Secrets When Buying a Signaling Firewall (SS7)

Reporting security vulnerabilities in networks SS7 and Diameter It's been well documented; most operators have already taken some form of action to protect their networks and subscribers. However, these measures vary greatly in terms of method and effectiveness; while more and more operators are monitoring their networks, reports of attacks are increasing. The truth is that most operators have not yet implemented comprehensive reporting firewall solutions on their networks.

Fortunately, this is changing; 2019 is set to mark a tipping point; many operators should move away from stop-gap reporting solutions and invest in firewall reporting. With so many options on the market, identifying the criteria for choosing the best solution can be a daunting task. To help you narrow down your options, we've outlined seven important considerations for choosing the right firewall reporting solution for your network.

1. Cover the basics - comply with GSMA guidelines

GSMA has published a set of guidelines for addressing the safety of SS7 and diameter; including firewall recommendations (GSMA FS.11 and GSMA FS: 19). The guidelines are the result of a joint effort between; leading security experts of mobile operators and telecommunication security distributors in the GSMA Anti-Fraud and Security Group (FASG). Together they represent the main reference point for signaling network security in the telecommunications sector.

The recommendations are an invaluable guideline for evaluating signaling firewall options; they exist to enable operators to make an informed decision. Therefore, the first step to ensuring you're adequately protecting your network is to choose a signaling firewall that complies with the GSMA guidelines.

2. Protect yourself from new threats

While a signaling firewall solution compliant with GSMA recommendations is highly recommended, adherence to the guidelines unfortunately does not guarantee complete protection. In addition to the signaling attacks primarily addressed by the GSMA guidelines, malformed packet attacks are a new and growing class of attacks that have been shown to cause high-impact security breaches. Malformed packet attacks in SS7 and Diameter signaling networks have the potential to take complete control of network elements, allowing remote eavesdropping, user tracking, persistent denial of service, traffic modification, and even complete network collapse.

Watch our webinar on hijacking network elements on SS7; a new type of attack for more information on how these attacks threaten signaling networks. To ensure that your network is protected from as many threat scenarios as possible; make sure that the firewall solution you choose is able to protect against all types of known attacks.

3. Maximize the impact of your investment

The right security measures in your network will protect you from disaster scenarios and protect your revenue streams. However, investments in security infrastructure do not always have a direct and obvious impact on profits. Competing resources mean that operators must ensure that their investments have the greatest possible impact. When quantifying risks based on real-world attack scenarios, SS7 still represents by far the largest potential attack surface followed by Diameter.

Together, they represent the highest probability of attacks successfully penetrating a network via signaling links. Prioritizing SS7 and Diameter security in your firewall investment will ensure you're spending your money where it will make a difference today, while also protecting the revenue streams you'll rely on tomorrow.

4. Make sure you get a quality telco product

Reliability is one of the most important aspects of any telco network, so it's only logical that the security solution should also be telco-grade. The five-nines indicator can be considered a standard in the telecommunications industry and should be included in any signaling firewall security solution. Furthermore, high availability and redundancy should be standard, with the vendor's hardware always backed up.

5. Go with an approved industry leader

While most carriers have not yet implemented a comprehensive signaling firewall solution, some do. The collective knowledge of these carriers is an invaluable indicator for evaluating market options. Roaming Consulting Company (ROCCO) published an independent report compiling feedback from fifty-seven mobile network operators on twenty-two signaling firewall vendors. The report ranks each vendor across a wide range of KPIs, including performance, value, and leadership. This report is an important resource for making signaling firewall choices, and it's always a good idea to tap into the wisdom of fellow industry experts.

6. Choose a partner who is one step ahead of the game

As the security community identifies new threats and creates more advanced tools to protect itself, malicious actors continue to find new ways to penetrate these defenses. This cycle requires security vendors not only to provide updates to their security solutions, but also to do so as quickly as possible to mitigate potential threats. To offer a top-of-the-line product that ensures maximum network security, a vendor must be at the forefront of the game, proactively seeking out new vulnerabilities instead of retroactively trying to patch them after the damage has been done.

Deciding on a reporting firewall solution should be the first step in a partnership with the vendor, and operators should strive to seek out partners who are active in reporting security research. Vendors that emphasize research and development, present at security events, and have extensive experience contributing to responsible disclosure programs like the GSMA's Coordinated Vulnerability Disclosure Program will likely be better positioned to add value to the partnership while also protecting against future threats.

7. Think green

In a world where businesses' environmental impact has become increasingly important, both for the companies themselves and the customers they serve, operators must also consider the environmental credentials of the suppliers they work with. In the telecommunications industry, individual cases of power-hungry network infrastructure have become the proverbial elephant in the room, but solutions like network function virtualization and consolidated SS7 and Diameter firewall implementations offer operators the opportunity to lead the industry in the right direction. By considering qualities like these and acknowledging internationally recognized and respected corporate social responsibility accreditations, operators themselves can play an important role in contributing to a sustainable future.

The need to effectively protect networks from signaling attacks is increasingly recognized by both operators and subscribers. It's promising to see a trend in which the telecommunications industry is taking action against these vulnerabilities by opting for comprehensive signaling firewall solutions. With many signaling firewall options available on the market, this guide should help you make the best choice for your network.