Bad actors are constantly looking for the easiest path into corporate networks. While security breaches attributable to SIP may not yet be widespread, that is changing as SIP adoption grows and hackers prey on vulnerabilities created by a lack of understanding of the risks and subsequent lack of best practices to address the threats and protect the network. Some attackers will target SIP specifically for toll fraud, but more likely this will be their point of entry for other forms of malicious activity such as disrupting operations, identity theft, financial theft, corporate espionage or supporting political agendas. This makes SIP more of a means to an end, and it will be futile to build a security plan to only address specific motives or types of hackers.
Without proper security on unified communications, in appliance-based. private cloud-based, or public cloud-based networks, enterprises will only have reactive after-the-fact options when more serious threats strike. Not only can hackers cause financial loss by accessing corporate data and accounts through a SIP breach, but some would not hesitate to use the same breach to launch DoS – Denial of Service attacks. By constantly flooding the network with SIP messages through that breach, they can disrupt or even shut down operations, and much like kidnapping, will only stop once they have extracted blackmail payments from enterprises. Even this is no guarantee, as once that breach is fixed, hackers may well keep pinging your network to find new points of entry, because they know SIP can be highly vulnerable if not properly secured.
Ribbon provides a new level of security analytics for unified communications. Leveraging well-established concepts of network behavioral analytics from the data world, Ribbon Protect establishes a well-defined baseline of what is categorized as “normal” voice and video sessions as well as IP port activity. Deviations from this baseline can be quickly identified and mitigated. This powerful methodology allows Ribbon to mitigate a variety of UC attacks.