1 / 15

Unified Communications Threat Management (UCTM)

Unified Communications Threat Management (UCTM). The Dark Side of SOA Solutions Roger Toennis Redshift Networks Inc. Sr. Director of Product Management. Total Market UC $30 billion 2011 . 4% = Security TAM $1.2B 2011. SOA & Unified Communications Deployments. SOA $18.2 billion in 2012.

kasen
Download Presentation

Unified Communications Threat Management (UCTM)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unified Communications Threat Management (UCTM) The Dark Side of SOA Solutions Roger Toennis Redshift Networks Inc. Sr. Director of Product Management

  2. Total Market UC $30 billion 2011 4% = Security TAM $1.2B 2011 SOA & Unified Communications Deployments SOA $18.2 billion in 2012 IP PBX $12 billion in 2011 UNIFIED COMMUNICATIONS $18 billion in 2011 200k to 300K IP Phones Mobility Deployment of 45K UC Cisco IP Phones Customer Contact Conference Deployment of 10K UC Cisco IP Phones IP PBX Source: Synergy, Datamonitor, Wainhouse, Ovum, Cisco, Avaya 180K IP Phones

  3. The Hype Cycle Defined (Gartner) Trigger SOCIALIZATION DELIVERY

  4. Hype Cycle for Enterprise Communications Apps

  5. The “Network Complexity” Threat Internal and External Complexity is the Biggest Threat

  6. UMA/GSM WiFi/WiMax Dual-Mode The Expanding Exposure/Threat Landscape Database Server Farm Presence/UC Server Farm Email Server Farm Web Server Farm Enterprise C Enterprise B IP PBX Server Farm Mainframes Anti-SPAM IPS-DPI DB Firewall Enterprise Service Provider BYOB “Broadband” Voice Everywhere!!! WiFi Dual-Mode SOHO/Remote

  7. Evolution to Converged Communications Converged Communications Weak Security • Rich multimodal user • experience • Dynamic applications • Communications Enabled • Business Process (CEBP) • Built on converged • networks • High Exposure High Asset Exposures Converged Networks • Integrated voice, video • & Data applications • Distributed apps • Hybrid networks (TDM, VOIP) • Unified Communications • (UC) • Medium Exposure Medium Security Traditional Medium Asset Exposures • Separate voice, video • & Data networks • Isolated networks • Low Exposure Strong Security Low Asset Exposures Integrated Modular Systems Distributed Software and Systems

  8. Communications Enabled Business Process (CEBP) Server/Solution Integration = New/Unknown Threat Potential

  9. Evolving New Pain Points Emerge - VOIP Threats IP PBX Unified Messaging / PBX VPhishing SPIT VDOS Banks IP PBX High-Tech company East/West banks “Advertisement” Network Network Network Customers Account Number & PIN “Advertisement” NASA / NTT Fake IP PBX Number Harvesting Eavesdropping Toll Fraud FBI IP PBX IP PBX Major hospital IP PBX $40 billion loss “Buy $10,000,000” “123” “100” Dad London Network Network “456” Network “200” 123 456 100 200 300 “Buy $100,000,000” Mom Uncle “300” Tokyo Delhi

  10. VOIP and UC Threats • Security threats to networks in general are increasing over year (CERT Vulnerability Stats) • VOIP, UC and CEBP Applications present several hundreds of threat vectors (additional) • Security awareness within IP telephony is lagging “traditional data” in general

  11. VOIP/UC Attacks Timeline GARTNER (2007) Enterprises that don’t spend on IP Telephony Security today will end up spending 20% of their Security Operations Budget on it in 2011. Enterprises that are proactive in nature will only spend 5% of IP Telephony Security Bank of America St. Barbara Bank East Coast Bank UC attacks 2005 $22B loss - SPAM BotNet VOIP Phishing Microsoft Announces Vulnerability Cisco,Blackhat announce VOIP vulnerabilities SPAM Layer 5-7 VOIP SPIT Application Loveletter $8B Loss Blackhat Announces Vulnerability Slammer $2B Loss VOIP Vmail Spoof Spyware Code Red $2.6B Loss NASA Utility VOIP Data toVoice Trojans Layer 1-4 Infrastructure Worms Pena - $1M Stealth - $26M Panama - $100K VOIP Toll Fraud 7% 42% Virus 5% 2010 2005 2000 1995

  12. Current Solutions are Lacking!! SMTP SIP, SCCP, H323, RTP IP/UDP/TCP Unprotected ICMP/IP Anomaly Anomalies TCP Protocol Anomalies SIP/RTP Unprotected Exposed Ports Weak Permissions EMAIL SPAM VOICE SPAM (SPIT) Unprotected ICMP Floods TCP / SYNC FLOOD SIP RTP TLS Floods Brute Force Attacks HTTP Unprotected Worms Viruses Malware Buffer Overflows Registration Hijacking Toll Fraud Call Forwarding Impersonation Spoofing Unprotected Session Tear Down Illegal Media Injection Redirection Mixing Collaboration Unprotected 1000s Of Other Attacks Unprotected

  13. Emerging Awareness of VoIP/UC Vulnerabilities • GARTNER (2007) • “Enterprises that don’t spend on IP Telephony Security today will end up spending 20% of their Security Operations Budget on it in 2011. • “Enterprises that are proactive in nature will only spend 5% of IP Telephony Security” Yankee Group

  14. CEBP Solutions 2 4 5 1 Data & Voice VLAN Security 3 A. Remote User VoIP B. SIP Trunking VoIP Wireless Security Visibility & Control of Multiple Enterprise Domains Enterprise C Enterprise B IP PBX, Database Server Farm Email Server Farm Web Server Farm Desktop VLAN DB Firewall Service Provider Anti-SPAM IPS-DPI Microsoft OCS VoIP VLAN IP PBX, Presence UMA/GSM WiFi/WiMax WiFi IP PBX/Presence/UM Server Farm Enterprise A Dual-Mode Dual-Mode

  15. IT Needs Better "Visibility" & "Control" at the… • Corporate Network Edge • WAN Mobility/Home Office/Branch Office/SIP trunking • Corporate “Wireless Network” Edge • Campus/Inbuilding WiFi-DECT • VoIP Server DMZ • Critical Reliability Voice Assets • PBX/Conference Bridges/IP Phones • UC "Desktop/Server" Integrations • Next generation Desktop UC solutions (OCS/IBM Lotus/Etc) • CEBP "Server to Server" and “Server to Hosted Service” Integrations. • Voice Enabled Oracle/SAP, Voice Enabled Salesforce.com • Voice Alerts for Supply Chain, Converged B2B Federations , etc.

More Related