VoIPguard™ is the industry's first Enterprise VoIP Intrusion Prevention System (VIPS) with comprehensive protection for Voice over IP systems from the leading VoIP vendors. VoIPguard provides effective protection against known and new attacks aimed at compromising the security of VoIP networks.
By deploying VoIPguard, enterprises, carriers and service providers can:
- maintain VoIP quality of service, reliability and security at the levels comparable to existing circuit-switched voice
- protect against known and zero-day attacks and threats
- assure VoIP networks are in compliance with internal and government regulatory agencies
The VoIPguard VIPS uses a combination of signature-based and anomaly-based inspection methods to stop attacks before they penetrate your VoIP network. The signature database is constantly updated through the VoIPshield Update service, so VoIPguard is always able to detect the most recently-discovered exploits. Years of research by VoIPshield Laboratories, the research division of VoIPshield Systems, has yielded the industry's most comprehensive database of known attack signatures. These attacks are specific to VoIP, and therefore cannot be detected and stopped by traditional data security products.
The VoIPguard appliance is easily deployed in-line, and can either actively modify or passively monitor the voice traffic flow, all under user control. It protects a VoIP PBX/softswitch from specific attacks originating from external sources through SIP/H.323 trunks or from internal users utilizing hard and soft-phones.
Network attacks can be only be stopped with certainty if their signatures are known. No matter how many gigabits of data the IPS can process, without knowing what to look for it is not able to stop the attacks. This is why traditional data security systems are not effective for VoIP. Public domain knowledge of VoIP threats is minimal, so few signatures exist. VoIPshield Labs Security Research Group has conducted extensive VoIP security research and has created the industry's largest database of VoIP-specific signatures. These signatures are used to precisely detect VoIP security threats and block them before they inflict damage, minimizing the time and costs associated with security breaches.
Previously undiscovered attacks that are not covered by the VoIPshield signature database are stopped by VoIPguard's unique zero-day detection module. It uses proprietary anomaly based and behavioral based detection technology to catch malicious activity.
Features
- Multiple detection techniques including rule based detection engine utilizing extensive set of VoIP specific signatures and behaviour related events. Zero-day detection module provides signatureless anomaly detection and blocking/throttling for both standard (SIP, H.323, RTP) and proprietary (Skinny, UNISTIM) based VoIP solutions.
- Web-based interface allows for authorized access to the system from any location.
- Three operational modes -
- Stealth VIPS with packet drop
- VIPS with packet rejection
- Intrusion Detection mode (passive)
- Flexible security events aggregation. Based on the event frequency only a single instance of the same event is presented. It significantly lowers overall number of the same events that user have to analyse.
- Advanced logging facilities. Detailed forensic information about security events could be forwarded to the syslog server or email address. User can also select the minimum event severity that would be collected for forensic analysis.
- Rules and signatures management allows the system administrators precisely manage signatures to comply their security policies.
- Zero-day anomaly detection engine with three predefined modes for precise balance between protection and false/positives.
- Intuitive user interface for signature management. It provides an easy way for tuning VoIPguard signature configuration to match user requirements. Signatures are logically divided into groupings based on the vendor and type of attacks. Extensive descriptions including severity, technical, detailed description, potential impact and attack vector are provided for all signatures.
- Historical reporting including long-term security event trends, top 5 attack sources, top 5 exploit destinations and top 5 mitigated exploits. In addition a user can easily change the time periods for all these reports providing added flexibility in analysing historical trends and events. All the information is presented in tabular and graphical formats.
- Real-time reporting provides both exploit and event reporting. Rich in details these reports give the operator at-a-glance view of the current security events and exploits blocked by VoIPguard with the wealth of data needed to quickly assess frequency and impact of the attacks and exploits. Sophisticated filtering capabilities provide users with quick way to focus on most important information without the need to analyse thousands of irrelevant events. All the information is available in tabular and graphical formats.
- User and group management allows the system administrator efficiently control access to the VoIPguard resources and functionality
- Advanced signature and software update functionality keeps the signature database in synch with VoIPshield signature database that is being constantly updated reflecting the latest research results from world leading VoIPshield Research Lab.
- Full featured on-line Help.
- High Availability and Redundant hardware configuration are available for mission critical environments.
Benefits
- Comprehensive protection against VoIP specific threats and attacks. VoIPguard™ provides accurate and reliable protection of VoIP infrastructure from internal and external security attacks.
- Highest detection rate. Industry most extensive database of VoIP specific signatures and rules constantly updated by world-class VoIP security research team. The zero day attacks are detected and stopped by behaviour detection engine.
- Easy to use. Web based user interface provides all the necessary functionality to configure, administer and monitor VoIPguard™ appliance.
- Always up-to-date. Controlled updates to VoIPguard™ rules and signatures through VoIPshield update mechanism.
- Easy access to vital information. Comprehensive real-time log viewer and extensive reporting provide all the information needed by IT security and telecommunication staff to keep VoIP network secure.
