Unicus™ was developed by UM Labs R&D to provide security for Real-Time Communications (RTC) services and applications using industry standard protocols including the Session Initiation Protocol (SIP). SIP is widespread, virtually all modern Unified Communication platforms and all RTC platforms including business phone systems. SIP is used widely on telecom backbone networks and is at the heart of VoLTE and 5G networks. SIP is replacing legacy technologies such as ISDN as a service delivery for fixed line connections and in the future will extend to consumer service delivery.
SIP is here is to stay, but securing SIP applications and services is a challenge. The complexity of the protocol means that standard security technologies cannot provide effective protection. Running SIP and the related protocols needed for RTC through a firewall can hinder service provision. Some vendors have attempted to solve this problem by adding a SIP Application Level Gateway (ALG) to their products. ALGs create more problems than they solve, which has prompted NICC, a UK communications standards organisation, to publish guidelines calling for SIP ALGs to be disabled by default.
The lack of effective security for SIP leaves critical communications systems open to attack. A successful attack can result in:
- Loss of sensitive information, damaging a company’s reputation and resulting is fines for compliance violation
- Fraudulent calls, single attacks costing over $400K are common
- Denial of Service attack, resulting in complete shutdown of the system.