SIP Security

Comprehensive solution to safeguard your network from SIP vulnerabilities and attacks
Overview
The global VoIP market is growing significantly with the increase of penetration of VoLTE networks, the surge in the VoIP traffic, etc., which has led to Session Initiation Protocol (SIP) becoming a de-facto protocol for voice-over IP (VoIP) communication. SIP is an application layer protocol for creating and terminating sessions with one or more participants. Due to lower costs, a large amount of international traffic is being transmitted through SIP interfaces compared to traditional interfaces such as ISUP and Diameter; thus, operators are now moving from conventional services to SIP-based services. However, due to the nature of the SIP, it is highly prone to attacks from external factors. It has a larger potential attack surface as well as a massive number of potential attackers with the necessary skills to understand and attack it. Attackers use techniques such as SIP network fingerprinting, DNS/Internet Reconnaissance, SIP Port scanning, etc., to carry out the attacks.
Subex SIP Security solution protects the network from outside attacks and abuse. Our solution will protect you from these threats and attacks before they cause any damage to the network or the user with our multi-layered security mechanism.

Key Highlights

SIP Stateful Systems

Apart from analyzing the event as the call initiation happens, our solution is also stateful in nature, keeping track of every request and the response received. This enables tearing down the call as it is happening (in near-real time) based on any abnormality in the state of the call.

SIP Signatures

58,400 unique threat intelligence signatures are gathered from our global honey pot infrastructure deployed in 66 different locations worldwide. We collect information based on geolocations, IP addresses, high-risk destinations, agents used in the attacks, and various other attack vectors. We make use of deep packet inspection to generate the signatures.

SIP Heuristics

Over 3000 pre-configured rules and the threat intelligence from the global honey pot infrastructure is fed into our system to detect known attacks and reduce fraud run-time significantly.

ML-Based Anomaly detection

SIP attacks are constantly evolving. Machine learning provides a number of possibilities for the detection of new SIP attacks and threats. It can help detect new malformed SIP messages, the correlation between different attack types, and abnormal behavior with respect to origination & termination calls.

Main fraud and security attacks addressed by our solution

CLI Spoofing
CLI spoofing is one of the common methods used by fraudsters to identify themselves as a trusted caller. Our solution leverages signatures and machine learning-based algorithms to identify spoofed calls in real-time and avoid impacting customers.
PBX/IP PBX Hacking:
Traditionally PBX hacks are identified post call records are generated (CDR-based analysis) to IRSF destinations, high-risk countries, etc. With our solution, you can proactively detect PBX/iPBX hacks at the stage of the compromisation of PBX/IP PBX itself.
Wangiri Fraud
Wangiri fraud still continues to be a major problem across the globe. Our solution proactively detects Wangiri attacks in the first few attempts. It reduces the impact on your customer base significantly by monitoring at the signaling level, including (but is not limited to) erroneous (client errors/server errors/ global errors) events using our signatures that cannot be identified in the CDR-based approach.
Early detection of IRSF
With the global honeypot network, intelligence is gathered from over 66 countries; Subex collects information based on geolocations, IP address, agents used in the attacks, attack methods, and gathers intelligence on the new IPRN number ranges, high-risk destinations, and numbers. These active threat intelligence updates are pushed automatically to the operators on a near-real-time basis to safeguard their networks from future events of traffic to these destinations or numbers.
SIP Register Flood Attacks
SIP Register flood consists of sending a high volume of SIP REGISTER or INVITE packets to SIP servers (indifferently accepting endpoint requests as the first step of an authentication process), exhausting the bandwidth and resource. With the help of signature-based and ML-based anomaly engine detection, our solution can proactively prevent this and safeguard your customers.
Malicious User Agent Attacks
Attackers make use of open-source tools available in the market to find the vulnerabilities in the server and exploit them. We prevent such attacks by using active threat intelligence by gathering signatures and heuristics from Subex’s honeypot network backed by our research team to keep you ahead of such attacks.
Why only SBCs and Firewalls are no longer enough to protect SIP?

SBCs are network elements that exert influence over the data flows of sessions. They provide valuable security and often other key functionality such as session management. However, a more sophisticated approach to SIP security is needed. We need to adopt a comprehensive approach in which the SBC while playing an important part, is one of several defenses. A comprehensive approach to SIP security is required and goes beyond reliance on SBCs.

On the other hand, firewalls monitor and control incoming and outgoing network traffic based on predetermined security rules. However, it is static in nature, identifying known attacks based on IP addresses and other static parameters. Also, it lacks contextual information regarding the SIP traffic. The need of the hour is to have a more dynamic fraud detecting and preventing mechanism.

See how Subex SIP Security can help your organization
Enhanced Threat Intelligence
Enables you to stay ahead of fraudsters with active threat intel sourced from Subex’s honeypot network deployed in 66 different locations around the world.
Positive Brand Image
Safeguard customers from attacks, reduce customer churn, improves customer experience, thus building a positive brand image.
Increased Accuracy
Decreases false positives significantly with the AI/ML models, thus increasing accuracy.
Flexibility & Scalability
Investigates complex, next-gen attacks with easy and flexible controls. Native big data support for scalability and real-time processing.
Comprehensive Threat Coverage
Increases threat coverage across various services and network layers with active threat intelligence and focussed threat libraries.
Future-proof network against next-gen attacks
Identifies unknown unknowns, with an anomaly engine, thus making it future-ready.
See how Subex SIP Security can help your organization
Positive Brand Image
Safeguard customers from attacks, reduce customer churn, improves customer experience, thus building a positive brand image.
Increased Accuracy
Decreases false positives significantly with the AI/ML models, thus increasing accuracy.
Enhanced Threat Intelligence
Enables you to stay ahead of fraudsters with active threat intel sourced from Subex’s honeypot network deployed in 66 different locations around the world.
Comprehensive Threat Coverage
Increases threat coverage across various services and network layers with active threat intelligence and focussed threat libraries.
Future-proof network against next-gen attacks
Identifies unknown unknowns, with an anomaly engine, thus making it future-ready.
Flexibility & Scalability
Investigates complex, next-gen attacks with easy and flexible controls. Native big data support for scalability and real-time processing.

Check out Subex SIP Security features

Proactive & Self-learning Capabilities
Our solution’s machine-learning and automated attack surface identification is a perfect solution designed to secure the network from new and unidentified potential risks and zero days.
Stateful System
Being stateful in nature, our solution has the capability to tear down the call in a particular state of the call.
Agentless and Non-Intrusive
Our solution does not require agents to be deployed on endpoints. The solution is non-intrusive, requiring no updates to the existing ecosystem.
Multi-Tier Detection
Our solution combines a 3-tier strategy - Signatures, Heuristics, and Machine Learning to detect vulnerabilities.
Intelligent Anomaly Detection
Our solution’s anomaly detection algorithms helps in avoiding false positives and improve the accuracy of alarms.
Active threat intelligence
Subex runs and manages a telco-focused honeypot with over 400 different architectures and 4000+ devices in over 66 countries.
Resource center
SIP Security
Flyer

SIP Security

SIP Security: Why should it matter?
Point of View

SIP Security: Why should it matter?

Leading Middle East Operator chooses Subex for a holistic risk management approach
Case Study

Leading Middle East Operator chooses Subex for a holistic risk management approach

Related blogs
Get the perspective of our subject matter experts, read artifacts about our solutions and learn about our success stories.
Fraud Management
Combat SIP threats with a Proactive Approach
Get started with Subex
Request Demo Contact Us