Securing your Unified Communications Below the Surface
My colleague Greg Zweig recently wrote a blog “Forget Videobombing – Worry About What You Can’t See” in which he outlined how Unified Communications (UC) assets are all too often left unsecured, making them an easy target. Greg argued that enterprises should be more concern about security attacks (potential or real) that are less obvious than someone videobombing a work meeting or virtual family reunion, and advocated for increased UC security assets, integrated into a wider IT security framework.
My aim with this blog is to expand on what it means to make smart investments in UC security. While seeing bad actors pop up and insert offensive content into a collaborative event is certainly disruptive, and has even led to the banning of some UC applications by the Department of Defense and other security-conscious organizations, these very visible security breaches are really just the portion of the iceberg above the surface. At Ribbon, we believe there is much more to understanding UC security threats and how to close down attack vectors that could be used by bad actors. Two key aspects to consider: how to secure and control the enterprise border (wherever that may be) and how you can use analytics to detect and mitigate malicious attacks.
Session Border Control
Every enterprise has firewalls in place, but since these legacy equipment do not deal with VoIP traffic at the application layer, they potentially leave open doors for bad actors. For instance, a firewall needs to open ports specifically to let the VoIP media packets flow through for every call, but since the firewall does not know when a call ends or perhaps when a 3rd party is bridged on, it will leave ports open which can become access points for bad actors.
Securing and protecting the enterprise boundary for VoIP traffic for Unified Communications is the job of a Session Border Controller (SBC) which is stateful aware for each call. SBCs know how to close IP ports when a call ends and how to provide call admission control to throttle excessive traffic that may be a brute force attack. They can also handle malformed packets that are often used as an attack method or block specific callers or IP addresses using blacklist capabilities. This level of security is provided in real-time for every call.
For Ribbon SBCs, application layer security is independent of the deployment model, so it does not matter if an enterprise’s UC assets are on their premises, in a private datacenter, or on a public cloud. Nor does it matter if the UC clients are on-premises or working from home -- what matters is that UC assets can be protected on a per-call basis, helping to close the loopholes firewalls leave open.
Analytics
The unfortunate reality is that legitimate calls can be spoofed for fraudulent or malicious attacks. Too many enterprise won’t know that a security breach on their UC assets has occurred until after the fact. Worse, once they learn they have been attacked, they may be unable to parry the next threat. One way to get ahead of bad actors is to invest in an analytics solution that is designed to detect and mitigate malicious attacks on UC assets.
We’ve designed our Ribbon Analytics solution to ingest call data including Call Detail Records, Call Traffic KPIs, and the message packets themselves from network elements involved in the call flow (call controllers, SBCs, and gateways). The information is correlated and processed by pattern detection algorithms to determine what is considered “normal” versus “abnormal” traffic, identifying fraudulent call attempts. Automated policies make it possible to detect and mitigate these attacks before they become costly, helping to protect security, quality of service and brand perception.
Looking ahead
the COVID-19 pandemic has accelerated digital transformation across industries. Businesses have benefited from the power and effectiveness of UC and collaboration tools in these difficult times, and discovered their positive effect on productivity and business continuity. There’s no question that bad actors have taken note of this transition and will continue to expand the threat surface in that direction. With the general expectation that work from home usage patterns will remain high as we transition to new models in a post COVID-19 world, keeping these threats top of mind is critical today and going forward.