Cologne/Tokyo/Madrid. March 12, 2019. Blue Telecom Consulting (BlueTC®) has performed a security audit of one of Europe’s largest Mobile Operators’ IMS as part of their Quality Innovation and Excellence Programme.
- The increasing number and sophistication of attacks in IP-based networks and European regulations call for more thorough operator security testing.
- This Security Audit sets a new benchmark, going beyond industry standards by simulating more than 10 million network attacks in a short period of time thanks to proprietary automated tools brought by NextGen with their over 10 years’ of experience
- TÜV TRUST IT were able to oversee and certify the security levels achieved by the Operator as part of the Customer IMS Quality Innovation and Excellence Program they were involved in
In a period of only six weeks, more than 10 million test cases were executed to challenge the actual security readiness of their mobile IMS network. Both a dedicated traditional node and a virtual node were put under test using a comprehensive library of known, potential and theoretical attacks and penetration techniques. TÜV TRUST IT included the test methodology and technology in their audit and certification program. These tests and the fast reaction time of the Operator, enabled TÜV TRUST IT to issue a certificate as a proof of the actual security levels of the networks assessed.
With the transformation from circuit packet switch to all IP-traffic, there are far more variables related to the core network and thus more complexity. Session Border Controllers (SBC) have inherent limitations and vulnerabilities which call for increasingly thorough security testing of IMS networks. Recent European legislation on data privacy and stricter regulations with regards to telecom infrastructure security have also resulted in large operators taking the lead by having their networks assessed by an external security consultancy.
The testing performed in this project went beyond what the international telecom standards require, leading to a new benchmark for best practice related to both the number and scope of the test cases. While an operator normally would test tens of thousands of attack cases, BlueTC can perform tens of millions in a very short time span. This reveals a detailed picture of how the test subject behaves related to SIP traffic, the type of threats a network is exposed to (both on the VoLTE and Interconnection IMS accesses), their severity and causes. The resulting audit report highlights likely causes and applicable countermeasures, which in this case allowed the Operator to give meaningful insights back to the vendor to help them improve their products.
In order to fulfill the very demanding customer expectations, BlueTC has leveraged on the long-lasting partnership with NextGen Inc. NextGen is a Japanese company specialised in IMS Security Solutions, among other IMS related portfolio. They have become the standard de facto company providing IMS Security Audits and Intrusion Detection Systems (IDS) Solutions for the Japanese market since 2007.
BlueTC’s Managing Director, Miguel Angel Garcia Matatoros, says the Operator has a competitive edge compared to other European mobile operators. “This is a great first step in enhancing their already comprehensive security and quality program that will make their networks more robust and safer to use”, and adds: “BlueTC considers the IMS security assessment an eyeopener for operators. Their whole mindset changes from focusing on compliance to proactive work with securing the assets of their organisation and customers, which in the long run increases the value of the company”.
TÜV TRUST IT’s Managing Director, Detlev Henze, pointed out that “the Operator again proved their Excellence in Architecture, Processes and now in Technology and Security”. TÜV TRUST IT issued a certificate for this evaluation and testing, which helps the operator to show their efforts and leading role in technology and security to their customers and competitors.
About TÜV TRUST IT GmbH (TÜV TRUST IT)
TÜV TRUST IT is the neutral, objective and independent partner for the industry with regard to information security and data privacy. It is our mission to support companies in protecting their information assets. Information values are thus assets that, like all other corporate assets, need to be protected in accordance with their importance.
Our services are based on internationally recognized standards and best practices. It is important for us to make a significant contribution to our customers’ value creation.
About NextGen Inc. (NextGen)
NextGen Inc (JASDAQ: 3842 Next Gen) is a world class provider of VoLTE security testing solutions and vulnerability detection consulting. Their VoIP security testing service is based on extensive experience of developing large scale and complex systems for telecommunication carriers, which includes over 80 million test items. These security tests are customised and NextGen has served more than 200 systems with 50 companies in Japan and overseas. For more information: www.nextgen.co.jp.
About Blue Telecom Consulting SL (BlueTC®)
Blue Telecom Consulting is an international telecommunications consultancy head-quartered in Madrid that specialises in evolving and optimising mobile networks. Among other, it offers forensic Security Audits of VoIP traffic, like VoLTE, VoWiFi and similar, and also implements systems for continuous intrusion detection and protection of IMS networks. Since 2014 BlueTC collaborates closely with NextGen Inc. within the area of network security and is today its European reseller and service partner.
Head of Nordics
Tel: + 34 91 754 04 44