applications to prevent fraud, robocalling and telephony denial of service (TDoS) attacks. Based on mitigation and prevention decisions, UC analytics can also share security policy decisions with multiple vendor hardware and software solutions to lock-down the network edge.
In addition, network operations application suites can perform retrospective root cause analysis with historical data, use KPI data to identify network trends and anomalies that occur over periods of time and provide an end-to-end view for network-wide troubleshooting and altering.
While the time to protect all networks, data and applications is before an attack occurs, it’s imperative for organizations to be prepared when an attack does come. This preparation not only protects what enterprises and service providers connect in the normal course of business, but also during stressful times where disruption becomes a friend of the enemy.