Dear Editor,
It is time for organisations to bury dedicated Hardware-based Security solutions.
Recent years have seen a fundamental transformation in IT strategy, with networks being more agile and quickly deployed and applications now deliverable quickly, in any location and scaled to meet an organisation’s requirements. From virtualised hardware to network function virtualisation and software defined networking, the hardware and network infrastructure has become decoupled from the application and the application itself is increasingly located anywhere across the cloud.
And, this decoupled approach demands a different approach to security; it can no longer be defined by network controls because those networks are virtual, disparate and remote. When organisations access applications via an Internet address the physical location is increasingly unknown. Security, therefore, needs to be elastic and flexible.
The hardware based, dedicated Session Border Controller (SBC) does not fit into this model. As an approach to securing the VoIP network, it is fundamentally flawed on many levels.
Firstly, it constrains an organisation’s virtualisation strategy. How can a company quickly spin up new cloud based voice applications, for example? As organisations look to gain the cost, agility and scalability offered by hardware and network virtualisation, the hardware SBC is clearly a problem.
Perhaps the most concerning issue is that this approach is flawed from a pure security perspective. Hardware SBCs are considered both one off investments and one off deployments. As every security best practice model will attest, with a constantly changing threat landscape failure to undertake routine updates will leave the organisation vulnerable.
To be effective, security solutions must reflect the emerging risk and the current deployment trend. A software only model that is continually updated to mitigate the evolving threat landscape is essential. Software based SBCs, either on premise or in the cloud, also explore community led intelligence about threats and risk experiences to rapidly disseminate new threat information and best practice. This combination of routine product updates with shared intelligence ensures an attack on a single organisation can be quickly transformed into a patch or update that protects every business from the new risk.
Despite the widespread adoption of VoIP, the vast majority of SBC vendors are simply failing to respond and still advise an implement once model. They fail to update customers on the evolving threat landscape, and they cannot support the agile, decoupled infrastructures now required.
It begs the question – just what is the value of the hardware-based SBC?
Yours sincerely,
Paul German, CEO, VoipSec
Paul German, CEO at Certes Networks
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.