Voice Firewalls - the next compelling technology

My last blog posting attracted an interesting comment from Lee Sutterfield, suggesting that voice firewalls are going to be the next major product investment. We should take note of that. Lee is a smart guy who operates years ahead of the field.

For those that don’t know Lee, I should point out that he’s the guy who sold the concept of Information Warfare to the US Air Force. He’s also the father of intrusion detection. He developed the first commercial product, NetRanger, which Cisco immediately acquired.

For several years Lee has been working on voice firewalls, initially to help control and manage PABXs but increasingly as a solution to converged data/voice architectures. His company SecureLogix has a unique perspective on this solution space.

And the security risks presented by voice and data convergence should not be underestimated. Over the next few years we’re going to see increasing pressure for more effective architecture solutions.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

This is an interesting area. Something that has not yet been answered to my satisfaction is ' how do you connect your internal VoIP network directly and securely to the soon to be deployed BT 21CN public VoIP network'. That is without having to use a 'POTS' interface as we do currently.
This a very important question and a hard one to answer without an in-depth look at the architecture BT is deploying. As we understand it now, and our details are incomplete, the service is provisioned with Nortel 2000's and Acme Packet's session border controller to enable SIP trunking to the customer premise. This will be the classic private to public connection that always brings security risk. The SBC can provide rate limiting, source limiting and scrubber capabilities which might be sufficient for some. However, we believe that most enterprises will want to pass all VoIP traffic through Voice Firewalls and Voice IPS's. Several years ago traditional data firewalls were making the case that they would handle VoIP security issues but the real-time nature of voice clearly requires a different technology such as Voice Firewalls. Even if the deployment of these new connections to the enterprise were to dramatically increase, security issues associated with the incredibly large base of legacy TDM trunks to the enterprise will need to be addressed as well. A real Voice Firewall for the enterprise should handle the security and management issues for both legacy TDM interconnectivity as well as the coming SIP interconnectivity. I think you'll see some innovative solutions coming from BT and others in the coming months.