IoT: Protect - Cellusys

IoT Protect joins multiple protocols into a single platform, so there’s one central point for implementing security procedures. Unique 4-tiered design includes: Message Screening in Any Protocol, Any Layer, Any Message and Any Diameter Attribute Value Pair (AVP).

Benefits for you, the mobile operator

  • Contextual Awareness – a powerful tool to determine whether otherwise valid messages are a threat to the network or to IoT devices, based on their context.
  • Real-time Streaming analysis – Allows user defined triggers (GTT, Network, etc.) to be used to define a category for scoring. The resultant score is sent to message screening rules to affect incoming messages.
  • Reporting – flexible reporting enables the definition of metrics, thresholds for alerting, and the publishing of reports based on these criteria.
  • Detect threats and prevent attacks of each of the 5 critical types: Tracking, Intercept, DoS, Fraud, Spam
  • Multiple rules for powerful policy enforcement. IoT Protect is able to execute complex tasks, with inbuilt Signalling Intelligence
  • Multiple rules for powerful policy enforcement. IoT Protect is able to execute complex tasks, with inbuilt Signalling Intelligence
  • Full control over the network signalling protocols:
    – SS7 MTP3 through MAP
    – Diameter — all messages, all Attribute Value Pairs (AVPs)
  • Fine-grained filtering, which enables operators to guard against signalling attacks while allowing valid messaging into the network
  • Detailed reporting and alerting of issues
  • Flexible pipeline architecture, enabling new modules to be quickly deployed in response to newly arising threats
  • TCAP De-duplication module detects and removes looping messages
  • Protection of IoT Device’s IMSIs. SMS Router returns fake/masked details for IMSI/MSC addresses when external entities are querying for IoT device information
  • SMS Router verifies roaming IoT device’s location before accepting messages from that location

SS7 Signalling was designed for a very different environment to that of today.

In the 1980s, among the small number of mobile telecoms operators – all state-owned, or large corporations – there was a high level of trust. They simply needed a ‘walled garden’. No authentication was built in to SS7.

Now in 2017, and with 800-plus operators in the market, it’s easier than ever for companies to get access to the SS7 network. Operators and roaming hubs are selling access at relatively low cost. Some operators have even resorted to selling their roaming agreements – so once someone has access in one territory, they have access to the SS7 network – and all IoT Devices – worldwide.

Cellusys IoT Protect addresses these threats in the legacy SS7 and the next generation LTE/EPC Diameter based networks.