LTE Signalling Firewall Deployed to a Major European Network - Cellusys

LTE Signalling Firewall Deployed to a Major European Network

Posted Wednesday, November 18th, 2015 by Rick Carter

LTE North America, Dallas – November 18, 2015 – Cellusys, a global leader in Signalling-based technology today announced deployment of its LTE Signalling Firewall to a major European network, the first of its kind. The Cellusys Signalling Firewall is expected to protect over half a billion subscribers globally by the end of 2016.

Cellusys has consistently led the market in LTE-capable technology, with its pioneering Steering of Roaming featuring 4G / LTE steering capabilities. Full LTE capabilities in the Signalling Firewall come just 9 months after deployment of the Cellusys SS7 Signalling Firewall. With LTE features, the firewall now guards against signalling-based threats across SS7 and Diameter, enabling operators to define security policies across these interfaces through a single security firewall.

Alan Murphy, CTO at Cellusys: “Without a dedicated firewall, neither SS7 nor the Diameter protocols are secure. SS7 was developed decades ago, as a walled garden, for access only by the big networks, who had between them a high level of trust. But the ecosystem has changed. Networks are leasing their global titles and attackers have been allowed in. LTE protocols, based on Diameter, are derived from existing SS7 protocols and therefore inherit the same security flaws – the same basic operations are performed, thus diameter is showing the same vulnerabilities and more inherited from SS7. Operators are realizing that a comprehensive filtering solution across all signalling interfaces is now essential.”

Concerns are being expressed about the business implications of the risks of subscribers’ data being leaked, and the legal ramifications of having an unprotected network.

The Cellusys Signalling Firewall is an integrated solution which monitors multiple interfaces and filters traffic from these interfaces. A flexible, powerful rules system enables operators to filter out the threats, and ensures the correct messages are allowed into the network, based on parameters in any layer of the message or any layer of SS7 or Diameter protocols.

The firewall is capable of blocking high risk messages such as anytime interrogation requests; in addition to performing intelligent context checking – a verification on where any subscriber is, geographically. This is a critical feature to guard against fraud and spoofing.

In some cases of fraud, attackers purport to be subscribers, and consume their credit and service. Other threats that are guarded against include: Tracking, in which attackers pinpoint the geographic location of subscribers. Intercept / Man-in-the- Middle – attackers eavesdrop on calls and SMS. Denial of service – subscribers unable to use the network. Spam – unsolicited SMS. Detailed and configurable reports give operators comprehensive insights into these security issues on their networks.

The Signalling firewall flags new issues to ensure new types of attacks can be intercepted, and every single message parameter is analysed to ensure that future threats – the natures of which are not yet known – can be guarded against.

Alan Murphy: “Increasingly we’re hearing from operators that they’ve identified the need for a dedicated security product. The facilities of the Cellusys Signalling Firewall are far beyond the capabilities that STPs and DEAs will have for a long time to come. We don’t know of another firewall that as effectively perform message analysis, contextual analysis, and post processing, to identify threats and to alert the operator of these threats.”

An upgrade of the STP doesn’t mean the necessary checks of all aspects of messages will be possible; nor that essential contextual location checking will be performed. The difference in capabilities between STPs and DEAs on the one hand, and the Cellusys Signalling Firewall on the other hand, is fundamental.

Alan Murphy: “The STP is designed for routing, and it’s very efficient at that task. But STPs are not capable of doing the necessary decoding. The Cellusys Firewall decodes everything. STPs are not designed with comprehensive message filtering at all protocol layers. The Signalling Firewall has been developed from the ground up as an integrated signalling security product that analyses all message parameters across all signalling protocols, SS7 and LTE.”

Dawood Ghalaieny, CEO at Cellusys: “The uncomfortable truth is that operators simply do not know the amount of intrusion into their networks attackers have gained; nor can they know of the ramifications for their operations. The problem is only increasing as more attackers gain access into networks, and target subscribers – and do so easily.”

Cellusys roaming and security solutions are highly scalable, built on distributed architecture, able to meet the demands of both very large and small networks. Networks thus have the most cost effective, flexible, and robust solutions, easily deployed on any network, with full LTE integration. Cellusys’ engineering methodologies ensure the technologies will be ready for 5G and beyond.

About Cellusys

For 10 years Cellusys has been building precision technology for mobile networks: roaming, security, and analytics solutions. The people at Cellusys love technology, and the engineers have end–to–end control of production – which better enables them to build intuitive, powerful, precise solutions. This makes for better experiences for subscribers, and more profit for operators. For more information visit www.cellusys.com

Contact

Rick Carter
Vice President, Global Sales & Marketing Cellusys
Telephone: +1 678 451 4380
Email: rick.carter@cellusys.com

Download Press Release as PDF