ITC Security Threat of the Week – Week 26: PBXwall CTO writes: Toll Fraud, are you covered?
With the open world of unified communications (UC) and mobility applications, the threat of toll fraud is very much real, alive on the increase. This type of fraud, which has been a threat long encountered on traditional voice networks, is not a new area of risk however is one that is now becoming heightened with the move to pure IP based communications systems and in particular SIP trunking.
IP based communications, as with many other applications our enterprises deploy today, introduces flexibility, scalability and cost reductions that are too good to pass, however this move to IP also brings with it a host of new security risks that need to be assessed, understood and mitigated.
Our industry is fortunate in that we have historical trends that we can learn from and the move of an application from traditional methods of delivery to IP is a move we have made many times over now and each time we have seen an immediate risk in the interest from hackers looking to exploit these new applications for benefit.
The two most notable applications where we have seen this are web and email applications which we of course all depend on in the everyday operation of our businesses. We are however also, and perhaps too well, aware of the risks of allowing these applications to run on our networks unprotected and would never entertain the deployment of these running without the appropriate measures being taken in order to mitigate these threats and risks.
This has led to security models being defined purely to tackle the threats based around these applications and our industry has specific experts, trained sales teams and a vast range of appliances and software from leading vendors that are dedicated to delivering comprehensive solutions to customers in order to mitigate the associated risk. We even dedicate whole businesses to understanding a specific customers risk through exercises such as penetration testing and vulnerability assessments so any proposed solution may be tailor made to a customer’s specific requirement.
SIP based applications are now proving that they deliver real benefits to our businesses and our customers and as such our sales strategies, being focused on selling value, are steering customers to rapidly adopt SIP based applications in order to realise the cost benefits sooner rather than later in an economic environment that could clearly do with all the help it can get when it comes to either saving our businesses money or making or our employees more productive.
The initial move, as its one that delivers the quickest and most direct returns is typically the move to SIP based trunking for the enterprise. We have some fantastic providers who now make this move extremely easy and who make the commercial benefits so appealing that customers are put in the ‘why wouldn’t you position’ rather than the ‘why would you’.
It has been widely publicised by the Worldwide Telecom Fraud Survey (2011) published by the Communications Fraud Control Association (CFCA), that the UK is one of the top five countries where fraud originates meaning that it is our enterprise voice networks which are being compromised in order to service the demands of the unscrupulous hackers.
Detailed in the report is an estimated $4.96 Billion (USD) that is defrauded per annum solely from compromised PBX and Voicemail Systems, so the problem is not one that is small and it’s certainly not one that will go away. Back to the earlier point of historical learning, we know that as the application moves to IP the threats increase in quantity and the hackers become more intelligent so action needs to be taken sooner rather than later.
Remedial steps are in process however in many of our trunk providers; there is more and more awareness being generated through the press and other publications on the risks and impacts of toll fraud within the enterprise and steps are being taken to address this, however the solutions being deployed by our providers commonly rely on traditional methods which were never designed to and are not capable of explicitly covering the risks associated with SIP trunking. As such the typical toll fraud prevention methods in place simply limit ones exposure rather than providing what is needed which is a solution that detects and blocks fraudulent call activity without impacting genuine calls.
If there is one other point that we have learned from past lessons it’s that new technology will be introduced over time by new and existing vendors which allows us to better understand the risks around the delivery of these new applications such as SIP trunking, and which help our customers quantify risk and provide us with technical solutions that provide comprehensive security measures so our customers can utilise these new services with the peace of mind that their risk is understood and in turn mitigated.
One such new entrant to the market, PBXWall is a security company providing the first proactive method of detecting fraudulent call activity using industry pioneering methods delivering solutions for both traditional TDM environments (TDMWall Product) and newer SIP trunk (SIPWall product) deployments.
PBXWall is also the first voice specific security vendor to offer a cloud based anti-toll fraud solution with its new SIPWall.Cloud service, making it easier for customers to deploy toll fraud security without the hassle of deploying hardware with the enterprise network.