As unified communications and collaboration (UC&C) applications take hold in business enterprises, it follows—as day follows night—that those applications will be subject to attack over the IP network.
The typical security firewall protecting enterprise networks are able to cope with threats on the network and transport layers (OSI layers 3 and 4), but attacks on UC&C technology take place at the application layer (layer 7), and traditional security can’t detect, let alone repel them.
Yesterday, at the RSA conference in San Francisco, technology startup RedShift Networks announced a solution they are calling “unified communications threat management” (UCTM), which is designed to protect all of today’s critical networked communications applications—UC, collaboration, call center, and audio and video conferencing.
Enterprise VoIPplanet recently had an opportunity to speak with Redshift president and CEO Amitava Mukherjee, who explained the company’s approach—which centers around deep analysis of incoming packets.
“From the PBX vendor’s point of view, they have certain functionalities, like encryption, and strategies for dealing with general attacks like denial of service attacks,” Mukherjee said, “but they don’t have the capacity in the PBX or the unified communications application to deeply analyze packets that are coming in—especially when they have 10,000, 20,000, 30,000 calls coming in at the same time.
“That’s where the need for our product comes in,” he said, noting that previously there hasn’t been a comprehensive solution “that looks at all the different threats to the different UC pieces—voice, conference, collaboration, presence—all those different systems—and put in one single solution.”
RedShift’s work included extensive research on the total “universe of threats” to which IP-based communications applications are vulnerable—which include eavesdropping, toll fraud, number hijacking, call or collaboration session hijacking, media injection, and what Mukherjee calls ‘multi-layer’ attacks in which one attack is embedded inside another.
“Even heavyweight firewalls—such as Cisco or CheckPoint—only cover 10 to 20 percent of them, Mukhergee said. “That’s because they don’t go deeply into the application. They’re more at the network layer.”
RedShift’s technology is based on a complex algorithm that examines incoming information in real time. “We’re seeing packets coming in from the network and we have twelve mathematical algorithms that we run through looking for different types of threats,” he explained.
The technology also analyzes behaviors –of both users and applications—and correlates that with the information derived from deep packet analysis. The result is, as Mukherjee put it, a whole new generation of accurately, granularly detecting the threats.”
Moreover, RedShift’s solution mitigates some of the problems associated with certain other security technologies, such as intrusion prevention systems (IPSs), which are quite prone to ‘false positives’—events that look like attacks but in reality aren’t.
To deal with the supposed threat, “the IPS device would typically drop the packet coming through the network,” Mukherjee explained. “In the data world, that wouldn’t be a problem, as the application would simply re-try. But in the voice world, you have a call coming in, and if you drop his call, he may not call back.”
As of launch time, RedShift’s UCTM solution is available in a family of hardware/software appliances that sit in front of the PBX. Three different models support up to 100 users (the Falcon), up to 3,500 users (the Hawk), and up to 50,000 users (the Eagle)—with pricing starting at $2,000.
Next year, RedShift plans to release a virtualized version of the product. “So where people are implementing UC in the cloud offerings—where they have video conferencing, and collaboration applications and IP telephony more and more embedded in the cloud—we could have our solution that sits inside the cloud also as a virtualized entity,” Mukherjee said.
“We are also working with carriers, Orange, and Vodaphone,” Mukherjee said, “and folks in Telefonica and Telenex. It’s really interesting—they’re now being proactive in offering security to their customers, so it’s both an enterprise strategy and a carrier strategy.”