Strong SS7 security for the telecom

Telecom Attack Discovery

Compelling solution for the SS7 vulnerability challenges

Telecom Attack Discovery

The backbone of a telecommunications company is the SS7 or Signalling System 7. What existed in the yester years is what is known as speaking channel for delivery of data packets. Decades ago this system was upgraded to Signalling System (SS7) bringing in more efficiency. SS7 serves as a base for a signalling infrastructure in local, national, international, and wireless networks. The implementations that was in prevalence earlier was fraught with security vulnerabilities such as lack of encryption or service messaging validations. So long as it existed in the closed control limited to landline operations; it caused no major hick-ups and was presumed “good to go with”.

Why is this solution relevant and important to a telecom provider?

Telecommunication companies must be vary of cyber criminals who have the wherewithal to listen to a conversation, accurately pinpoint a person’s location to a meter precision, intercept SMS messages to gain access to mobile banking services, generate USSD commands to a billable number and conduct other malicious attacks.

While it is granted that it is difficult to penetrate the network directly; it is often easy to achieve this feat via the SS7 gateway systems. In some cases, the committed attacker can obtain the operator license in countries with relatively weak laws or obtain access through the black market from a legal operator for a substantial sum of money.

Therefore, it is an area of concern for telecommunication companies and they must invest time in securing their systems thereby protecting their subscribers. SS7 MAP commands allow cell phones to be blocked from a distance. Lack of SS7 security threaten not only mobile subscribers but also a growing ecosystem of industrial and IoT devices — from ATMs to GSM, gas pressure control systems, that are also considered to be mobile network subscribers.

What benefits will the enterprise derive by implementing the solution?

By deploying tested solutions in the market place, telecommunication companies exhibit their readiness in circumventing these challenges, ensuring their subscriber base is well protected, as well as augmenting their stature as a mature player in the market. Trust is everything; a breach can tarnish your image in no time; perhaps millions will have to be spent to gain back the confidence if you fall in the public eye for the wrong reasons.

Who does Cyberton represent to provision this technology?

Cyberton supports PT Security’s highly recognized Telecom Attack Discovery solutions which has been deployed in some of the biggest telecommunications organizations in the world including Middle East as well as other telcos across the world.

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

Findings by Positive Research are used for updating the MaxPatrol knowledge base and for development of security solutions including PT Application Firewall, PT Application Inspector, MaxPatrol Vulnerability and Compliance Management Solution, PT ISIM, PT MultiScanner and SS7 Attack Discovery. These products allow securing web applications, evaluating network protection, blocking attacks in real time, ensuring compliance with industry and national standards, and training security specialists. In 2015 and in 2016, the company was rated a Visionary in the Gartner Magic Quadrant for Web Application Firewalls (WAF).