VoIP/SIP Security Audit
NextGen's Incompatible Service
Our VoIP/SIP Security Diagnosis is quite unique service best of all, particularly in Japan. We are offering to elecom/mobile operators or telecom system vendors this service that covers entire system/service lifecycles: execute security audit and analysis; identify the threats and its scope of impact; plan effective measures; and double-check the corrections/improvements. The VoIP/SIP Security Audit is backed by highly specialized carrier grade systems development and expertise in terms of the next-generation telecom network, a.k.a. IMS (IP multimedia subsystem) or VoLTE (Voice over LTE). 30+ customers and 120+ systems have been secured by our VoIP/SIP Security Audit since 2007.
Case 1：Security Diagnosis for a VoIP systems vendor
|Requirements||Make sure a new system has no security threats and vulnerabilities prior to its shipment.|
|Background||Need peculiar experience and analytical skills that the vendor doesn't have, and supposed that it takes prolonged practice to catch up. General test tools are not cost effective and besides those do not even comply with the entire requirements.|
|Target of the Diagnosis||VoIP/SIP gateway|
|# of Audit Items||Approximately 3 millions|
|Audit Term||2 weeks|
|Detected Vulnerabilities||Critical：4, Middle：2, Low：6|
- Customer's Response
- NextGen's VoIP/SIP security audit has uncovered not only vulnerabilities of the system but also several malfunctions. Some of those might be exposed in the field of scattered production networks if we didn't have the checkup. We barely escaped from serious problems at the last minute.
- NextGen's experts minutely investigate the issues throughout the audit term, so that we could focus on our own operations.
- NextGen's security diagnosis report makes mention of not only the issues in terms of security vulnerabilities but also some frauds against internationally agreed VoIP/SIP specifications and relevant regulations. That ensures inter-operability between multi-vendor devices.
Case 2：Security Diagnosis for ISP in North America
|Requirements||Make sure there are no security holes in the cloud PBX system before its commercial rollout.ｖ|
|Background||Customer needs to deploy the cloud PBX system in a hurry and to secure the system at the same time, but they have no extra resources to do both in time.|
|Target of the Diagnosis||Cloud PBX system that consists of 3 different components.|
|# of Audit Items||Approximately 12 millions|
|Audit Term||3 weeks|
|Detected Vulnerabilities||Critical: 2, Middle: 3, Low: 6|
- Customer's Response
- We could prevent malicious attackers from serious damage or service outage before the service is getting into the live network, because NextGen's security audit covers overall service level threats, not just device or system level.
- NextGen's security diagnosis report includes guidelines in detail about individual system that need to be fixed or improved. This helps system vendors with its quality improvement in a timely manner.
- We could identify the scope of effective measures to counter potential security risks that may happen in the field. That means we are very clear about what we have to do by proper investment or operations improvement.