Mobileum has recently launched its signaling security Threat Intelligence service. Needless to say, we are very proud of all the hard work that has gone into this effort. The soft launch was late last year, and my colleague Nick Jones wrote the following words on that occasion:
“Defending your network from external threats can be a lonely experience and the nature of this highly specialist subject means that limited information is available publicly. Our goal is to address that issue and provide you with… global signaling intelligence and useful and insightful information.”
It really is as simple as that. Instead of leading the fight against adversaries alone and isolated, we want to provide our users with the tools and intelligence to fight back. I deliberately use the term “users” since there is no need to even buy a Mobileum firewall if you want to benefit from our Threat Intelligence service. So, what is it all about?
Gartner define threat intelligence as:
“evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.”
Whilst this generic definition applies to many aspects of our world, for today’s blog it refers to telecommunications signaling – SS7, Diameter, GTP, SIP, HTTP2 etc. As some of my more regular readers may have noticed, I enjoy illustrating my points with analogies so for this blog I am combining the subjects of maritime navigation, signaling security and threat intelligence…
Flying internationally used to be so simple. Just look up your itinerary, plan your departure location and time and, within an hour or so, you would know when and where you would be landing almost anywhere in the world! With COVID-19 upon us, we have all learnt that such luxuries cannot be taken for granted. However, over the vast span of human history, such uncertainty and risk was always with us.
The sailors of the renaissance period and beyond were like the astronauts of our time. They were adventurous, brave and admired (by many but definitely not by all). They were the pioneers of their time. Afterall, I think it is fair to say that Columbus is at least as famous as Neil Armstrong, if not more so.
When those sailors set off, to some extent they were navigating blind. A good map is useless if you don’t know where you are positioned on that map. Calculation of latitude was relatively simple using a sextant. A sextant measures the angle created by the noon sun, the ship, and the visible horizon. With reference to a nautical almanac, the angle could be converted into a latitude reading.
However, the calculation of longitude at sea was a much bigger problem. Conceptually it is easy to understand. If you know your local time and the time back at home, you can calculate how far you have travelled around the world by the difference in time. If the time difference is 12 hours you have travelled halfway around the world. Whilst this is easy to describe, it was only in the 18th century that the self-educated clockmaker, John Harrison, invented the marine chronometer, a clock that would work at sea and maintain the time of the home port. I first learnt about this by reading the fantastic book Longitude by Dava Sobel which I wholeheartedly recommend.
Despite this technological revolution, the risk of maritime navigation remained high. The evidence of that is dotted around the world, especially the British Isles. Lighthouses have guided sailors for centuries; many having been constructed long after Harrison’s invention. Despite the best of tools, in bad weather, with limited visibility, it can be virtually impossible to take accurate readings. The difference between safety and disaster can be mere seconds or meters. Lighthouses have been a beacon of security around known risks and they also serve to guide sailors home safely – to their own safe harbor.
So what does this tell us and how does it relate to our domain of signaling security within telecommunications?
I think the lighthouse is analogous to an active signaling firewall – an intrusion prevention system. It is always there, ready to protect you, shining light on upon threats and attacks but, on its own, gives no guarantee of protection. Whilst absolutely critical, no sailor would set to sea just depending upon lighthouses. Likewise, a signaling firewall will provide guidance throughout the journey to robust signaling security, but no sensible security specialist should rely upon that alone.
The sextant and marine chronometer clearly tell us about the value of tools and just how revolutionary they can be. A passive signaling firewall – an intrusion detection system – will yield huge value to its users. It can be seen as your personal safe harbor. But, it will only ever provide information based upon the data you receive in your own network i.e. where you are. It will never tell you about threats elsewhere.
The reality is, the world is a harsh place, threats surround us and those threats are changing all of the time. For a sailor, nothing is as threatening as the weather. Here in the UK, multiple times each day, the BBC broadcasts a shipping forecast. It is a strange world, totally unfamiliar to me, but there is something strangely reassuring about it. However, when there is extreme weather, the warning is stark and highly impactful:
So what is the shipping forecast? Without any doubt it is threat intelligence. It is all about providing evidence to address known or emerging threats to a sailor that will influence their actions. In other words, it perfectly fits Gartner’s definition.
Mobileum’s Threat Intelligence service provides guidance to our subscribers, to help them navigate the risky world of telecommunication signaling. It enables subscribers to access data from around the world, and not just the signaling that happens to pass through their own firewall. Users will receive early warning of emerging threats, the evidence to explain that threat and, most importantly, recommendations for preventative actions.
Real-time access to the Threat Intelligence Centre enables users to validate their own local findings. Looking at a potential threat in isolation can be confusing and challenging. Comparing that same threat against other cases around the world can provide immediate clarity. Simply put, our Threat Intelligence Centre will combine the benefits of the sextant, marine chronometer, lighthouse and shipping forecast in one. Mobileum’s Threat Intelligence service will help operators ensure that their network is a safe harbor for all of their subscribers.
Whether you are a Mobileum customer or not, please reach out to us to learn about our Threat Intelligence service and how it can augment your existing network protections.