contact@p1sec.com +33 98045 0447

Infrastructure security gets focus

After NASDAQ hacks, infrastructure security gets more focus both from businesses and governements. Longtime considered a “second interest domain” after application security, both CEOs and lawmakers are beginning to understand that once an infrastructure is compromised, the confidence is lost by million of people, and the damage can hit the billion of dollar mark.

Telecom is exactly in that focus. It’s great when it works, and is supposed to work all the time with careful planning, deployment and testing. But telecom networks are suffering the same path as internet did: from normal operations to hostile conditions where spammers, unidentified attackers potentially backed by countries and fraudsters compete at abusing part of the network.

The resulting network instability, frauds, loss of image, loss of revenue or country-wide network downtime starts now to be seen, without the proper technology to proactively test your network against these risks, monitor the network at low level or conduct forensics. Thus the whole industry will have to “descend” in the lower layer of the network, auditing and monitoring not only CDRs and Billing Systems with FMS (Fraud Management Systems) but also caring about the low level SS7 and SIGTRAN signalling.

These times are now, as we’ve seen major outage that, so far, could not be traced down to a single reason or culprit. And thus nobody in these organization neither had the vision before hand on their network “pain points” nor could they, after the facts discover the technological origin of the problem, restarting was their only preoccupation.

Such business practice will gradually disappear and be replaced by proactive detection of vulnerabilities and reactive management of attacks through detection. SS7 and SIGTRAN vulnerability scanning is part of that new approach, and P1 Security is the key player in that domain with P1 Telecom Auditor, enabling both security and telecom experts AND managers, directors, executives to visualize and understand the security problems and solutions.

About the Author