Solution Service

VoIP/SIP Security Audit

NextGen's Incompatible Service

Our VoIP/SIP Security Diagnosis is quite unique service best of all, particularly in Japan. We are offering to elecom/mobile operators or telecom system vendors this service that covers entire system/service lifecycles: execute security audit and analysis; identify the threats and its scope of impact; plan effective measures; and double-check the corrections/improvements. The VoIP/SIP Security Audit is backed by highly specialized carrier grade systems development and expertise in terms of the next-generation telecom network, a.k.a. IMS (IP multimedia subsystem) or VoLTE (Voice over LTE). 30+ customers and 120+ systems have been secured by our VoIP/SIP Security Audit since 2007.

Case 1:Security Diagnosis for a VoIP systems vendor

Requirements Make sure a new system has no security threats and vulnerabilities prior to its shipment.
Background Need peculiar experience and analytical skills that the vendor doesn't have, and supposed that it takes prolonged practice to catch up. General test tools are not cost effective and besides those do not even comply with the entire requirements.
Target of the Diagnosis VoIP/SIP gateway
# of Audit Items Approximately 3 millions
Audit Term 2 weeks
Detected Vulnerabilities Critical:4, Middle:2, Low:6
Customer's Response
  • NextGen's VoIP/SIP security audit has uncovered not only vulnerabilities of the system but also several malfunctions. Some of those might be exposed in the field of scattered production networks if we didn't have the checkup. We barely escaped from serious problems at the last minute.
  • NextGen's experts minutely investigate the issues throughout the audit term, so that we could focus on our own operations.
  • NextGen's security diagnosis report makes mention of not only the issues in terms of security vulnerabilities but also some frauds against internationally agreed VoIP/SIP specifications and relevant regulations. That ensures inter-operability between multi-vendor devices.

Case 2:Security Diagnosis for ISP in North America

Requirements Make sure there are no security holes in the cloud PBX system before its commercial rollout.v
Background Customer needs to deploy the cloud PBX system in a hurry and to secure the system at the same time, but they have no extra resources to do both in time.
Target of the Diagnosis Cloud PBX system that consists of 3 different components.
# of Audit Items Approximately 12 millions
Audit Term 3 weeks
Detected Vulnerabilities Critical: 2, Middle: 3, Low: 6
Customer's Response
  • We could prevent malicious attackers from serious damage or service outage before the service is getting into the live network, because NextGen's security audit covers overall service level threats, not just device or system level.
  • NextGen's security diagnosis report includes guidelines in detail about individual system that need to be fixed or improved. This helps system vendors with its quality improvement in a timely manner.
  • We could identify the scope of effective measures to counter potential security risks that may happen in the field. That means we are very clear about what we have to do by proper investment or operations improvement.