When the COVID-19 pandemic caused shock waves across the globe, consumers and businesses, especially in the eCommerce and finance sectors, increasingly turned to their mobile devices. The growth in financial transactions and information traversing mobile networks has not gone unnoticed by fraudsters and hackers. In fact, the pandemic has not only ushered in a new era of attacks that are increasing in frequency, but they are also becoming more sophisticated. So how do network operators protect their networks from the threats arising in 2022?
According to a Mobileum-sponsored industry survey conducted by MobileSquared, the top five motivations for investing in a signaling firewall include:
- 81% - brand protection
- 75% - infrastructure protection
- 69% - penetration tests/security audit recommendations
- 63% - regulatory requirements / financial protection
- 50% - A2P SMS revenue protection
However, the changes in attack typology across multiple signaling protocols is leading to a significant chasm between the motivations for deploying a signaling firewall and the effectiveness of signaling firewalls to meet these demands. MobileSquared’s report found that 25% of MNOs believe that 75% of security attacks go undetected even if they have a firewall.
Two key reasons for this are leaving their networks open to vulnerabilities:1. Lack of cross-protocol protections
2. Using multiple firewall providers
Both of which are prevalent across the industry. MobileSquared’s research found that of the MNOs that have deployed a signaling firewall, less than one-third (31%) said that it could perform cross-protocol correlations, such as correlating information and identifying abnormal patterns across different signaling protocols. This is alarming because attacks often occur over multiple different protocols, leaving those without cross-protocol protection exposed to the threat of fraudsters.
Even more concerning is the risk profile of MNOs that do not use a signaling firewall because they believe they are getting protection from their STP, DRA or SBC. They are not, and such approaches should only be viewed as bolt-ons trying to replicate a signaling firewall - but come up very short when it comes to detecting 100% of attacks. In addition to the technical shortcomings, this approach adds complexity to attack detection because the multiple firewall providers need to be configured and managed in a coordinated manner. Any inconsistencies in the configuration of these platforms leave a window of opportunity for hackers to attack. A vulnerability that MobileSquared’s research found affected half of MNOs surveyed, who identified the complexity of design and user interfaces lead to misconfigurations and vulnerabilities and weaknesses in their signaling firewall.
The pandemic gave fraudsters a window of opportunity to exploit weaknesses and vulnerabilities across mobile networks. In order to protect your network and achieve 100% detection in 2022, signaling firewalls must contain the following capabilities:
- Cross protocol correlation to protect across SS7, Diameter, GTP, MAP, SIP, CAMEL and HTTP/2
- Machine learning - to efficiently examine the 100+ million event details records that are generated each day
- Recurring updates on threats
- Architecture flexibility
- Intuitive user interface
- Threat-sharing intelligence services to enrich the signaling firewall.
To learn more about the state of the signaling firewall landscape and key vulnerabilities that MNOs are facing, download the research report below.