Most operators have taken some steps to protect their network and customer base from threats posed by signaling attacks. The level of protection offered varies greatly. Research says that between 20-30% of mobile operators have deployed any kind of signaling firewall.
- Most of these firewalls are ageing, more than a couple of years old.
- Many are designed to handle relatively simple attacks.
- Few can successfully block in the industry parlance sophisticated “Class 3” attacks.
- More than two thirds do not perform cross protocol analysis, critical to effectively managing a coordinated and planned attack.
At a time when global security seems more fragile than it has been for 20 years or more, measures to protect telecoms networks seem inadequate to say the least. As communications networks are embedded in economic activity, governments, national security agencies and regulators are engaging with operators to drive a step change in security measures.
It can be argued that the latest technology is secure, that 5G has security “designed in”. The truth is that this assertion is unproven. Bad actors have not had an opportunity to target fully commercial standalone 5G networks. And even if 5G offers high levels of security, it is built upon, supported by and interconnects with legacy networks that have proven vulnerabilities.
If you find yourself needing to update, replace or purchase a signaling firewall, what are the factors you should consider when comparing vendors? How best can you choose the right signaling firewall? I suggest an evaluation matrix should consider the following factors.
Signaling Firewall Evaluation Matrix
1. Pedigree and focus on security.
Many types of enterprise sell signaling firewalls as part of their business, but only a handful have signaling security as a focus. Network equipment providers and Open RAN vendors may bundle software in with a sale. Managed services providers support roaming services with a bit of signaling security on the side. Poorly understood signaling security threats emerge every day. A signaling specialist has the experience to recognize emerging threats early. A security expert has the focus to remediate new threats quickly.
2. Driver of industry standards
Signaling security threats are a global issue and a coordinated response is often appropriate. The Fraud and Security Group (FASG) is a group that analyses and remediates security threats as part of the global industry group, the GSMA. Membership outside the operator community is by invitation. The FASG defines fraud and standards for the mobile industry. Active participation allows members to deeply understand operator needs and to develop solutions that meet and exceed industry standards.
3. A solution that harnesses artificial intelligence and machine learning augmented by human insight and understanding
Machine Learning (ML) algorithms learn and improve through experience. They play an important function in spotting patterns, sifting through vast quantities of data. But biases creep into models that can skew results. Human intelligence is needed to correct and reorient models that can run to high false positives. ML can block legitimate signaling activity and drive negative customer experience if unchecked by the human eye.
4. Understand threat coverage
There are clear regional differences in the incidence and emergence of signaling threats. What is playing in Asia may have yet to become evident in Central America. A global perspective is important to anticipate the pattern of evolving threats. Insight drives heightened preparedness.
5. An agile and responsive vendor
New threats constantly emerge in signaling. The ability to quickly develop and deploy remediation is vital to control the impact of a new threat. Older system architectures make it difficult to adapt to change. Legacy solutions require coding to implement the most modest update.
6. Stable family background
When you choose a vendor that meets your signaling security needs, you want to choose a stable company. Some vendors are poorly capitalized and overly reliant on cash flows to fund operations, let alone investment.
7. Analyst recommendations and coverage
Analyst coverage of signaling firewall vendors as a sector can be patchy. The large analyst firms treat signaling security together with other business activities, such as fraud management systems. Focused analysts will give a better perspective on the specific strengths of signaling firewall vendors.
8. Check the reputation
It might seem obvious, but security can attract some shady characters. Best to check the identity and history of a vendor and key executives as part of an evaluation.
Why Enea’s Signaling Firewall?
- Pedigree and focus on security. Enea AdaptiveMobile Security is the world leader in securing mobile networks. We protect over 2.4 billion mobile subscribers and devices worldwide. Our global specialization enables the most comprehensive intelligence led protection solutions.
- We are a driver of industry standards. Enea AdaptiveMobile Security is an active member of the FASG within the GSMA. Our CTO and his team are editors and principal authors of many GSMA recommendations, including FS.36 for 5G interconnection security.
- A solution that harnesses artificial intelligence and machine learning augmented by human insight and understanding. Enea AdaptiveMobile Security’s Threat Intelligence Unit (TIU) is a global team of security experts that provide industry leading accuracy in detection and targeted protection against signaling security threats. Their experience and intelligence supervise our ML algorithms to provide the most accurate level of threat detection and blocking in the industry.
- Understand threat coverage. Enea AdaptiveMobile Security’s Signaling Intelligence Layer (SIGIL) combines our signaling intelligence expertise with a global footprint. We are uniquely positioned to increase a customer’s ability to anticipate and prevent signaling attacks.
- Agile and responsive vendor. Enea AdaptiveMobile Security’s platform is built on a rules-based architecture, promoting speedy, agile development and release of remediation in the face of new and emerging threats.
- Stable family background. Enea AdaptiveMobile Security is part of the Enea family of companies. Listed on the NASDAQ exchange in Stockholm, ENEA employs over 750 people and has a global customer base of more than 100 customers.
Brian joined Enea AdaptiveMobile Security in December 2021. He has over 25 years experience working in telecommunications sector in product, marketing and strategy roles. His career has included roles with software vendors, as a consultant and with mobile network operators.