SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community

CHANNEL BY TOPICS


QUICK LINKS




 
tmc logo
October 2007 | Volume 10 / Number 10
Feature Articles

Security and the Service Provider

By Richard “Zippy” Grigonis

Many service providers feel the need to go hunting for viruses, worms and other forms of malevolent software gushing through their networks, many of which now utilize ingenious polymorphic attacks that are difficult to identify, let alone eliminate. However, what really drives customers away is something more mundane, spam. Up to 96% of all email traffic is spam, and over 50% of stored messages are spam, some having viruses or other malware attached. Servers fill up, customers become dissatisfied and make nasty service calls. Customer churn goes up.

This turbulent security environment has become an opportunity for companies such as Cloudmark (www.cloudmark.com), which has been protecting major Internet service providers and mobile operators worldwide with its Cloudmark Authority, a carrier-grade software solution, along with Cloudmark’s Advanced Message Fingerprinting technology and Global Threat Network, all of which provide spam, phishing and virus protection at various stages in the messaging path.




Hugh McCartney, CEO of Cloudmark, says, “Cloudmark today is a considerably different company than it was in 2005. When we first built our Cloudmark Authority product, which is the gateway product, we found that it was far more scalable than even we had imagined or hoped. As a result, we decided at that stage to focus 100 percent on the service provider market. We did that because of our scalability capabilities and we also did it because of the demanding nature of the customers, which meant they would actually have to trial our software, and if we trialed well, we’d have a better chance of winning in the enterprise marketspace against companies such as Symantec. We found ourselves focusing just on the North American Tier 1s for the first year-and-a-half and seven of the top 12 now use Cloudmark technology to protect their customers’ mailboxes. One reason this has become so prevalent is that not only does the product scale well, but it has been architected such that our customers make huge gains in terms of not only the accuracy and the ability to block the 94 percent of mail that is spam, but they can also save on storage and infrastructure.”

“Take Charter Communications,” says McCartney, “They were running 92 email servers for email filtering using Symantec’s Brightmail. When they came to us, that number fell from 92 to 11 servers. So there’s a demonstrable gain in infrastructure savings.”

McCartney continues: “In Q3 2007 we found ourselves slowly taking on and winning the North American Tier 1 service providers and so we asked ourselves, ‘Where do we go next?’ We came up with three areas key to moving Cloudmark forward: We protect worldwide about 180 million mailboxes and we’re checking on 3.6 billion bad messages a day. So we decided the first way to drive the company forward and accelerate the growth - which was 110 percent last year, and we’re exceeding that this year - is to take what we have international. We’ve opened offices just outside London and in Hong Kong, and in terms of service providers we already work with two Tier 1s in Europe and eight of the top ten in Japan.”

“The second way to move Cloudmark forward was to get it into the Tier 2 and 3 markets,” says McCartney. “We’ve integrated our product and made some modifications to get the same technology so that Tier 2 and 3 users have the freedom themselves to examine and look at policies and enable a very great ease of implementation. We just launched that product in April, and four service providers have already acquired the product and another seven are conducting trials. So we’re very pleased with the take up of that.”

“The third area in which we’re looking to grow the company is mobile/wireless,” says McCartney. “The same technology we use for fixed-line and cable can be used with a wireless infrastructure, because the product is architected in such a way that it’s not really interested in looking at the text itself. Instead, it pays more attention to structure. So all we need is the ability to enable our product to have the correct formats, particularly so as to access SMS [Short Messaging Service] protocols. We’ve teamed up with a couple of firms and we’re actively trialing the product through these partners with a couple of wireless carriers in the Southern Hemisphere, where the spam on SMS is much more prevalent than in the Northern Hemisphere.”

Dave Champine, Senior Director of Product Marketing at Cloudmark, says, “Our core competency is really efficiently and effectively identifying and filtering bad messages. These are not just spam, they could be viruses, phishing attempts, and things like that. That’s really where Cloudmark’s strength is, and the growth we’re undertaking in 2007 is really an expansion of what we’ve done in previous years.”

“One really hot topic these days is the mobile space,” says Champine. “Mostly that’s because of so much investment that’s going on in that market, and there’s a lot of interest in terms of how mobile is ‘the next frontier’, if you will, for the next-generation Internet. People get very excited when we talk about that, but, fundamentally, for us, the underlying technology is the same. We’re not doing anything new. It’s the same core technology. What is very different, however, is the network in which we play. Some major players differ from what we’ve been used to in the fixed-line space. From that perspective, we think the best move is to go forward with a few partners. This started with the partners Anam Mobile Designs and AdaptiveMobile. With them we’re gaining expertise to understand the different protocols and networking topologies, and we’re working with the different hardware and technologies you find in a mobile provider infrastructure as opposed to a fixed-line provider.”

“If you take a look at the Asian market, the incidence of SMS spam and what-not seems very much to be leading the other geographical areas,” says Champine. “We’ve identified several trends over the past four or five years in wireless. Fundamentally, it boils down to economics. When it becomes inexpensive, almost to the point of zero, to send out messages, then the opportunities for abuse increase. That’s precisely what you’re seeing in the mobile world in Asia, as more unlimited data plans are adopted and SMS usage climbs, and so abuse opportunities increase. A similar trend is happening in Europe too. The incidences of abuse have cropped up in the fixed-line world there. Same factors, same economics. As the price of sending unlimited data drops, the incidence of abuse increases.”

Cloudmark’s Hugh McCartney says, “When companies such as ourselves stop 98 percent of the bad stuff, a lot more spam has to be sent out for the spammers to make money. They have two choices: First, try and spam people with higher value and higher margin products and services, as we’ve recently seen with stock spam. Second, move to operate in lower-cost economies such as Eastern Europe and Asia. In Asia they’ve certainly figured out how to make money out of mobile spam. Asians are writing things called ‘exploits’, which are ways into networks and Microsoft Windows on the fixed-line side. They then sell those exploits on the public market. On the fixed-line side, if a spammer writes a useful exploit he’ll get about $100,000 for it on the spammers’ market. We don’t yet have data on how much money people are getting for exploits for mobile, but the economics are obviously working in their favor. The attacks we’ve seen thus far on the mobile side have been quite targeted rather than totally general and mapped like they are on the fixed-line side. Again, that’s been driven by economics.”

“We have received some data recently about phishing attacks in the Far East,” says McCartney. “These can be more difficult to kick up than on a fixed-line. But we all move forward, just as the bad guys do.”

Next-Gen Security Challenges

The promise of IP Communications for service providers was to increase network efficiency (more packet calls can fit in the same pipe than circuit switched calls), reduce costs and allow them to offer exciting new services. A new world of IP-based voice, video, IM and presence also meant a new menagerie of technologies and protocols: SIP [Session Initiation Protocol], IMS [IP Multimedia Subsystem] and UMA [Unlicensed Mobile Access], each of which introduces never before seen vulnerabilities into the network.

Fortunately, IPCS products from Sipera (www.sipera.com) provide security for many IP communications deployments, including UMA, hosted VoIP, and wireless operators planning to extend their service offerings over the Internet using IMS.

Brendan Ziolo, Director of Marketing of Sipera Systems, says, “Sipera supplies a VoIP security appliance for both the enterprise and provider markets. From an enterprise perspective, we run the full gamut from encryption of signaling and media for voice traffic for both the SIP and Cisco SCCP [Skinny Client Control Protocol] all the way up to voice firewalls, intrusion prevention. On the service provider side, because IMS is based largely on SIP, we can obviously make a transition over to offering similar functionality for the provider market for IMS networks.”

“In the service provider space there are obviously session border controllers and security gateways doing a lot of encryption and firewall functionality,” says Ziolo. “So we really focus more on intrusion prevention and protecting against attacks in the service provider market. It’s more of a subset of what we do for the enterprise. The reason we do more for the enterprise is because they’re more adamant about deploying one box to do everything. Service providers have some pieces already in place, so they’re obviously not going to replace their security gateway to do something else, right?”

“As for hosted VoIP services, we offer both SBC functionality as well as intrusion prevention functionality,” says Ziolo. “We also do intrusion prevention for UMA networks. We can handle all sizes of networks.”

Security may continue to be the IP world’s growth industry for many years to come, an expense that we all must endure. Grin and bear it. IT

Richard Grigonis is Executive Editor of TMC’s IP Communications Group.

» Internet Telephony Magazine Table of Contents



Today @ TMC
Upcoming Events
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
Austin, Texas
MSPWorld
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Austin, Texas
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center
Austin, Texas