For something that has the potential to cause up to $100M in losses, perimeter security doesn’t yet get the attention it deserves. Though developments like NSA’s latest announcements and guidelines have fuelled awareness around the conversation, for companies, SBC security is still largely a gray area with plenty of blind spots.
Whose responsibility is SBC security? Does the partner or vendor handle SBC security or do companies handle it internally? Who then, is responsible for controls and configurations? Are audits in place? Are internal audits even enough?
There are a lot of questions to work through. However, answering them is the only way to work towards collaboration security. In this light, we thought it would be helpful to share some of our observations and learnings from scanning and analyzing hundreds of SBCs, and talking to multiple partners and companies, so you can take the right approach to building your perimeter security posture.
As you look to devise or revise your approach, the best way to start is to understand the common blind spots in the understanding and implementation of perimeter security. Do any of them apply to you?
Read on to find out.
The 5 most common blind spots in SBC security
1. Symptoms of SBC hacks
Though SBCs top the list of most attacked devices and hacks are becoming increasingly common, the tricky bit about SBC security is how easy it is to miss the symptoms of attacks.
Though SBC hacks exhibit telltale signs like call failures, call registration issues, spurt in telecom bills, such symptoms are easy to miss, especially if high call volumes and distributed workforces are the norm in your company. Even in cases where extensions are compromised to hackers, the fact that they are still available to other users makes it hard to know if you are being toll-frauded.
You need to know when attacks are happening so you can take action before SBC attacks turn into an SBC breach.
2. Lack of threat detection intelligence
Unsecured SBCs can be hacked in as little as 20 minutes, and yet, most of these attacks don’t even generate alerts. In fact, 9 out of 10 attacks go unnoticed.
For instance, a public company in the US whose SBC we scanned a few weeks ago, was an unsuspecting victim of at least three different types of attacks before our SBC scan confirmed a breach (12 extensions were already compromised!).
The fact that lines were already successfully compromised means that reconnaissance attacks had been successful, but they had gone unnoticed. The longer a threat goes undetected, the bigger the repercussions and longer-lasting the damage.
This is why threat intelligence is a critical piece of the SBC security puzzle. Unless you actively know that you’re being attacked, corrective and preventive measures will remain a shot in the dark.
3. Access to the latest cybersecurity intelligence
Hacks are changing every single day, it is impossible to keep up, especially if companies don’t have skilled and dedicated resources.
Keeping track of the latest attack signatures, attack vectors, malicious IPs, etc. is an ongoing exercise. What companies need is the latest cybersecurity intelligence — be it in the form of attack vectors or suspicious IPs or even premium numbers.
Think about this: There are more than 20 million premium-rate numbers and the list is constantly changing – with new ones being added and old ones being scrapped. The case is similar for suspicious and blacklisted IPs. It is practically impossible to manually check these repeatedly while ensuring the use of the latest cybersecurity and threat intelligence.
As a company, you need to have access to up-to-date intelligence that is updated with data from global databases and from other cyber attacks around the world.
4. Safety of public-facing SBCs
Companies often ignore the public interfaces of the SBC thereby exposing security weaknesses to the internet. Our State of SBC Security Report found that nearly 50% of SBCs have unsecured configurations!
You need to check the behavior of the SBC on the public internet and look at the HTTP(s) and SIP(S) interfaces, the ports and services exposed, certificate issues, and more. These checks have to build on industry best practices and standards to ensure that your SBC is equipped to handle the exponentially increasing threats of the open internet.
5. Controls and configurations
Configuration and control issues are aspects of SBC security with the potential to inflict the most damage, albeit most avoidable. Our scans continue to reveal extensions with 4-digit PINs, missing User-Agent filters, and more, all ways to make it easy for hackers to attempt to register with the SBC.
Though these are fundamental aspects, no company is immune to them — especially in cases where SBCs are being configured and reconfigured to add new users, new routes, etc. A simple configuration change can cause security issues downstream that go largely unnoticed.
You need to have a way to check your configurations on an ongoing basis to ensure that there are no security holes or configuration gaps. Doing this manually for multiple connected SBCs is no walk in the park.
How Assertion® can help
Assertion® SecureVoice™ is designed to help companies overcome blind spots in the areas of threat detection, threat protection, and cloud configuration. It provides real-time threat protection against Toll Fraud, Telephony, Denial of Service, Robocalls, Vishing, and Remote Worker Attacks, by checking each and every SIP session as and when it happens. Its AI engine
- studies your call patterns, traffic, and past threats
- analyzes each call against the latest attack signatures and vectors, suspicious IP addresses and numbers associated with known cybercriminals, OFAC calling guidelines, and more
to ensure that your VoIP security is always in top shape.
Talk to us to know how we can help you get better visibility into, and control of, your VoIP systems.