Converged VoIP and data networks are costing enterprises a lot of
money, but still they're left with one question: "Is it secure?"
For Alphonse Edouard, IT vice president for Dune Capital
Management, an investment firm, VoIP has become a cornerstone of
business. So ensuring its security is imperative.
"For a great deal of what we do, voice is very important,"
Edouard said.
Dune Capital Management started by deploying VoIP. "Then the
'work anywhere' concept came into play," he said.
Dune needed a way to ensure call quality and to monitor the
network to guarantee that it's secure.
"We all know VoIP is very susceptible to hackers," Edouard said.
In the past, he has used QRadar from Q1 Labs to monitor flow data
and network traffic. Eventually, he started to monitor VoIP quality
of service (QoS). But as Dune Capital became more and more
dependent on VoIP, the company needed to ensure that enough
bandwidth was allotted and also had to find a way to monitor VoIP
traffic separately from data traffic, though the two share a
network.
A new QRadar module specifically designed for monitoring VoIP
networks fit the bill, Edouard said. The VoIP module combines
network behavior analysis and security event correlation to monitor
across the network protocol, application and security services
layer of a VoIP network.
According to Q1 Labs vice president of marketing Tom Turner,
companies are struggling to monitor VoIP traffic together with the
security devices that protect it. Turner said that without
effective monitoring, VoIP is subject to bandwidth contention and
traffic jitter while also opening itself up to potential security
threats such as toll fraud, man-in-the-middle attacks, and denial
of service (DoS) or other IP PBX attacks.
QRadar's VoIP module gives users a set of security event
correlation rules, application signatures and specific VoIP
security reports. These are designed to help users better monitor
their VoIP application traffic and correlate events from security
devices protecting the network, while detecting and reporting on
threats specific to VoIP applications and servers.
"Voice is an increasingly critical component of customer
networks," Turner said. "In order to correctly monitor and secure
VoIP applications, customers need to be able to unify their view of
the network, the applications on that network and the security
products that defend those applications."
According to Turner, the module offers:
- VoIP correlation rules, which correlate events taken from
multiple VoIP source devices such as call managers, IP PBXs and
voice gateways. The rules detect toll fraud attempts and DoS
conditions against PBXs and other voice control services.
- Daily, weekly and monthly VoIP-event summary reports, which
detail the number of VoIP-associated security and policy events
that are being created on a network, an indicator of overall VoIP
network health.
- Executive VoIP reports, which offer a high-level look at VoIP
network activity, VoIP security event data and network behavior
data in a combined overall view.
Edouard said he can monitor traffic at the port to compare
charges against the phone bill. The module also leverages not
having 10 different products monitoring the VoIP and data network,
detecting anomalies, sounding alerts and generating reports.
"I can ensure that all calls are crystal clear and everything
works fine," he said. "I can also ensure that VoIP traffic is
secure."