As IT and Comms networks get ever more complicated, and the ongoing global pandemic increases business reliance on Unified Communications and applications like Teams and Zoom, the potential surface for attack by bad actors and fraudsters widens. What’s more, the way some of these applications work, serves to heighten the risk, as Justin Hart, Cloud and Edge CTO at Ribbon Communications explains.
There was a time, not that long ago, when pretty much every network connection in the world was the same. These days, almost the opposite is true, and it’s hard not to believe that no two network connections are alike.
We live in a world of wide area networks, local area networks, private and public networks, and direct private corporate connections into public networks. We are also presented with multiple different connectivity technologies, and multiple forms of traffic. We think of all these networks as large houses and – as any homeowner knows – the more doors and windows you have, the more points of entry you need to protect to keep your home safe.
That is the security challenge facing all networks owners – from the smallest home office to large multi-national corporations, global network operators and everything in between. It doesn’t matter what type of network we are talking about, the points of entry at its network edge are the weak links from a security perspective. What’s more, that situation has been brought into even sharper focus during the Covid-19 pandemic given the surge in home and remote working it has triggered in both national and international terms.
The pandemic has seen an explosion in the use of Unified Communications, video calling and collaboration platforms such as Microsoft Teams, Google Hangouts, and Zoom. And depending on the setup of the company network they are connecting to, each of those remote connections represents a potential security weakness. The unfortunate reality is that legitimate calls can be spoofed for fraudulent or malicious attacks. Too many enterprises will not even know that there has been a security breach on their network, via their Unified Communications program, until after it has happened and the damage has been done.
Tip of the iceberg
The way we elect to provision our SBCs ensures the application layer security is independent of the deployment model. This means it doesn’t matter if an enterprise’s network assets are on their premises, in a private datacenter, or sitting on a public cloud. Nor does it matter if the callers are onsite or working from home — what matters is that security is provided on a per-call basis to close the doors that the firewalls leave open.
However, simply banning some of these applications or questioning the security of the application itself is not the way forward. That is just looking at the part of the iceberg that is above the surface – that danger comes from the parts below the surface that you cannot see but need to guard against. There are two key things every enterprise needs to do – control and secure those entry points, and learn from every attempt to breach them.
Of course, every enterprise will have a firewall in place, but these are mostly legacy installations that do not deal, at the application layer, with the type of VoIP traffic generated by the collaboration platforms. In fact, they potentially leave doors open and effectively unguarded for unwanted intruders. This is because a firewall needs to open its ports specifically to let the VoIP traffic flow through for every call; but because it doesn’t know when the call ends or when a third party is bridged onto the call, it leaves these ports open and vulnerable to malicious traffic.
Securing and protecting the enterprise network edge for VoIP traffic from a Unified Communications perspective is the job of a Session Border Controller (SBC). SBCs are fully aware of the state of each call, they know how to close IP ports when a call ends, and how to provide control at the point of entry to block any excessive traffic that may be a brute force attack.
SBCs automatically identify the type of malformed VoIP packets that are often used to mask an attack and can also block specific callers or IP addresses using blacklist capabilities. And of course, this level of security is provided in real-time for every call.
Accelerating the transformation
Now, leading Unified Communications-as-a-Service providers, such as RingLogix, are integrating SBCs into their service offer specifically because they have recognized the growing need to secure and optimize services such as Microsoft Teams.
On top of that, it also pays to stay ahead of the fraudsters and bad actors by investing in an analytics solution so that you learn from every attack and are better able to detect and mitigate against malicious activity.
That means, combining the protection of an SBC with AI-driven analytics allows enterprises to detect and mitigate malicious attacks on Unified Communications systems and collaboration tools and to keep out the unwanted visitors. Analytics can interrogate call data and the message packets themselves using pattern detection algorithms to determine what is considered “normal” versus “abnormal” traffic and therefore block fraudulent call attempts. These automated policies make it possible to highlight these attacks and counter them before they have a chance to become costly. This not only protects the security, integrity, and quality of the network, it also protects the brand reputation of the enterprise itself.
The Covid-19 pandemic has accelerated digital transformation across industries. Businesses have benefited from the power and effectiveness of UC and collaboration tools in these difficult times and discovered their positive effect on productivity and business continuity.
But there’s no question that bad actors have also taken note of this transition and see an opportunity to expand their range of network threats. With home and remote working set to remain a fixture as we transition to new ways of working in a post Covid world, upgrading our security at our network borders and investing in analytics to keep ahead of the threats is critical for businesses of every shape and size.
Justin Hart, Cloud & Edge CTO, Ribbon Communications