One event transformed the state of the world in 2020. No points for guessing which one.
Two things changed for business as a result – (1). Remote work became the new default (2). Security breaches saw a massive uptrend across the world
Three less-obvious but significant developments took place in the background –
- Communication networks suddenly had a much bigger role to play
- IT teams had to rise to the business continuity challenge and ramp up remote work infrastructure — without dropping the ball on security
- The above notwithstanding, companies rushed to jump on the remote-first bandwagon
Unfortunately, when it comes to being truly remote-first, there’s many a slip between cup and lip.
Enabling employees to work remotely is only the first step to remote work — the bigger task at hand is how to make this happen without risking your business.
The problem
Here’s where the problem starts — communication networks have always been separate from IT operations and security. With the shift to remote work, this line was hastily rubbed off. Typical IT security teams are most likely unaware of or ill-equipped to keep up with the security risks associated with communication networks. To make matters worse, they are not equipped with the tools that can help bridge this gap.
The result? Communication security threats are being swept under the IT security carpet — where they will lie unnoticed till they begin to damage the carpet itself. It’s only a matter of when the tears will show, not if.
According to Verizon, nearly 67% of breaches are a result of hacking and phishing attempts. Communication networks are now increasingly exposed to DDoS, toll fraud, vishing, eavesdropping, spoofing, man-in-the-middle attacks, etc. This is where SBCs come in.
SBCs in communication networks – The link between remote work and cybersecurity
Thanks to the increase in remote work, the SBC has carved out a permanent place in the network — as a SIP firewall to protect and encrypt real-time communication. Enterprises finally understand that an SBC is an essential component in their network infrastructure.
But here’s the thing: Your SBC can secure your network, but it probably doesn’t, yet.
However, an SBC no matter how good the vendor, is always at risk when inadequately configured. If you look at any SBC anywhere in the world, you can be sure that hackers have either already tried to hack it, or are at it — probably right now.
Remember, your SBC can secure your network, but it probably doesn’t, yet.
SBCs are not simple technology pieces. Even the ways they are deployed and configured introduce security issues. Additionally, setting them up is a skill, and maintaining or securing them is a different skill altogether. It’s not something already overloaded IT departments can integrate or handle as part of operations.
When an SBC is hacked, attackers can launch Denial of Service (DoS) attacks, bypass it, manipulate messages that pass through it, and much more. However, enterprises feel a false sense of security once an SBC is set up, under the assumption that merely using an SBC secures the communication network. Most SBCs have features inbuilt to ensure a default level of security, but it boils down to a matter of managing configurations. Just like one bad cipher or certificate can break your firewall, one wrong SBC configuration can weaken your entire communication network.
Just as you need to update your antivirus packages for your computer, and companies need to monitor and upgrade their firewall settings, SBCs need attention and input to ensure they are properly set up and hardened enough to thwart attacks on your communication networks.
We can’t say this enough — it’s not enough to just deploy SBCs, it’s also critical to configure, manage, and monitor them properly and regularly for VoIP security.
Challenges in implementing SBC Security
Just like data security, communications security is constantly evolving. Hacks and attacks becoming more sophisticated and more frequent. You need to be updated on the latest VoIP security attacks. You also need to look at each call that passes through your SBC to identify any patterns that can be songs of attacks or threats. Additionally, you need to perform regular audits of your SBC’s configuration to see what’s enabling these attacks.
There’s another tricky aspect: enterprises often deploy multiple SBCs.
You need to examine every configuration item on its own and in relationship with the other SBCs making sure they work well individually — and in sync — to secure your systems.
The only holistic way to solve this is by investing in security by design –
- Design your solutions keeping security at the center
- Regularly audit your SBCs and their configurations
- Make management and monitoring of SBCs a part of your security posture
- Use the SBC to analyze each and every call passing through your SBC to detect, prevent, and block attacks
These steps can help you both — resolve simple failures, and detect threats that might have been flying under the radar for a while now. This awareness can be powerful in helping you investigate and decide the right course of action.
However, this is easier said than done. There are multiple configuration parameters, standards, and ever-evolving new threats to consider. Managing your SBC and using it to implement SIP security at the perimeter means keeping track of the
- latest attacks from across the world
- updated premium rate numbers that cybercriminals use for toll fraud
- IPs used by known malicious actors and organized criminal groups
- spoofing, scam/vishing, and robo calls targeted at your organization.
If you need any help understanding how you can do the above, or improve your SBC security, we’d be happy to help. You can reach out to us at sales@assertion.cloud.