Telecom providers build, operate, and manage integrated voice and data networks, transmitting and storing vast amounts of sensitive data. With 5G bringing eMBB and expanding the service portfolio of businesses, this volume is set to see a manifold increase, making them a golden goose for hackers.
Active work on the cyberattack prevention side is an absolute must for operators, and threat intelligence is one of the important pillars of robust security.
In this webinar we have an interactive discussion of the most common weaknesses and threats in 4G and 5G networks, plus:
How to implement a smart «risk-driven» approach to security
How to detect traces of cybercrime in signaling networks and prevent suspicious activities in telecom networks
How to make your SOC telecom-oriented
CSIRT and CERT: when it’s time to bring in outside expertise
2. Today on call
Milan has 14 years’ experience in
Telecommunications Industry.
Joined Positive Technologies in 2019
as an Telco security expert.
Previous roles held in messaging
security, specialize at short message
service, VAS and AntiSpam
William has 19+ years’ experience
in Telecommunications Industry.
Joined Positive Technologies in May 2021,
responsible for Technical Presales for PT
Product and Solutions.
Previous roles held in network equipment
vendors include NFVi, Edge Computing
Milan
Březina
milan.brezina@positive-tech.com
William
Tiew
william.tiew@positive-tech.com
3. Introduction
Delimitation of Cybersecurity in Telco
Investigation from MNO perspective
Handover to 3rd line support
Real examples from the field
Smart “risk-driven” approach
Q&A
5. On your own journey
Securing
legacy network
Full IoT
5G SA
Industrial 4.0
SS7
Diameter
GTP
SIP
5G SBA
NEFF
SEPP
PFCP
Kubernetes
OSS/BSS
MANO
CNF
VNF
Early
IoT
MQTT
Supply chain
API’s
Device Security
Virtualization
beyond
core
O-RAN
MEC
Core network
virtualization
6. Security driven by money
1-10-100 RULE
1
PREVENTION
10
REMEDIATION
100
FAILURE
Remediation costs more than prevention.
The cost of fixing bad data is an order of magnitude
greater than the cost of stopping at source.
Failure costs more than remediation.
The costs of remediation are insignificant
compared to leaving bad data in place.
Our focus should be on prevention.
7. Few facts
Mobile evolution
Regulators & Legislation
Recommendations
Definition of KPIs
Building 360˚ security
Introducing Telco SOC
9. Common types of Cyber attacks
MALWARE
PHISHING
PASSWORD ATTACK
DOS ATTACK
MITM
SQL INJECTION
EXPLOITATION
OF FLAWS
IN ARCHITECTURE
SIGNALLING
THREAT
SIM SWAP
DOS ATTACK
MITM
MALICIOUS CODE
OR SOFTWARE
PHYSICAL ATTACK
... FEW OTHERS
10. Now what can a Hacker do?
Easily
From
anywhere
Any mobile
operator
No special
skills needed
Get access to your
email and social media
Track location of VIPs
and public figures
Perform massive denial
of service attacks
From
GSM to 5G
Different Protocols
Same Threats
Intercept private data,
calls and SMS messages
Steal money
Take control of your
digital identity
14. MNO point of view
Trigger point (SIEM,
SDR, Monitoring, FW)
Investigation process
„Respond“ defined
Telco SOC team
responsibility
To describe the situation
To mitigate the situation
(W/A, Final Solution)
To find reproduction
(Lab, Production)
To find RCA
16. Handover
Lack of resources/skills/
knowledge to continue
Collect and share existing
progress with 3rd line
Data analysis
Mitigate the situation
(W/A, Final Solution)
Provide the reproduction
(Lab, Production)
Provide RCA
19. Worldwide Telco Security Risks
Based on
70+ telecom
security
audits
finished
in 2020/21
ALL
LTE networks are
vulnerable to Denial-
Of-Service attacks
4,000+
attacks hit a mobile
network operator on
average per day
75%
of mobile networks
put subscribers at risk
of Geo-tracking
67%
of networks fail to
prevent bypass of
SS7 protections
53%
of call tapping
attempts on 3G
networks succeed
9 out of 10
of SMS messages
can be intercepted
20. 5G NSA networks are at risk of attacks ...
... because of long-standing vulnerabilities
in the Diameter and GTP protocols
24. A) OTP SMS interception
“We have received multiple complains from our subscribers which bank
account was drained due to delivery of OTP message via our carrier”
Retrospective incident investigation from last 90 days
FRAUDULENT EVENT
NUMBER OF
EVENTS
NUMBER OF
AFFECTED SUBSCRIBERS
IMSI disclosure 980 450
Fake subscriber registration 490 340
SMS interception with short
number
2770 128
25. How to abuse
International / National
SS7 network
MSC/VLR
HLR
SMS-C
STP
UpdateLocation: IMSI, Hacker GT
Hacker GT
26. How to abuse
International / National
SS7 network
MSC/VLR
HLR
SMS-C
STP
UpdateLocation: IMSI, Hacker GT
MO-ForwardSM: A-Num, B-Num, text
SRI4SM request: B-Num
SRI4SM response: IMSI, Hacker GT
MT-ForwardSM: A-Num, IMSI, text
Hacker GT
27. B) Voice Calls fraud
FRAUDULENT EVENT
NUMBER OF
EVENTS
NUMBER OF AFFECTED
SUBSCRIBERS
Termination of SMS with
alphanumeric number
5550 160
Termination of SMS with short
number
790 100
Fraudlent voice call redirections 1700 60
Retrospective incident investigation last 120 days
“We can see very suspicious tendency of MT SMS reminding SMS fraudster,
also we identified strange change in our CAMEL plattform for some cheap
trunks”
29. Final attack
International / National
SS7 network
MSC/VLR
HLR STP
CAP InitialDP: A-Num, Cheap number
SCP
RAN
CAP Connect:
Expensive number
Hacker GT
30. C) Double MAP
„We can see messages which are directly sent to HLR, seems like a good
reason for abusing our Home Routing solution“
Double map HR bypass MiTM
Site 1 15563 265
Site 2 16522 200
Site 3 13863 370
Retrospective incident investigation last 24 days
31. Double MAP component
TCAP Message Type — mandatory
Transaction IDs — mandatory
Dialogue Portion — optional
Component Portion — optional
Component 1
Component 2
The SS7 FW
checks a
subscriber's ID in
the first component
considering the
other data as a
long payload not
meant to be
inspected
32. Double MAP component attack
STP HLR
SS7 FW SMS Router
TCAP Begin
SendRoutingInfoForSM_REQ
StatusReport_REQ
Send the message
to the SS7 FW for
inspection
Inspect the first
component only
and pass the
message into the
network
42. To wrap up
Detect
Non-stop real-time threat detection is
essential for verifying the effectiveness
of network security and supporting rapid
detection and mitigation
Respond
Completely secure your network by
addressing both generic vulnerabilities
(GSMA) and the threats that actually
affect you as part of an ongoing process.
Audit
Auditing provides essential visibility to fully
understand your ever-changing network risks.
Small talk:
Covid
Whether
WT: Lets get started, welcome everyone on this call, I can see XX attendees which means there is nothing better on TV so you decided to stay with us for the next 60 minutes and we really appreciate it.
MB: We also do our best to make following 60 minutes interesting and usefull for you
WT: But..... before we move on, let us briefly introduce to that part of attendees who does not know us yet.
WT: This is the Agenda for this call, we let you from introduction through some definintion till the typical investigation process in its first part
MB: the second part starts at the time when „us“ or any other vendor providing so called „Incident Investigation service“ hand over the activity and continues the investigation
WT: Indeed we are going to discover a few of real examples, fully anonymized as I can see some representatives on the called have been working with us on this tasks
MB: Anyways, there always must be some message to those who want to adopt some lesson learn ...... and in the final part of this call, we are going to show you what such smart approach should look like
WT: So far, sounds good, at the end we welcome some challenging questions from your side.
MB: Alright, going to Introduction, not yet, just small comment, in a humans life there are some sad events and today I am going to a funeral of my best friend´s father, so my presence here will be limited to one hour, in advance, sorry for this incovenience.
MB: And here we are, a briliant slide with introdcution, cant imagine better.
WT: Too fast „Milan“, it starts afterward CLICK
WT: So here we´ve got corn seed - saying that every MNO is on its own journey and every step introduces new opportunites for bad actors
MB: I am curious why you have chosen just this corn.
WT: Thats a long story „Milan“
MB: Anyway „William“ tried to say - that there arent two identical MNOs, two identical infrastructures, two identical cybersecurity levels, thats why - the approach cant be copy/paste
WT: After a corn see we get to the Egypt´s pyramid, which in a nutshell says ... or better .... It is a justification for initial investment into security, which is very very challenging for some SOC team when trying to get some budget for such activities
MB: I would only correct you, this is a quality management concept developed by Mr. Loabovitz and Mr. Chang in the past ....
WT: Really? Good to know....
MB: Not at all, man,..... but let me finish here: and it says that Remediation costs more than prevention and Failure costs more than remediation
+++++
The 1-10-100 rule is a quality management concept developed by G. Loabovitz and Y. Chang that is used to quantify the hidden costs of poor quality.
When relating the concept to data quality it must be recognized that the principle, rather than the exact numbers will apply.
So how does it work?
The 1-10-100 rule refers to the hidden costs of waste associated with poor quality.
Remediation costs more than prevention
The principle suggests that the cost of fixing bad data is an order of magnitude greater that the cost of stopping it from entering the system.
These costs may be obvious – we may set up back office teams that are responsible for validating and correcting errors in created in the front office. In effect we are spending money to capture data twice.
Failure costs more than remediation
Yet, the costs of remediation pale into insignificance when compared to the costs of leaving bad data in place.
Poor quality data impacts our ability to operate. If we invoice the incorrect amount then we don’t get paid.
If we deliver to the wrong address then we have to pay for another delivery.
If we provide the wrong risk assessment then we increase our chance of a bad debt.
Our focus should be on prevention
Far too many data quality initiatives are focused on remediation after the fact.
What is your company doing to stop bad data from entering your systems?
The rule explains how failure to take notice of one cost escalates the loss in terms of dollars. There are many costs of non-quality such as: (1) prevention, (2) appraisal, (3) internal failure, and (4) external failure. Of these types of costs, prevention cost should probably take priority because it is much less costly to prevent a defect than to correct one.
WT: Our internal statistics say that despite we live in „5G era“ CLICK, which means pretty mature system with quite long history, the number of attacks which are doable is still too high
MB: You are right, despite the fact, that we face the preasure from CLICK national regulators and new legislation or all kind of CLICK recommenation from GSMA and few others
WT: Nice to hear from MNO there are defining CLICK their KPI plans or CLICK buidling their 360 security .....
MB: ... Or in recent years CLICK they introduced brand new Telco SOC teams.
WT: To me this should be enough to eliminate majority of serious issues, which is still not true
MB: How do you explain „William“ ?
WT: Maybe our valuable attendees might now use the chat and write down how they see it
MB: I have the only explanation and sorry to be so direct, „lack of experience“, „thoroughness“ /fforones/ ) and all around present human factor -which we call „laziness“
WT: No offence, but do you have some evidence?
MB: Sure, pardon me as this will be commerical break, you can use it for your refershment. Back to your question. I work many year close to „service support“ and always if we talked about critical system such as for example SMSC, every new situation must be reported and immediately fixed as MNO was losing money. A perception of many people is that security does not work like this.
WT: Are you saying that if MNO revenue is not directly impacted, there is no effort to solve ASAP?
MB: You said it correctly, how else you explain the simle fact that MNOs we worked with started their own investigation week, month sometime several week after someone did strike them?
WT: Again, we kindly turn to our attendees from the field, if you can use chat box and Milan will try to answer your question
WT: Also, when looking at security or cybersecurity if you wish, we have two points of view
WT: From IT perspective and from Telco perspective
MB: There is a few representatives from IT leg CLICK
WT: Followed by Telco leg CLICK, indeed some they have in common, but in general we need to have a look at Telco world by different pair of our eyes.
MB: For today we work on assumption we live in Telco world
Malware – take control over the system
Phishing sending confidential data to attacker
Password – brute force
DoS – Useless traffic, service
MiTM – Interruption, modification, eavesdrop
Signaling threats .- Location tracking, Private data or network data disclosure, take control of digital identity, Steal money
WT: I believe many of you already seen this slide, but the message we want to say is that still „we“, you on the call, your colleages, your family member, friends .... Can be the victim for cyber attack, regardless where you stay, what MNO you are attach with.
B: Despite all you´ve seen few slides ago as a „FEW FACTS“ it is in many of us become victim/ target victim. Another commerical break. Time by time or better often ... Skill set of intruder is move ahead against technologies pace, from traditional GSM to present 5G
A: I believe most of you receive regularly some text message, or even recorded voice call, ask you to press button “9” to continue, this is phishing technique, even intruder can fake the sender ID, sending email on behalf of regulatory even your higher mgmt.....
B: Exactly, many times we see that fake email from C-level managements are ignored but fake email from your direct reporting person is answered
A: that is the trick, because they know, covid 19 pandemic had change working culture, you are no more face to face in office with your superior, this is the chances Intruder use, they know how important for a person to secure a job with covid19 pandemic, we see cyber attack is significantly increase
B: Nice try, or the second example which „William“ answers your question why it takes so long time. When we do „Secret or Hidden Scanning“ the only C-level is aware about date/time/scope and they do nothing but just wait till their Blue team / SOC team identifies this malicious behaviour and according to process triggers some meassures.
A: Perhaps you´re right „Milan“ we know that not always response comes shortly sometimes never.
B: And this is too sad.
A: Telco SOC skill sets, need to move ahead from the pace of intruder, in order to protect their end subscriber, leak of visibility in assets, leak of experts are making the situation worse than ever.
MB: We use this opportunity to show you how we see it from customer side
WT: Also here you can comment and share your thoughts in chat box
WT: Looking at mobile architecture and infrastructure grow, security view not ONLY apply for new upcoming 5G, but also existing NEs, infrastructure. MNOs cannot stay focus on certain node, they need to have end to end view, from end user, to RAN, to mobile core, and toward IPX
MV: It should be more complex hence we talk about End to End view.
WT: One view can be focused on a very low level positioning where security is based on the way down to the ChipSet for instance, very handy when we employ thousands of IoT device (for smarthome, smart city, industries.)
MB: next, The other part is traditionally the interconnect security regardless we talk about services or products.
WT: In the middle we can find Consolidating technologies in 5G. We can see from the center office for vEPC, Virtualization, NFV, Containerize Environment, moving down to Edge security of MEC, as well as 5G New Radio.
MB: If we stick to 5G SA we can name a Service Based Architecture and new protocols coming there as these protocols are used very very widely in IT world, like HTTP2, where hackers have lot of experience which can reuse these vulnerabilities.
WT: so the tendency is to shine all light into your network and you can proud say to everyone, I see my assets as E2E visibility not only stress certain points.
MB: Let me stress this fact a bit. To start doing any kind of investigation, there must be a trigger of situation. It might arrive from SIEM, when doing CDR inspection, from Monitoring or from FW logs CLICK
WT: We know, the trigger is there so we have a situation but what to do now? This has to be described somewhere as every stakeholder knows what to do CLICK
MB: I assume these days it is mainly on Telco SOC responsibility CLICK
WT: yes, it suppossed to be. What is also very important is the full and clear description of the situation, collect all the available logs from several systems CLICK
MB: Then do a brainstorming and voala give me final solution or at least workaround. CLICK
WT: Nice to have is a MOP how to reproduce such situation as this might be very uselful in the future CLICK
MB: Last not least we need report it to that C-level and we need to create story about it CLICk
On Demand – this is usually unplanned activity, which has to be executed without any delays
Best practice approach supported by our huge signaling experience in this field
Reproduction – if customer agrees, we will provide reproduction scenario
Swift Workaround
Remediation validation
Protection of corporate reputation
Limiting future fines
WT: at MNO stand point, I believe they are experiencing this situation, and good sign I see at majority of MNOs I dealing with, they not we give up, ... But sometime they are in situation which they are totally out of ideas, how to proceed further, incident investigation has reached the dead end?
MB: Then the last resort option is to turn to experts in the field and ask for help. Not the beauty of handover support starts.
Question to Audience:
Did you ever engage with Third Line Support for Incident Investigation? (Y/N)
WT: Handover, What does it mean, what is the typical process and what is then the customer expectation?
MB: Lets call your experts in the field ... 3rd line support for a moment.... If we omit the legal part, NDA and other agreements ... There is always and handover where 2nd line shares all the existing materials, captures traces, logs and many other with 3r party
WT: And these experts in do start their own journey, investigate by expert is possible, because most of MNOs keep the raw signalling traffic for at least 3months.
MB: But the expecation does not differ from the one on the previous slide. There is a serious pressure to provide customer with workaround if not today, then already yesterday
WT: Yes, thats true, one highlighted fact, it is not rare, thats why I am telling this that during reproduction the experts in the field, they are able to discover related issue/vulnerability, get deep into technique use by intruder, expose and discover the impact subscriber, down to list of IMSI, so in the end of the day customer gets much more visibility and lessons learnt together with 3rd Line Support.
MB: as you mentioned what customer gets, here is just brief list of deliverables, not always only documents, it gets common, all the extra logs, traces, TCP dumps are enclosed to the report. CLICK
WT: And sometimes happens that such logs disappear from customer storage over night for obvious reason
WT. As we promised 40 minutes ago, here you are, there are 3 real example which all dates 2021
MB: Actually before examples let us share few statistics collected during this and last year.
WT: As you can see this is nothing we could call positive, it is worse than I wish. Indeed, thats our numbers from security audits and this mit be mispresented picture of situation as we must admit those MNO which are well protected dont give us the opportunity to prove it and improve the final picture. Anyway, those who gave us the chance we included into this slides
MB: when talking about attack ... CLICK ...
MB: ...we maybe show this one as this reflects the most serious attack seen on Diameter and GTP perimeter.
WT: Nothing to add, just we can visualize some of them like this.
MB: Despite the fact we could show much more examples, we´ve decided to cherry pick another 3 examples and uncover something which day by day duty behind the scene .......
3x CLICK (new slides on each cyberattacks)
WT: SMS Interception, this cause OTP/ TAC of credit card, being stolen
MB: Call interception, ear-drop is what intruder did, be silent listener
WT: So this is our first example. All starts with any description, so this is what we´ve got from customer. It is clear that we had to deal with fraud case
WT: Already now we can show you the results, what the retrospective incident investigation focused on last 90 days uncovered.
MB: to be more concrete ... An external intruder registered victim subscriber on a fake mobile network. After that, the intruder performed an attack on a banking account of the victim subscriber and requested money transfer to their accounts.
The banking 2FA system sent OTP SMS to the client’s device. Since the client’s device has been previously registered on the fake network, the Customer's network redirected the OTP SMS to the intruder’s equipment. Thus, the intruder was able to confirm the money transfer transaction using data from the OTP SMS.
WT: What has happened ? CLICK
Sending the UpdateLocation CLICK message using IMSI of a target subscriber and Hacker GT as a new MSC and VLR, the hacker is able to disturb voice call and SMS services for the subscriber, intercept incoming SMS messages, and redirect incoming voice calls if we list of options, all based on known IMSI (CLICK)
MB: Correct, CLICK as you can see, it was not a big deal for intruder to complete the activity CLICK 4x . From ohter social engineering step preceeding this redirection he or she got the bank account credentials of our victim and the one last step we needed. To trasfer the money and type the confirmation code in OTP message.
WT. Crazy considering the fact how many people have been affected and how much money was lost.
WT: Recommendation
We identified the source address, so the main recommendation is to block all incoming SS7 messages from this source in order to avoid this kind of fraud from these guys in future.
Then we saw that some of the subscribers were still affected after the fake registration. So, the recommendation is to make forced Location Update procedure on the list of these subscribers.
Block incoming signaling messages, which may lead to IMSI disclosure as it was the first step of the attack.
Block incoming registrations if the requested subscriber is currently located at home network.
WT: A second story is like this, again we have a messsage from MNO follwoed by real numbers /rounded)
MB: As you can see not only voice call issue was discovered during investigation, typically if anyhting happens it is not an isoloated activity.
WT: The first issue is connected with the grey SMS termination on the Customer network. At the observed period, the some short messages were terminated from the intruder’s host, some of them are A2P SMS.
MB: The second issue is connected with voice traffic fraud. An intruder changed a CAMEL platform address in the VLR node for one subscriber having control over the outgoing voice calls of the affected subscriber.
The subscriber made voice calls to a cheap trunk and the intruder redirected the calls to a more expensive route.
MB: so how we investigated. First, the hacker sends the InsertSubscriberData message CLICK to change or insert a serving SCP address in the subscriber's profile. New SCP address is under the hacker's control. CLICK 2x
MB: When the target subscriber makes a call, the CAP InitialDP message goes to the Hacker’s GT instead of legal SCP node.
Then the hacker can send CAP Connect signaling message with the number with much more expensive direction.
5x Click
RECOMMENDATIOn
The recommendation is to block GSMA FASG category 2 signaling messages. That means the border equipment like STP or signaling firewall should check if the source and the addressed subscriber belong to the same network. If nor, the request should be filtered out.
WT: Another very unique and working attack technique, it work for SS7, Diameter, GTP, Let’s see how the intruder can use double MAP component signaling message to bypass the protection
MB: Lets start with the fact that TCAP message multiple components withing the same TCAP ID. The hacker worked on this assumptiong, expecting signaling firewall wouldnt check or better would ignore the second optional component CLICK
WT: . In this case each MAP component defines its own operation, and subscriber identifiers in these operations might be different. When the Signalling firewall inspects such double component message, it checks the subscriber’s identity in the first component considering the other data as a long payload not meant to be inspected.
MB: Now real example. As you can see in our investigation, we identified request of status report followed by SRI4SM request. Nothing suspicious, isnt it?
The STP sends this message to the SS7 firewall that inspects the first component only, defines that the operation is not suspicious, and forwards the message to the destination node. CLICK 6x
WT: From the HLR point of view this combination of the components is not valid and thats why HLR returns REJECT error.
If we pay attention to some details in this response, we will find that the message type on the TCAP layer is “Continue”. That means something like this: I don’t understand you please repeat you request within the same transaction.
3x Click
MB: as you can there is an unexpected behaviour as we see now that the originator used the TCAP continue to submit new message where only SRI4SM remains. 2x Click
As we moved in state machine of STP and SS7 FW further, we can notice that such message is being accepted and delivered to HLR.
You can see why not but this is the trick. STP does not suppose to send SMS related messages message directly to the network elements but via SMS Router, which was actaully bypassed this time CLICK
WT: This is correct, you could see the „lateral movement“ abusing „double map“ component which was used to get real subscriber IMSI, 3x Click
Recommendations:
Redirect SendRoutingInfoForSM messages to the Home Router regardless the TCAP message type and also Configure security means to block illegal operations based on multicomponent TCAP transactions.
Or just block all strange multi-component requests. It is easier and more effective.
WT: We are slowly approaching the finale /finali/ of this call and as always there should be any message to you, some advice, something which might be catchy and your take away from this call, I hope some / majority of you can benefit from this webinar
B: And here we are, this is what can be called „risk driven“ approach ... What is it „William“?
WT: Let me go back to the slide which opened this section, maybe one step back. Then we get to the point where we apply our pro-active approach on every red point. This will then result in source of knowledge about your today cybersecurity level.
MB: OK, and how to get this source of knowledge?
WT: Let me show you. ... CLICK
MB: If we simplify the previous slide we get 4 areas of interest. There we have Access network, Core network, MEC and Virtualization CLICK
WT: These tell you to Vulnerability testing for the Access, because there are hundreds or thousands of base station in the wild.
- Run it for the Core, because it is 100% exposed to the IPX
- Run it for the Virtualization infrastructure, because vendors deliver it as a black box – which is unacceptable from security pint of view.
- And run it for the MEC - if you already have one – because no one knows what will be there.
MB: correct, we might find issue, probably:
- Software vulnerabilities in the Access
- Lack of architectural security in MEC
- No security policies for NFVi
- Misconfigurations in the Core
WT: What next? How to address these issues? This is what pops-up mind when looking at this slide....
MB: one of the ways to start is with getting visibility of what is happening in the wild. We already know a lot about our weakness, but can we escape from it immediately? .... NO!
WT: We know very well how the MNO processes and policies work:
WT: Can we patch all unpatched systems? –
MB: Not that fast!
WT: Can ask for security hot fixes from vendors?
MB: Please have a sit and wait, it is in the roadmap.
WT: Can we apply some config changes to make network more robust?
MB: NO, you need to test it first.
.... 2 sec silence...
WT: We have a lot of constrains for security.
MB: But we know how to efficiently work in this tough environment - do start threat detection and plan response because security monitoring is essential to provide the rapid detection and mitigation.
WT: Exactly. It does make absolutely no sense to try to create proactive protection via building boarders – the network and services are already exposed – more than ever before – and having visibility over it - is the only way to enforce control and protection.
MB: You can have audit report in your hand, you can get the best monitoring solution, but neither one saves you from troubles, unless you implement protection. CLICK
WT: Of course, but please do not be confused with protection as a function. It is goal, it can be achieved in many ways – It is our mission – to find most effective, applicable for customer’s environment and cost-efficient solution.
MB: Indeed, It can be
Patching and verification
Or
Hardening and compliance
Or
Design review and security requirements
Or
Traffic filtering and continuous fine-tuning
WT: All of this can take place, where it is need and when is the suitable timing.
WT: So we get to the final slide of our presentation. I hope we managed to explain right approach of telecom security which helps againt unwanted and unexpected situations which directly on indirectly affects your reputation, revenue but also your quality of service. CLICK
This approach should be
just enough to do main jobs and help with most important tasks
It should be cost-efficient, because this is the only way Security teams can demonstrate value to the business
of course today it is also about creating trust and assurance in technologies.
MB: Our message is that no one is perfect and today we presented that there are companies which can help you anytime you need.
WT: There always wil be a likehood that someone can strike you, but with well arranged processed, this subsequent investigation and reponse will become much more efficient, fast......
MB: Indeed, I wihsh no more invetigation months ago after the situation
MB: And here we are, this was our last slides. We really appreciate you stayed with us until this point, thank you.
WT: As we are good in time so we can immediately proceed with your questions .....