A TWO-PART SERIES ON THE SECURITY OF NETSAPIENS PRODUCTS
“Our survey results indicate that, despite increased investments in cybersecurity in 2020, 78% of respondents lack confidence in their company’s IT security posture and saw room for improvement. Only 22% felt very confident.” – Cybersecurity at a Crossroads: Insight Report for 2021
Part 1: NetSapiens has a holistic approach to security
With each passing year, cybersecurity becomes more important to the tech industry and the worldwide business community. With less than a quarter of IT professionals “very confident” in their own organization’s ability to protect itself from cyberattacks, it’s clear that solution providers and technology vendors need to have cybersecurity as a top-of-mind priority.
Making security and privacy a priority
According to Kevin Selkowitz, senior director of solutions engineering at NetSapiens, security and privacy are not an afterthought when it comes to building the company’s unified communications, collaboration, and video solutions products. “We have a holistic approach to security.”
Early in his career, Kevin admits to being a bit cavalier about cybersecurity and learned the importance of adequate protection after being hacked a couple of times. “Fortunately, they were minor, but once you get breached, you get the ‘religion’ of security real fast. I learned then that only the paranoid survive.”
NetSapiens cares for our community of service providers and their customers by focusing on protection for handsets and provisioning servers.
“With the handset, it’s really about shutting down interfaces and keeping firmware up to date. Admittedly, any platform can do that and it’s a little vanilla, but with our SNAPsolutionⓇ it’s really easy for our partners and end users to apply settings and firmware,” says Kevin.
“On the provisioning server, there’s two technologies that we employ. One is called SAFE, which is for brute-force attack detection, and the other is per-device passwords.”
A NetSapiens customer at a CLEC before joining the company, Kevin says when he started working for NetSapiens eight years ago one of his initial projects was to develop a security tool. Working with colleague Chris Aaker, NetSapiens’s VP of engineering, they came up with a security software tool and called it SAFE. The acronym stands for Selkowitz Aaker Filter Environment.
Similar to the application Fail2Ban, SAFE is “watching for bad requests” on SNAPsolution. If SAFE identifies a lot of bad requests coming from the same IP address, NetSapiens blocks that IP. Kevin says, “We don’t throttle good requests, but we don’t want to keep serving files to places that are making bad requests because that’s probably going to lead to a brute-force attack. So that’s our first layer of protection. It’s not rocket science but it’s pretty damn effective.”
Using per-device passwords
The second security layer that NetSapiens employs is called per-device passwords. “We’ve had it for a few years and we’ve been making it better and easier to deploy. Basically, we’ve added individual provisioning passwords for devices and invalidated the redirection service initial password.”
This is necessary because in the past redirectors have been breached. When this happens, it may give hackers all the information they need to get configurations for devices and the ability to start making fraud calls.
“With per-device password technology, we invalidate the redirector password and give the phone a unique password, so if you breach redirectors or any other services, you’re still not getting configurations.” While this type of security is not unique to NetSapiens, Kevin says it’s “not common.” Most competitors are trailing NetSapiens’s security efforts.
Kevin reiterated the need for looking at security holistically. “Even if you secure your endpoints perfectly, all our layers of security can’t protect you against weak login passwords or leaving the SQL port open.” In other words, there’s no protection for carelessness.
Not sexy, but fundamental and powerful
NetSapiens solutions have many other security features—some fundamental and “not sexy” but powerful—including:
- MFA (multi-factor authentication)
- Dial translations that default to prevent call forwarding to international destinations if a mailbox is breached
- Auto-generated long, unique SIP credentials
- Dial permissions that limit where calls can be made
- PIN checking
- Carrier thresholds alerts
- reCaptcha to protect portals
A favorite tactic
Kevin says one of his favorite tactics is nighttime and weekend PIN code checking for international calls. “Most toll-call fraud is going to happen nights and weekends when you’re not looking. Hackers are smart enough to try when you’re not looking. You don’t check PIN codes during the day so you don’t bother your customers, but most likely North American customers aren’t trying to make international calls at night. So PIN code checking during off hours is surprisingly effective.”
NetSapiens’ commitment to security is one of the reasons SNAPsolution is the fastest growing platform in North America per market research from Frost & Sullivan, May 2021. Our customers appreciate the holistic approach and many are willing to go on the record to praise the company.
In a recent video testimonial, Brightlink CTO Joe White said, “One of the most interesting things for NetSapiens partners is being able to prevent call fraud. Toll fraud is a huge problem in the industry and it costs companies millions of dollars every single year.”
Read Part 2 of the Security of NetSapiens Products: “Think Like a Hacker”
NetSapiens is the fourth largest third-party UCaaS vendor with the fastest growing platform in the North American market. — Frost & Sullivan, May 2021