AdaptiveMobile has announced advanced SS7 “Cat 3” Signalling Protection detection capabilities to its Mobile Threat Intelligence Platform including Network Memory, Location Plausibility, and Remote Intercept. The Company’s advanced threat detection is based on continuous data and analysis with all rules validated with information from across five continents.
AdaptiveMobile’s Signalling Protection Product secures the SS7 and LTE/Diameter networks using a combination of a carrier-grade signalling firewall, advanced analytics and intelligence from working with nine of the top 10 operator groups that protect 1/5th of the world’s mobile subscribers. The solution facilitates the platform’s ability to block current attacks on the network and to react to emerging threats that seek to bypass standard SS7 and Diameter firewall functionality.
Key Features of the platform include:
Attack Analysis
- Identify source and target of attacks
- Initiate additional preventative measures as necessary
- Identification of GSMA Category 1, 2 and 3 attacks
- Enhanced detection beyond GSMA Categories based on continual real world data analysis and research
- Rules are validated with real world data from across 5 continents
Rules Engine
- Real time system for applying configured rules & filters
- Heuristics detection algorithms, node fingerprinting
- Stateful and behavioral analysis over lifetime of transaction
- Flexible powerful rule definitions across an exhaustive list of MAP/CAP/TCAP/SCCP/Sigtran/Diameter fields
Security Enforcement Point
- Signalling Access Point with an option to leverage SMS Firewall
- Inline Signalling (Active) and Offline Probe-based (Inactive) modes
- Support for MAP, CAMEL, TCAP, SCCP, SIGTRAN, Diameter Protocols
Security Management Console
- Rule and Filter definition
- Black- and White-List configuration
- Selection of MAP operations for monitoring
Advanced Threat Reporting
- Attack Dashboard
- Role-level authentication
- High level view of attacks with drill-down to original source packet
- Scheduled reports emailed to key stakeholders
- Built-in report suite with customized options
Architecture
- Support for geographically distributed signalling firewalls, centralized firewall management and reporting
- Trusted signalling architecture deployed at scale in Tier 1 operators
- Bare metal and virtualized today, future proofing for NFV
- Support for intelligence sharing with open APIs for external analytics platforms
Benefits of the platform include:
Monitor and block attacks without major network disruption
- Straightforward and low impact overlay approach enables rapid protection of a network
- Located at strategic network positions to ensure blocking of privacy and fraud attacks
Detects new types of attacks
- Prevents GSMA Category 1, 2 and 3 attacks
- Smart algorithms uncover suspicious activity
- Global Threat Intelligence Service leverages real world intelligence from customer sites on 5 continents
Threat reporting enabling fast and accurate risks assessment
- Dashboard delivers unique insights with drilldown to full details of original source packet
Multiple operating modes allowing a flexible and phased approach
- Passive monitoring, active routing & blocking, or combined mode
Signalling Protection can secure the mobile network against the following types of signalling-based privacy and fraud attacks:
Subscriber Location
- Blocks unauthorized queries for subscriber location data
- Prevents both direct queries for location data and 2-stage queries involving 2 separate transactions
Call and Data Interception
- Blocks manipulation of network and subscriber data leading to ‘man in the middle’ attacks
- Secures encryption keys against attack
Fraud
- Early detection of protocol anomalies deters and stops fraudsters from exploiting subscriber and network data leading to direct revenue loss
Denial of Service
- Secures subscriber data against malicious attacks removing access to key services