Inspect those Network Packets

Written by: RANK Software  |  December 13, 2016

Inspect those Network Packets, relying on only logs for effective Security Analytics is not enough.

Case in point, lets take a recent interesting article where IBM is warning about VOIP attacks. Cyber-attacks using the VoIP protocol Session Initiation Protocol (SIP) have been growing this year accounting for over 51% of the security event activity analyzed in the last 12 months.

Important takeaways from this article —

  1. How do attacks happen ? Specially crafted Session Initiation Protocol (SIP) messages that are terminated incorrectly are sent. Persistent, invalid messages cause vulnerable servers and equipment to fail. If the equipment is failing, then the obvious consequence is that there are going to be no logs. Security systems that rely purely on log sources are not going to know that the SIP packets were bad — you have to look inside each packet to know that they were bad. If an organization is relying purely on logs, then they have a huge blind spot.
  2. If you wonder why an enterprise should care about SIP or VOIP and perhaps this vulnerability is only something a Telecom Operator should care about — well let us say you have VOIP phones in your organization. According to IBM — “Earlier this year there were reports of certain VoIP phones that had insecure default configurations, which allowed attackers to make, receive and transfer calls, play recordings, upload new firmware and even use victims’ devices for covert surveillance. VoIP services are also subject to abuses such as toll fraud, which involves taking control of network access to avoid paying for telephone calls, IBM wrote. An attacker can also carry out a distributed denial-of-service (DDoS) attack by flooding a company’s telephone service with thousands of junk calls per minute from automated IP dialers as well, IBM stated.” — Imagine your competition listening in on your top secret expansion plans !!

While the above example is about VOIP, the value of inspecting Network Packets extends to other use cases as well. Rank’s software solution collects, aggregates and analyzes network packets in addition to log sources, providing complete security posture visibility to any organization