Voice Firewall | Network Services

.

Voice Firewall

Deploying a layer of security for voice service threats

Developed to protect against voice network attacks

CSPs' voice infrastructure is constantly facing massive network attacks from a broader spectrum of threat actors along with substantial fraudulent challenges. As an example, you can see the huge investments that have been made to secure computer data networks and email. Spam filters have developed to the point where it is rare for spam to be read, it is nearly always filtered out and most people know to ignore it in the rare cases it isn't caught. However, the same cannot be said for voice messages.

Based on Mobileum’s vast experience, expertise, and access to network information, its voice firewall can monitor the network to generate alerts, and control inbound and outbound voice network activity based on user-defined call admission control (CAC) policies, to do automatic blocking of illegal activities.

Multiprotocol analysis for superior voice protection

According to the CFCA 2019 report, there has been a steady increase in telecom fraud; however, the ones that are increasing the most are the voice-related frauds. The growth in VoIP networks has introduced new vulnerabilities in the SIP protocol that are now being exploited along with SS7, diameter, and GTP to perpetrate voice fraud.

These types of fraud and network attacks cannot be adequately addressed with traditional IP firewalls or Session Border Controllers (SBCs/eSBCs). If left unattended, these loopholes can lead to voice service disruption, impacting CSPs revenue, customer experience, government regulations, and overall network productivity. In the absence of an effective policy enforcement solution, CSPs will certainly witness massive fraudulent attacks.

Mobileum Network Services Portfolio

Discover why the Mobileum product portfolio is changing the network landscape worldwide.

Go beyond SBC traditional capabilities to enhance voice protection

A session border controller (SBC) is a device regularly deployed in VoIP networks to exert control over the signaling and also the media streams required in setting up, conducting, and cutting down telephone calls or other interactive media communications.

One of the problems with just relying on SBC for voice protection is that many communication networks still use TDM-based technology. Besides, these networks are often a mix of different vendor solutions, including multiple versions from the same vendor, resulting in a variety of signaling and media protocols such as MAP or Diameter, that need to be supported in the same call. For service provider networks experiencing a mix of Public Switched Telephone Network (PSTN) and Voice over Internet Protocol (VoIP) traffic, Mobileum’s Voice Firewall delivers in a single device the security functions that allow TDM and IP networks to deliver voice calls safely and secure.

STIR/SHAKEN support for protection on Caller ID Spoofing and Robocalling

The increase in unwanted calls affects almost everyone with a phone in the United States nowadays. Even more disturbing are the calls where fraudsters hide their identity, by spoofing or changing the caller ID, using schemes to try to target or defraud consumers. The STIR and SHAKEN framework is at this stage the most reliable way to provide a mechanism of trust in the displayed caller name and number by authenticating the calling number.

Our Voice Firewall leverages all of Mobileum’s expertise on national and international voice traffic, signaling security and fraud management expertise together with the STIR/SHAKEN framework, to ensure the calling number of a telephone call is secure without wrongly blocking or marking legit users or companies as spam.


Superior level of fraud protection when integrated with FMS analytics

The first step towards dealing with voice fraud is its detection. As the first level of defense, Mobileum’s voice firewall can automatically scan through phone number databases, ranges, and destinations to determine “blacklist” callers. The second pillar of telecom anti-fraud measures is Mobileum’s fraud management system (FMS) advanced analytics. Most of the voice fraud schemes previously mentioned assume certain behavioral patterns that require further analytics without delaying calls. Learning to identify them in near real-time is the key to effective fraud prevention. Some examples of analytics for voice fraud detection include:
  • Comparing measured call duration with the expected (average) length of calls;
  • Analyzing frequent sequential ringing and call overlapping from the same numbers;
  • Performing statistical analysis of the volume of charged calls in relation to initiated calls (measuring ASR: answer seizure rate);
  • Looking for traffic filtration rules with neural networks for telecom fraud detection.

Extended protection with contextual analysis of your TDM or SIP voice network

The transition to All-IP requires “Gateways” to convert legacy signaling and traffic carried over TDM to new IP signaling and traffic carried over IP/Ethernet. The gateways must achieve synchronization between TDM circuits and IP networks and cope with impairments of the underlying networks. Most operators usually have national and international voice service planes. Both these services typically use TDM (ISUP), and SIP interconnects.
 
Mobileum’s Voice Firewall handles both legacy, and IP interconnects, with the capability to communicate in CAMEL, INAP, and SIP/SIP-I, bringing the ability to understand the call routing, adding the capability of call context analysis to check for context miss behavior. i.e. An MT call, with a calling number which belongs to the country fixed-line number range, cannot reach the operator on the international mobile gateway.

6 key good reasons why you should deploy Mobileum’s voice firewall

Prevents voice fraud
Validation mechanisms for call fraudulent schemes, such as CLI spoofing, robocalling, and others by monitoring incoming/outgoing calls according to carrier policies.

Reduces business costs
Voice fraud is a significant and growing problem in the telecommunications industry. A single fraud event can easily cost a company from thousands to millions of dollars.


Blocks connections in real-time
Our system scans pre-created watch lists against each call to identify suspected fraud. In case a fraudster is identified, the solution can block the caller and alert the fraud team
Reduces disputes with service providers
Voice fraud is known as one of the top inter-carrier fraud cases, and to expose them, time and reliable data are crucial. Monitoring of inbound calls, and, most specifically, the route was taken to arrive onto the network.
Improves customer experience
Criminals are coming at all people from all directions, including their phones. Overall, fraud and spam is the ultimate impact on voice customer experience.
Integrates tightly with FMS analytics
Working independently of the fraud management system that customers have in place, the Voice Firewall can work as the first level of defense against fraud as well as getting inputs from the fraud management system to block voice calls in real-time.

Mobileum Voice Firewall brochure

Discover how the Mobileum Voice Firewall is changing the voice network security landscape.

The advantages of collaborating with Mobileum

Mobileum Voice Firewall uses cross-protocol checks on the signaling of your VoIP traffic to prevent attacks, much faster than other solutions on the market that are just using CDR analysis. Any CSP can use our voice firewall as a bolt-on to their existing fraud management system to assure customer security. Mobileum leverages the power of its global deployments to make its solutions more effective. Our firewalls include an advanced threat intelligence capability to produce a worldwide defense to CSPs against attacks such as:
  • Unauthorized Voicemail Access;
  • DoS/DDoS via Call to MSRNs;
  • IRSF, Wangiri, PBX Hacking (revenue share, robocalls, Dip-fee fraud…);
  • Robocalling and CLI Spoofing.

Deliver voice call security while shielding the customer experience

Because of the nature of the VoIP network, special care must be taken to ensure that the implementation of a firewall will allow voice communications to take place without compromising vital communications. Having that in mind, Mobileum has developed its voice firewall so that it can be deployed in a way that offers CSPs’ network the required level of protection, while at the same time not obstructing their VoIP communications by delivering the following capabilities:
  • Curated Deny lists;
  • Enforcing Voice Policy and call treatment with ingress, egress, and transit call treatment ;
  • Unique handling for caller ID on spoofing detection process;
  • Support for legacy TDM ISUP and CAMEL roaming as well as SIP and STIR/SHAKEN;
  • A unique approach for handling False Answer Supervision (FAS) and Call Stretching (CS).

Tag suspicious calls as “Scam Likely”

Nobody wants unwanted scam calls and spoofed robocalls. Phone scams are a real problem where your subscribers can lose a lot of money as well as it can damage the MNO brand perception. Just like with email spam blockers, anti-scam features need to deliver accurate filtering verdicts. To eliminate the possibility of good voice call being identified as spam (also known as false positives), our voice firewall offers the possibility to deliver the “Scam Likely” tag upon received calls. Using this feature, in case of doubt, operators do not just block all calls, since subscribers still receive them, just in case they’re real. That said, it’s very unlikely a real call will be tagged as a likely scam by our voice firewall, but it’ll still give your subscriber a heads up before they are about to answer a call from a known scammer’s phone number.

Check out other Mobileum products to enhance your business

Cross-Protocol Signaling Firewall
Mobileum has a state-of-the-art signaling firewall as part of its security threat detection portfolio, protecting against malicious attacks under network signaling systems like SS7, CAMEL, Diameter, MAP, GTP, SIP and 5G HTTP/2.
CLI Spoofing and Robocalling Fraud
Fraudsters can generate false calling party information and pass it onto the PSTN via SS7 using IP technology. Mobileum Robocalling fraud solution, combined with a voice firewall, can sort good traffic from bad, block unwanted calls, and keep a voice network safe and secure from attack.
RoamPolicy
Monitor and control network use in real-time to boost roaming revenues. Support the creation and enforcement of a wide range of roaming service packs, across voice, SMS, and data services.

Kaleido Intelligence Research

Wholesale Roaming Strategies & Competitive Landscape White Paper

Support mobile services on a single virtualized infrastructure

Network Function Virtualization (NFV) is gaining traction in enterprises and CSPs as it offers faster service enablement and easier deployment of applications which require consistency, determinism, and predictability. The nature of containers allows the deployment of microservices, where each part of a service is decomposed into a separate container to provide modular development, easy deployment, and scaling models.

Mobileum's Voice Firewall can be deployed in a containerized environment to enable a faster network function deployment and flexible implementation to match CSP's needs to have a programable network.

Deploy Mobileum's voice firewall in a private or public cloud environment

Mobileum's Voice Firewall can be deployed in public or private cloud envinment. The use of a private cloud is now a common use for telco's network services. However, the use of a public envinment can bring to telcos lower operational costs than those associated to traditional networks, and the ability to bring services to market much quicker then before. Mobileum's voice firewall implementation brings all these capabilities to the MNO as part of a NaaS strategy.