Unified Communications Threat Management (UCTM) Secure Communications and Collaborations

Similar documents
Security for SIP-based VoIP Communications Solutions

Ingate SIParator /Firewall SIP Security for the Enterprise

Real-time Communications Security and SDN

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

Never Drop a Call With TecInfo SIP Proxy White Paper

SIP Trunking & Security. Dan York, CISSP VOIPSA Best Practices Chair

Unified Communications from West

Modern IP Communication bears risks

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Wireless and Network Security Integration Solution Overview

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

WE SEE YOUR VOICE. SecureLogix We See Your Voice

Cyber Security Audit & Roadmap Business Process and

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Net-Net enterprise session border controller playbook

Security Assessment Checklist

Gladiator Incident Alert

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

VoIP Security Threat Analysis

Understanding Cisco Unified Communications Security

Dynamic Datacenter Security Solidex, November 2009

The leader in session border control. for trusted, first class interactive communications

CA Security Management

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Cisco Self Defending Network

CIO Update: Security Platforms Will Transform the Network Security Arena

New and Current Approaches for Secure VoIP Service

Conducting an IP Telephony Security Assessment

Cisco ASA 5500 Series IPS Solution

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Securing Today s Mobile Workforce

Reducing Skype for Business Costs via Proactive Management Using management tools cuts SfB operational costs by more than half

Brochure. Dialogic BorderNet Session Border Controller Solutions

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

Cisco ISR G2 Management Overview

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

GDPR Update and ENISA guidelines

White Paper. SIP Trunking: Deployment Considerations at the Network Edge

Introducing CloudGenix Clarity

Changing face of endpoint security

Stopping Advanced Persistent Threats In Cloud and DataCenters

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

NGN: Carriers and Vendors Must Take Security Seriously

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Basic Concepts in Intrusion Detection

CA Host-Based Intrusion Prevention System r8

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

ORACLE ENTERPRISE COMMUNICATIONS BROKER

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Vendor: Cisco. Exam Code: Exam Name: Cisco Sales Expert. Version: Demo

Simplifying the Branch Network

Trend Micro Deep Security

Cisco Start. IT solutions designed to propel your business

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

Cisco IOS Inline Intrusion Prevention System (IPS)

SIEM: Five Requirements that Solve the Bigger Business Issues

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

A NETWORK GUIDE FOR VIDEOCONFERENCING ROLLOUT

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise

The threat landscape is constantly

10 Reasons to Choose AudioCodes Enterprise SBC

Frequently Asked Questions (Dialogic BorderNet 500 Gateways)

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Firewalls for Secure Unified Communications

CISCO EXAM QUESTIONS & ANSWERS

Managed Nectar & Sonus SBC Offer: Providing Deep Diagnostics and Real-Time Visibility for Sonus Session Border Controllers

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

The McGill University Health Centre (MUHC)

IBM Security Network Protection Solutions

AKAMAI CLOUD SECURITY SOLUTIONS

RiskSense Attack Surface Validation for IoT Systems

Delivering the Full Potential of SIP

Verizon Software Defined Perimeter (SDP).

NETWORK THREATS DEMAN

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

NetDefend Firewall UTM Services

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

Ethical Hacking and Prevention

Transform your network and your customer experience. Introducing SD-WAN Concierge

Deploying Voice Workloads for Skype for Business Online and Server

Get your business Skype d up. Lessons learned from Skype for Business adoption

About Your SIP Service Solution

align security instill confidence

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

SteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Smart Attacks require Smart Defence Moving Target Defence

Solution Architecture

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

Visual TruView Unified Network and Application Performance Management Focused on the Experience of the End User

Cisco Unified Presence 8.0

CSA for Mobile Client Security

Oracle Improves Communications and Reduces Costs with SIP Trunking

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

2S00012W -Selling the Avaya IP Office Platform Overview. Selling the Avaya IP Office Platform Overview. October, S00012W

PT Unified Application Security Enforcement. ptsecurity.com

Features. HDX WAN optimization. QoS

Transcription:

Secure Cloud Communication and Collaboration.

Overview The emergence of IP Voice, Video, Unified Communication and Collaborations (UC&C) technology and applications are causing a fundamental shift in the telecommunications industry. Traditional communication systems and applications running on legacy TDM networks are soon being replaced by their IP counterparts providing numerous benefits to businesses. The benefits ranging from low cost of operation, ability to quickly provision rich software enabled communication services, provide ease of manageability, usability and adaptability to business fluctuations while leveraging the benefits of open standards and its ecosystem. Voice and UC solution vendors are making tremendous progress in tightly tying the operation of data applications (and UC services) with the IP-telephony features. This helps improve the overall employee connectivity and business productivity. The combination of these two previously separate worlds is being called Unified Communications (UC) when the integration happens at the end user desktop PC or Communication-Enabled Business Processes (CEBP) when the integration is within an enterprise application running on dedicated servers. As a result, rich services are now possible from anywhere, anytime and from any device, UC communication cloud services such as Presence and Collaboration being offered across any IP enabled device.

The stakeholders must understand that while IP Voice, Video, UC&C networks and applications present great promise, they also present unique security requirements that are different from conventional data applications. Due to real-time nature of communications combined with the complex interconnect involving many entities, the overall network complexity and threat vectors exposure is alarming. This above figure presents summary of potential risks to evaluate before massively deploying UC&C environments. The risks ranging from real time fraud detection mechanisms, rising vulnerabilities, control of rogue applications and users, meeting compliance requirements, protection against VOIP (and UC) infrastructure and application layer threats such as Voice/UC Denial-of-Service (VDOS/UC-DOS) attacks, SPAM over Internet Telephony (SPIT) attacks, Eavesdropping, Spoofing, Number Harvesting, Protocol anomaly or Fuzzing attacks, Signaling or Media threats, Toll Fraud etc. Unified Communication Threat appliances are new product category. They are a highly specialized solution designed to provide complete protection, visibility and control for voice-, media-, unified communications and collaboration over-ip traffic. The solution offers a blended approach to security, ranging from well-known tools such as stateful inspection, protocol anomaly detection, and intrusion prevention applied to VOIP (and UC) protocols, to sophisticated application (and user-) aware learning and correlation techniques to provide a comprehensive security solution. UCTM appliances combine traditionally separate security services into a single device, providing complete control, visibility and protection to core UC&C infrastructure, servers, users and applications. Why do you need UCTM? Data applications are well managed and secured by today s standard data management and security practices. These data-centric security solutions are mature and in general meet the needs of network managers. However with new communication applications beginning to integrate voice, media and UC features, new vulnerabilities and threat vectors are emerging that have not been previously encountered. Communication networks that have traditionally been secured by physical or virtual separation from the rest of the network are now unexpectedly exposed to a multitude of issues related to the convergence with data. Security and network administrators need new tools to address the reliability and availability of enterprise assets, infrastructure, and endpoints of Unified Communication Services. The paper identifies five distinctive properties for any solution to effectively address the VOIP and UC security requirements and deployment challenges.

Category I: Real-time requirements 5-9 s reliability translating to only 5 minutes of downtime per year Low latency for signaling and media Stringent Quality-of-Service (QoS) jitter requirements 100 ųs for Media 2 msec for signaling Category II: Security requirements Low tolerance to false-positives Low tolerance to false-negatives Call re-attempts are not acceptable Process encrypted traffic (SIP/TLS, SRTP) Categoría lll: Technology requirements Deep packet inspection capabilities from Layer 3 Layer 7 VOIP and UC traffic Heterogeneous architecture comprising of both pro-active and reactive solution elements Need to maintain multiple levels of call state with adaptive behavioral learning of both UC application and VOIP endpoint Advance correlation of protocol state and security events across the different layers and security modules

Comprehensively address VOIP, UC and CEBP application security threats SIP/SCCP/H.323 protocol anomaly detection, IPS, Voice DOS and SPIT prevention, eavesdropping, toll fraud, number harvesting, MITM attacks etc. UC-aware policy and incident management system Category IV: Enterprise focus Deeper interoperability requirements with disparate systems Complex services spanning multiple protocols One security solution not a slapdash combination of several piecemeal solutions Zero-touch deployment Category V: UC and CEBP Communications focus Tightly integrated with IP-PBX and other communication infrastructure elements easy to deploy and manage Easy integration with 3 rd party vendor solutions providing UC and SOA services (e.g. Microsoft, SAP, BEA, IBM) Provide visibility to all VOIP and UC traffic Provide control to all UC services, Applications and Assets Current security solutions: 1. IDS/IPS vendors Strong in enterprise focus (Category IV) but are not well suited to meet real-time communications requirements (Category I), possess high degree of false-positives (Category II) and lack technology elements (e.g. advanced call state correlation) required to address the complex blended threats that span multiple VOIP protocols (Category III). Conventional data security solutions also lack UC and CEBP communication focus (Category V). 2. UTM vendors Solution properties are very similar to IDS/IPS vendors but lack best-of-breed solution and technology elements. Significantly lower price and more suited towards small-&-medium business (SMB) price sensitive segments. UTM devices are mired in performance related issues. They don t address Category II, III and V. 3. SBC vendors SBC solutions are very strong in Category I (real-time) and provide adequate security for carrier and edge (or border) protection deployments. They are however not enterprise focused and lack the necessary technology and solution elements required to provide adequate UC and CEBP application security (e.g. Categories III, IV and V).

4. Existing IP PBX players Primarily focused on providing end-user Voice solutions and equipments. Strong in real-time, enterprise and UC focus (Category I, IV and V). However, providing security solutions is not their primary focus, (Category II and III). In summary, conventional security solutions such as IDS/IPS appliances, Data firewalls, UTM and/or SBC vendors are not well suited to address the complex VOIP and UC application security requirements and deployment challenges. The Growing Threats and Vulnerabilities RedShift researchers have analyzed several thousand threats compiled from various sources, such as the VOIPSA group, CERT, BugTraq and other vulnerability postings from several IP-PBX vendors. VoIP Fuzzing Malformed Request (Protocol Fuzzing) Malformed Protocol Messages PROTOS Suite Condenomicon Suite Spirent ThreatEx MuSecurity Eavesdropping Call Pattern Tracking Number Harvesting Eavesdropping and Analysis Voicemail Reconstruction TFTP Configuration File Sniffing Reconstruction VoIP Interception/ Modification Call Blackholing Alteration Degrading Hijacking False Caller Identification DTMF Alteration/ Recording Service Abuse/ Integrity Call Conference Abuse Call Stealing (Toll Fraud) Identity Theft Registration Spoofing/Attacks Misconfiguration of Endpoints Premium Rate Service Fraud Flood based Diruption of Service Signaling or Media Manipulation OS Vulnerabilities VoIP Scanning & Enumeration Tools Registration Flooding Fake Call Teardown Messages Cisco Call Manager Vulnerabilities User Call Flooding Call Hijacking Avaya Communications Manager Directory Service Flooding Registration Removal/ Hijacking/ Addition Microsoft LCS/ OCS Server DoS on Signaling RTP DoS Attacks Distributed DoS Attacks Wiretapping SPIT Key Logging/ DTMF Logging Nortel Alcatel Lucent Siemens/NEC Nessus SIP-Scan SIPp Sivus iwar SIPCrack Data Threats SQL Injection Cross-Site Scripting UC Application Threats UM - Message Waiting Indication (MWI) Attacks UM - Manipulation of User Mailbox Malware Viruses Web Vulnerabilities UM - VoiceMail Retreval Threats UM - QoS Degradation Conference - Illegal Join/ Leave Conference Attacks Buffer Overflows Conference - Moderation Functions Attacks

The common observations are that the VOIP and UC deployments faces a variety of threats from different entry points and attack vectors ranging from exploiting weaknesses in networking layers, malware-infected endpoint, underlying OS vulnerability, protocol implementation vulnerabilities, voice denial-of-service and SPIT attacks, UC application layer attacks and/or device configuration weaknesses. The above table categories the most important threat vector bucket categories along with specific attack incidents reported, tools publicly available or published articles. 1. IDS/IPS vendors Provide good reactive protection for Data threats and OS vulnerabilities through signatures support. No pro-active protection. Do not provide any protection for the remaining bucket categories along with blended threats that touch data and voice elements, e.g click-2-call sequence initiated from a browser. 2. UTM vendors Protection generally weaker than IDS/IPS 3. SBC vendors Provide limited protection to VOIP scanning and enumeration attacks through basic NAT functionality and limited protection against flood-based disruption of service attacks. Do note provide adequate protection for the remaining attack categories. 4. Existing IP PBX players Do not provide any security besides basic call policy management and enforcement. UCTM Next Generation Security Solution for Secure Communications and Collaborations To address this growing challenge and the security issues specifically Redshift Networks has developed a product line that delivers: 1. Protection via a patent pending hybrid of both static threat identification and an adaptive and dynamic behavioral learning engine that identifies abnormal traffic in real time. 2. Visibility by analyzing, reporting on VoIP, UC and CEBP network traffic and sessions. 3. Control via a configurable Policy Enforcement engine that allows IT managers to automatically delay, throttle or block traffic determined to be undesirable. RedShift Networks does this without sacrificing performance and employee productivity. RedShift Networks Security Appliances provide a point of integration, visibility, control and protection for enterprise Unified Communication applications.

RSN - Hawk/Eagle/Falcon Product Line Synchronous Flow Security Technology TM Patent Protected Dynamic real-stream inspection technology Proactive proprietary threat assessment architecture Advanced behavioral learning analytics (user and app) Portable software architecture Distributed architecture Immediate Market: UC Focused Enterprise About RedShift Networks RedShift Networks is a leader in securing Cloud based VoIP networks and provides the industry s first complete security solutions developed for Unified Communications (UC). Since 2006, RedShift Networks has been solving the most difficult UC security challenges for service providers and enterprises with the company s UCTM product portfolio. Deploying the Redshift Networks application service and network layer technology in the cloud ensures secure, reliable service performance. RedShift Networks partners and worldwide customers are comprised of Communications Service Providers and enterprises including VoIP Carriers, Mobile Operators, MSOs and Hosted Service Providers. For more information, visit RedShift Networks at www.redshiftnetworks.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback