Eric Krapf
Eric Krapf is General Manager and Program Co-Chair for Enterprise Connect, the leading conference/exhibition and online events brand in the...
Read Full Bio >>

Eric Krapf | February 24, 2011 |


Security in Communications: Report to the Industry

Security in Communications: Report to the Industry SecureLogix has prepared a groundbreaking study that we'll release on the final day of Enterprise Connect, in a session that also features a representative of the NSA.

SecureLogix has prepared a groundbreaking study that we'll release on the final day of Enterprise Connect, in a session that also features a representative of the NSA.

One subject that we haven't talked a lot about in the runup to Enterprise Connect is security. There was a lot of concern about security when voice first moved to IP and network managers realized that anything you could do to attack an IP network, you could now do to a voice network that ran on IP. Concerns range from basic distributed denial of service (DDoS) attacks that target the IP network, in which voice is collateral damage; to the prospect of IP packets being captured and played back in various eavesdropping or impersonation scenarios.

So what's actually been going on? How real is the security threat, and what should you be doing to combat it? That's the topic we're going to tackle on Thursday morning, a week from today, at Enterprise Connect. And I'm pleased that we've got two top experts to join us on the main stage, each of whom offers a unique perspective.

Many of you in our VoiceCon/Enterprise Connect/No Jitter extended family know Mark Collier of SecureLogix. Mark is one of the godfathers of the VOIP security issue; he was a driving force in the founding of the VOIP Security Alliance, and wrote one of the first books on this subject, VOIP Hacking: Exposed, with David Endler, then of TippingPoint. Mark', along with his SecureLogix colleague Rod Wallace, VP of Global Services, is going to share with us some of the results of a major new Report to the Industry that SecureLogix will release the morning of the session (sneak preview of this in a moment).

Mark's going to be joined on stage by Troy Lange, NSA/IAD Capabilities Manager for Mobility at the U.S. National Security Agency (NSA). We're really delighted to have Troy on the stage, as NSA is obviously a major player in all issues relating to computer and network security, and Troy is going to share some perspectives we haven't had a chance to hear at Enterprise Connect in the past.

Back to SecureLogix's Report to the Industry: I just received the completed report, and I'll be posting it on line just before the session kicks off on Thursday morning, so watch our Enterprise Connect coverage space for the download of this 23-page PDF. In the meantime, a short preview.

From the introduction to the report, here's why SecureLogix says such a document--hopefully updated annually--is needed:

Several industry reports have emerged since the late 1990s detailing real-world, measured security issues and threat levels associated with data networks and IP-based communications. Examples of such reports include the "State of Enterprise Security Annual Report" by Symantec, and the "Annual Computer Crime and Security Survey Report" by the Computer Security Institute. These reports play an important role in profiling and measuring IP and data network threats and incident levels to help guide corporate security decision making, while educating the public at large. Interestingly, a dearth of attack and threat data for voice/UC communications exists, even though voice technologies pre-date IP systems by more than 100 years. This may partly be explained by the fact that virtual or network-based crime is a fairly recent phenomenon. However, the primary explanation is the lack of real-time network monitoring tools capable of identifying and characterizing voice attacks.

In the absence of real-world data, the industry has turned to prognosticating. Most papers, presentations and discussions on Voice/UC security found today invariably focus on potential vulnerabilities discovered in laboratory environments that may or may not exist in the future as communication technologies and networks evolve. However, almost no real-word, observable data or public reports illustrate these laboratory-based, potential threats actually occurring today. While academic debates over future threats can be interesting, they are not what is needed to understand the attacks and fraud schemes that may be causing substantial damage to your enterprise and customers today.

The report has a wealth of data and conclusions about the threats to enterprise voice communications, but this chart pretty much sums up the major categories of threats, and what SecureLogix's research has found about their severity. The vertical axis is "Activity Increase" and the horizontal axis is "Severity".

The report goes on to present detailed findings under each of these categories--Social Engineering, TDoS (Telephony Denial of Service), etc. It concludes with a "Threat Forecast" that predicts, among other things:

The greatest threats to enterprises will occur because the Public Voice Network will continue to allow more VoIP-based access, will become increasingly hostile, and will therefore increasingly be the source of malicious calls. This network will increasingly look like the Internet from a call-generation standpoint. While packet attacks remain unlikely, even when using enterprise SIP trunks, voice-application level threats (harassing calls, social engineering, TDoS, vishing, and SPAM) will become increasingly prevalent and severe.

As mentioned, we'll post the whole report on line just before next Thursday's session.


August 29, 2018

Moving your voice services to the cloud introduces new challenges for 9-1-1 services. These include the need to serve multiple locations, and the increased mobility that comes with having a phone t

August 8, 2018

Artificial intelligence (AI) is becoming a reality for your contact center. But to turn the promise of AI into practical reality, there are a couple of prerequisites: Moving to the cloud and integr

June 20, 2018

Your enterprise may have adopted SIP Trunks, but are you up to date on how the latest technology is driving evolution in approaches?

In this webinar, youll learn how the new generation of SI

March 12, 2018
An effective E-911 implementation doesn't just happen; it takes a solid strategy. Tune in for tips from IT expert Irwin Lazar, of Nemertes Research.
March 9, 2018
IT consultant Steve Leaden lays out the whys and how-tos of getting the green light for your convergence strategy.
March 7, 2018
In advance of his speech tech tutorial at EC18, communications analyst Jon Arnold explores what voice means in a post-PBX world.
February 28, 2018
Voice engagement isn't about a simple phone call any longer, but rather a conversational experience that crosses from one channel to the next, as Daniel Hong, a VP and research director with Forrester....
February 16, 2018
What trends and technologies should you be up on for your contact center? Sheila McGee-Smith, Contact Center & Customer Experience track chair for Enterprise Connect 2018, gives us the lowdown.
February 9, 2018
Melanie Turek, VP of connected work research at Frost & Sullivan, walks us through key components -- and sticking points -- of customer-oriented digital transformation projects.
February 2, 2018
UC consultant Marty Parker has crunched lots of numbers evaluating UC options; tune in for what he's learned and tips for your own analysis.
January 26, 2018
Don't miss out on the fun! Organizer Alan Quayle shares details of his pre-Enterprise Connect hackathon, TADHack-mini '18, showcasing programmable communications.
December 20, 2017
Kevin Kieller, partner with enableUC, provides advice on how to move forward with your Skype for Business and Teams deployments.
December 20, 2017
Zeus Kerravala, principal analyst with ZK Research, shares his perspective on artificial intelligence and the future of team collaboration.
December 20, 2017
Delanda Coleman, Microsoft senior marketing manager, explains the Teams vision and shares use case examples.
November 30, 2017
With a ruling on the FCC's proposed order to dismantle the Open Internet Order expected this month, communications technology attorney Martha Buyer walks us through what's at stake.
October 23, 2017
Wondering which Office 365 collaboration tool to use when? Get quick pointers from CBT Nuggets instructor Simona Millham.
September 22, 2017
In this podcast, we explore the future of work with Robert Brown, AVP of the Cognizant Center for the Future of Work, who helps us answer the question, "What do we do when machines do everything?"
September 8, 2017
Greg Collins, a technology analyst and strategist with Exact Ventures, delivers a status report on 5G implementation plans and tells enterprises why they shouldn't wait to move ahead on potential use ....
August 25, 2017
Find out what business considerations are driving the SIP trunking market today, and learn a bit about how satisfied enterprises are with their providers. We talk with John Malone, president of The Ea....
August 16, 2017
World Vision U.S. is finding lots of goodness in RingCentral's cloud communications service, but as Randy Boyd, infrastructure architect at the global humanitarian nonprofit, tells us, he and his team....
August 11, 2017
Alicia Gee, director of unified communications at Sutter Physician Services, oversees the technical team supporting a 1,000-agent contact center running on Genesys PureConnect. She catches us up on th....
August 4, 2017
Andrew Prokop, communications evangelist with Arrow Systems Integration, has lately been working on integrating enterprise communications into Internet of Things ecosystems. He shares examples and off....
July 27, 2017
Industry watcher Elka Popova, a Frost & Sullivan program director, shares her perspective on this acquisition, discussing Mitel's market positioning, why the move makes sense, and more.
July 14, 2017
Lantre Barr, founder and CEO of Blacc Spot Media, urges any enterprise that's been on the fence about integrating real-time communications into business workflows to jump off and get started. Tune and....
June 28, 2017
Communications expert Tsahi Levent-Levi, author of the popular blog, keeps a running tally and comprehensive overview of communications platform-as-a-service offerings in his "Choosing a W....
June 9, 2017
If you think telecom expense management applies to nothing more than business phone lines, think again. Hyoun Park, founder and principal investigator with technology advisory Amalgam Insights, tells ....
June 2, 2017
Enterprises strategizing on mobility today, including for internal collaboration, don't have the luxury of learning as they go. Tony Rizzo, enterprise mobility specialist with Blue Hill Research, expl....
May 24, 2017
Mark Winther, head of IDC's global telecom consulting practice, gives us his take on how CPaaS providers evolve beyond the basic building blocks and address maturing enterprise needs.
May 18, 2017
Diane Myers, senior research director at IHS Markit, walks us through her 2017 UC-as-a-service report... and shares what might be to come in 2018.
April 28, 2017
Change isn't easy, but it is necessary. Tune in for advice and perspective from Zeus Kerravala, co-author of a "Digital Transformation for Dummies" special edition.
April 20, 2017
Robin Gareiss, president of Nemertes Research, shares insight gleaned from the firm's 12th annual UCC Total Cost of Operations study.
March 23, 2017
Tim Banting, of Current Analysis, gives us a peek into what the next three years will bring in advance of his Enterprise Connect session exploring the question: Will there be a new model for enterpris....
March 15, 2017
Andrew Prokop, communications evangelist with Arrow Systems Integration, discusses the evolving role of the all-important session border controller.
March 9, 2017
Organizer Alan Quayle gives us the lowdown on programmable communications and all you need to know about participating in this pre-Enterprise Connect hackathon.
March 3, 2017
From protecting against new vulnerabilities to keeping security assessments up to date, security consultant Mark Collier shares tips on how best to protect your UC systems.
February 24, 2017
UC analyst Blair Pleasant sorts through the myriad cloud architectural models underlying UCaaS and CCaaS offerings, and explains why knowing the differences matter.
February 17, 2017
From the most basics of basics to the hidden gotchas, UC consultant Melissa Swartz helps demystify the complex world of SIP trunking.
February 7, 2017
UC&C consultant Kevin Kieller, a partner at enableUC, shares pointers for making the right architectural choices for your Skype for Business deployment.
February 1, 2017
Elka Popova, a Frost & Sullivan program director, shares a status report on the UCaaS market today and offers her perspective on what large enterprises need before committing to UC in the cloud.
January 26, 2017
Andrew Davis, co-founder of Wainhouse Research and chair of the Video track at Enterprise Connect 2017, sorts through the myriad cloud video service options and shares how to tell if your choice is en....
January 23, 2017
Sheila McGee-Smith, Contact Center/Customer Experience track chair for Enterprise Connect 2017, tells us what we need to know about the role cloud software is playing in contact centers today.