Home
/
Blog
/

Intrusion detection on telephony networks

PTM is an IDS designed for SS7 and SIGTRAN networks, offering real-time detection, scalability, and a user-friendly interface for telecom security.

Product news
Apr 12, 2013
Intrusion detection on telephony networks

With the explosion in the mobile communications sector, the deregulation of public switched telecommunication networks (PSTN) as well as the introduction of many new services the dependence on the signalling system 7 (SS7) network has rapidly increased over the last two decades. Typically, monitoring systems on telephony networks have focused on fraud detection however the need for more effective and low-latency detection of attacks on today’s communication infrastructure has become indispensable (Gormann and Ruhl, 1999). Attacks range from fraudulent access to network services and databases (e.g., HLR) to gain access to private or sensitive information to denial of service type attacks to disrupt or deny telecommunication services.

PTM's role

P1 Security Telecom Monitor (PTM) is an Intrusion Detection System (IDS) specifically designed for SS7 and SIGTRAN networks. It is composed of a realtime detection framework and a reporting and monitoring user interface. PTM’s design allows it to be easily scaled from a single network tap to large-scale deployments throughout the network to be protected. The network traffic is filtered and processed in a decentralized manner while alerts are collected in a central datastore.

PTM detection framework

The PTM detection framework’s modular design allows us to quickly adapt and extend it to new attack types. Detectors are implemented as independent modules exposing a simple callback interface invoked by the detector framework upon interception of new traffic.

Attacks can often not be discerned from normal traffic by analyzing single packets, PTM also allows time-correlated events to be detected.

We believe that even the best IDS will be of little value if the detected events are not quickly translated into alerts and a response from the operations team. This is why PTM also offers a comprehensive web-based monitoring interface. On the one hand, a simple dashboard allows the engineer to gain a quick overview of the current status of the network and the most important threats. Aggregate statistics and real-time charts expose network activity and top attacks. On the other hand, detailed tabular reports allow the operator to understand and reconstruct events precisely and to react in the most appropriate fashion.

PTM UI

The combination of a scalable realtime traffic monitor, an extensible event-detector framework and simple yet powerful interface position P1 Telecom Monitor at the forefront of intrusion detection systems in the telecommunications sector.

Summary
Download our whitepaper

LTE Pwnage: Hacking HLR/HSS and MME Core Network Elements

By clicking download you confirm that you accept our terms and conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Be informed

SS7 Attacker Heaven turns into Riot: How to make Nation-State and Intelligence Attackers’ lives much harder on mobile networks

By clicking download you confirm that you accept our terms and conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Towards Harmonization: Mapping EU Telecom Security Regulations and their evolution

By clicking download you confirm that you accept our terms and conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.