Big data analytics is a well-known topic and has ties to areas such as business analytics, logistics, IoT and certainly cyber security. However, when we see an analytics platform with a specially designed machine learning and intelligence engine relative to a specific technology area such as unified communications, now you have an interesting proposition.
So how do big data analytics correspond to security and protection of an enterprise’s unified communications (UC) network? The key is on expertise in the core competencies of Session Initiated Protocol (SIP) and UC. Understanding on how UC leverages SIP is paramount to change how the telecom industry manages some of the most challenging security issues at hand, such as: robo-calls, toll fraud, telephony-denial of service (T-DoS) and overall system-wide visibility. Being able to expose any UC behavioral anomalies from huge amounts of data in communication networks can be a game changer for the support teams that manage the network.
To understand why UC security is becoming more prevalent today, you first need to focus on the ever-changing communication dynamics in the workforce. In today’s mobile-first world, one key trend is the decentralization of the workplace, where employees are increasingly working offsite, such as from home, their cars, airplanes, hotels and client sites. Moreover, BYOD, or “bring your own device,” is another trend with similar implications. Employees feel entitled to use their devices when, where and how they see fit. This often means they’re not used with consideration to how the enterprise as a whole might be impacted. For example, using the public WiFi network in a hotel or even at Starbucks for voice or video calls can put an enterprise’s communications network and underlying mission-critical data at risk. Certainly, offsite employees’ productivity depends on these mobility factors. However, as BYOD endpoints become more distant from the core network, the harder it becomes to securely control access both inside and outside of the network. The communications network becomes borderless and prone to attacks, even from unsuspecting internal endpoints.
How Did We Get Here?
This UC security problem didn’t exist when we had TDM voice – did it? The answer is, for the most part, no. Yet with the added complexity of SIP-based real-time communications, the security risks have become more complex and have opened up new vectors for security attacks, including T-DoS, robo-calling, identity fraud/caller ID spoofing/voice phishing and certainly toll fraud.
Attacks against UC are some of the fastest growing and most misunderstood threats enterprises face today. Seemingly out of the blue, enterprises may find their network was unknowingly attacked from the inside – perhaps their communications network was taken down or bad actors found an opening to make unauthorized calls to premium numbers, creating huge toll fraud losses. As an example, a few years ago, there was a widely published Massachusetts case in which bad actors hacked into a small-business phone system and made $900,000 in calls to Somalia over weekend (the story made headlines when the service provider sued the business owner, who had refused payment).
Enterprise security organizations are not always innovating fast enough, and attackers are becoming much more sophisticated in their planning, looking for the easiest path into your network. Taking into consideration that there are so many BYOD endpoints in enterprises today that could expose vulnerabilites, the inside of a network can no longer be trusted. With SIP-based communicaitons, a company’s security aperature just gets wider and wider. And with mobility, the inside of the network is just as exposed as the outside of the network. The goal is to reduce that threat exposure by strengthening the security controls at the network level.
In the data world, there are user and entity behavioral analytics (UEBA) platforms that use machine learning to spot changes in user behavior that often indicate inside attacks that have evaded perimeter defenses. Unfortunately, these UEBA platforms do not focus on UC and the associated threats against real-time communications. This is why enterprises need unified communications behavioral analytics (UCBA) solutions to focus on the wide variety of UC attack vectors.
Enterprise UC networks are greatly underserved with regard to machine learning and behavioral analytics-based security solutions. With the wide varieties and inherent complexities of SIP and VoIP protocols, UC environments can only stand to benefit from the added value of behavioral analytics and machine learning. Many of the traditional data focused security vendors have augmented their core competencies with behavioral analytics, allowing them to differentiate themselves from their competitors. However, specific to the UC environment, network behavior analysis combined with machine learning is only now being accentuated and becoming crucial for detecting many types of fraudulent communications activity to help enterprises pinpoint UC threats and respond faster to threats.
The challenge is as much about the growth and breadth of communications networks as the types of traffic running over those networks. To address UC security risks, enterprises must have a holistic view of the various communication traffic (voice, video, WebRTC, etc.) coming into their networks, because you can’t protect what you don’t see.
Improving UC Threat Detection with Behavioral Analytics
One of the key components to developing a strong security posture for enterprise UC is to implement adaptive, automated solutions – underpinned by behavioral analytics – to pinpoint threats and improve signal-to-noise ratios across multiple network elements.
As mentioned earlier, UBEA platforms have made a noticeable impact on the threat detection community, and has helped IT teams lock down email, document sharing and more. Yet, UC behavioral analytics for security are only now starting to make its way into UC networks. A T-DoS attack is a great example of potential disaster. The behavioral delta? Too many calls coming into a contact center at one time from the same number or URI to prevent real customers from getting through to a contact center agent or IVR. In this scenario, the cybercriminal could be trying to take down the contact center infrastructure, and then demand ransom payments to be wired immediately to restore service.
A UC behavioral analytics platform with machine learning that ingests data from multiple communications and data network elements can flag these calls to security personnel and automatically mitigate them before the threat takes down not only that contact center, but the entire enterprise network.
To make UC behavioral analytics work to your advantage, solutions must be specifically tuned for UC and SIP. There are many rich data sets that can be harnessed for analysis and risk mitigation algorithms such as call rates, call origination/destination profiles, message sizes and types, external patterns, internal patterns and more. All of the UC-related data is being leveraged to analyze and respond to threats automatically, pulling in human experts through alerts in real-time, just in the nick of time.
Cyber-threats aside, UC behavioral analytics can also help optimize network planning. With a more granular view of communication network capacity, bandwidth utilization and traffic patterns, enterprises can predict network resource requirements and maximize performance and economics. This insight allows enterprises to make sure network resources are available to support the capacity of communication traffic being transferred between network locations and deliver a secure, high quality experience to their customers and employees.
While UC behavioral analytics does not solve everything, it is becoming an increasingly important tool in the overall set of security tools modern enterprises need in the mobile and BYOD era of communications being conducted every day.
Only with a synergistic combination of analytics and an architecture that empowers a more effective and efficient security methodology across a distributed UC network will enterprises be able to locate that proverbial cyber-threat “in the hay stack.”