Telecom operators control critical infrastructure, attacks on which can be devastating and far-reaching. Yet despite years of warnings, extensive research by Positive Technologies experts shows that every single 3G, 4G (LTE), and 5G network is exploitable and can fall victim to cyberattacks.
Fundamental flaws in signaling protocols—SS7 and Diameter—allow an attacker to intercept calls, track subscriber locations, carry out fraud, and cause denial of service. Back in 2015, on assessed SS7 networks Positive Technologies experts were successful in 77% of attempts to obtain sensitive data, 67% of attempts to perform fraud, and 80% of attempts to interrupt operations.
In addition, in 2016, we demonstrated that next-generation 4G and 5G networks built on the Diameter protocol have the same flaws and vulnerabilities as their SS7-based predecessors. Even worse, exploits that can compromise subscriber privacy and turn a cell phone into an open book are now available not only to nation-state intelligence services, but to low-skilled hackers as well.
Signaling vulnerability management and traffic filtering are a good start for security. But to stay safe, telecom operators need to distinguish sophisticated, time-distributed cyberattacks from legitimate activity—and to do this, you need more advanced technologies.
PT Telecom Attack Discovery combines the power of a best-in-class signaling intrusion detection system with business intelligence (BI) module, which turns security monitoring and signaling traffic analysis into a clear and easy process. PT Telecom Attack Discovery offers out-of-the-box detection of all types of attacks, whether targeted at subscribers or the core network, and ensures faster incident investigation and response.
A team of leading security experts works around the clock to keep the PT Telecom Attack Discovery knowledge base up to date. Our industry-recognized security researchers know exactly how to identify all forms of malicious activity, including:
- Call and SMS interception
- Subscriber location tracking
- Fraud, including manipulation of USSD codes to transfer money and billing system manipulation to make free calls
- DoS targeting a subscriber or network segment
- Sensitive data leakage
- Enhanced visibility for early threat detection
Real-time signaling monitoring is essential for enhancing visibility of the telecom core network and ensuring immediate threat detection. Our experts constantly update the PT Telecom Attack Discovery knowledge base with new attack patterns. Malicious activity and attempts to violate security policies are detected in their early stages with exceptional accuracy.
- Advanced analytics for rapid incident response
PT Telecom Attack Discovery provides rich analytics and reporting with a deep drill-down option, in order to start taking immediate action and respond to threats as they occur. PT TAD displays aggregated data on comprehensive dashboards, and generates reports with actionable intelligence, so you can quickly mitigate consequences and minimize damage.
- Intuitive navigation and forensics
When a large number of attacks is detected, you need enhanced mechanisms for intuitive navigation to perform real-time or retrospective incident investigation. PT Telecom Attack Discovery provides filtering, grouping, and sorting capabilities for instantly searching through attacks. Besides attack time, source, and target, PT Telecom Attack Discovery enriches data with GSMA threat category, attack type, severity, and potential impact.
- Maximized efficiency of other security measures
PT Telecom Attack Discovery helps to evaluate how well your other security countermeasures are working and provides valuable information for improving their performance. For example, it simplifies management of filtering rules and provides insights on how to fine-tune home routing or set up a signaling firewall to block specific attacks.
To detect attacks against a telecom operator, PT Telecom Attack Discovery needs only a copy of traffic. It performs thorough analysis in the background, capturing both incoming and outgoing traffic flows, with zero impact on core infrastructure and network services. Critical operations and processes are not affected or interrupted.
- Upgrade your awareness to manage security risks
- Automate security operations to keep costs down
- Perform faster incident investigation and response to minimize damage
- Benefit from investing in a cost-effective solution
- Receive expert support directly from acknowledged vendor
- Reinforce your cyber security posture and reputation