A blog by Pieter Veenstra, Senior Manager Product Development – Security and Routing
Security threats in SS7 and Diameter have become more sophisticated and more severe in recent years because both hackers and fraudsters have advanced their techniques, and access to the signaling networks has become easier and less costly. In addition, trust can no longer be guaranteed between mobile roaming partners.
In parallel, subscriber awareness and regulatory pressure have increased, including more restrictive data protection legislation such as GDPR in Europe. Hence mobile operators can no longer sit on their hands but need to invest in appropriate signaling firewall solutions to avoid the risks of brand damage, subscriber complaints, and high fines for privacy violations.
Technological evolution towards distributed and virtualized networks brings new risks, with the introduction of IT-based solutions, which in practice are more open to vulnerabilities. Additionally, the distributed infrastructure with Multi-Access Edge Computing (MEC) in 5G networks, comes with other performance expectations and demands for security solutions. These have to be able to handle the consequences of low latency, massive numbers of connected devices, and the high bandwidth characteristics of these new mobile network architectures.
However, in our conversations with potential customers, we identified that mobile operators experience big difficulties to evaluate the supported capabilities by the signaling firewall products of different vendors. This was the principal reason to ask Strategy Analytics for a competitive comparison, that provides mobile operators with the appropriate evaluation criteria for the selection between the various signaling firewall products.
The evaluated signaling firewall solutions of NetNumber, Adaptive Mobile, Mobileum and Oracle were compared in terms of the following key criteria:
- Architecture & Design Approach
- Methodology for Security and Threat Detection
- Performance – Real-Time / Distributed Network & Low Latency Threat Detection
- Multiprotocol Signaling and Active GSMA Use Categories
- Operational and Administrative Support Tools
- Automated data feeds for Provisioning Signaling Firewall Rules
- Industry Leadership and Focus.
The analysis by Strategy Analytics clarifies the fundamentals that need to be supported by a signaling firewall solution:
- Signaling security requires a high performance ‘inline’ protection capability with very low latency processing nodes in virtualized and distributed networks.
- The protection accuracy and operational costs highly depend on the availability of adequate support tools and the accompanying automated data feeds.
It is great to see that Strategy Analytics acknowledges that NetNumber is a vendor capable of meeting all these criteria, while the other vendors considered here lack relative capability in several key categories. Our leading role in the GSMA FASG (Fraud and Security Group) is instrumental to this. NetNumber, as a global leading vendor of mobile core network solutions, is highly committed to the work in the GSMA FASG by investing knowledge and resources in the drafting of relevant and effective security and fraud standards for the global mobile industry.
The aforementioned “Competitive Comparison of Signaling Firewall Solutions Report” is available for complimentary download here.