Seventeen percent of total mobile network operators (MNOs) had deployed a signaling firewall by the end of 2020, according to our latest market data, but a deeper dive reveals that just 6% of these deployments would be classified as fully protecting the operator’s network.
Mobilesquared forecasts a further 34 deployments will have occurred by the end of 2021, taking the total to just under one-quarter (24%) of total MNOs.
It comes at a time when the growing threat of attacks posed by rogue groups and individuals determined to unleash chaos and disruption in the pursuit of financial gain is on the increase. And with 94% of MNOs potentially exposed to illicit activity, the volume of subscribers that could be affected is extremely concerning.
Our market data was supplemented by signaling network research of MNOs, conducted by Mobilesquared on behalf of Mobileum. Of the MNO research participants that have deployed a signaling firewall, less than one-third said that they could perform cross-protocol correlation, such as correlating information and identifying abnormal patterns across different signaling protocols.
This is an alarming statistic because attacks typically occur over multiple protocols, with MNOs facing constant changes in attack typology across multiple signaling protocols, with roguesters targeting DIAMETER in particular.
By cross-protocol correlation, we mean correlating information and abnormal patterns across different signaling protocols to identify likely network security threats.
The most protected protocol is SS7, with 100% of signaling firewalls protecting it. Then, there is a significant drop to the next protocol, with just over half of firewalls protecting Diameter (56%), a quarter protect GTP, and just under one-fifth protect SIP. Given that Diameter has been identified as the one protocol that is under increasing pressure from security attacks and has been highlighted as an area of key concern, it is not surprising that it is featuring more prominently among multi-protocol signaling protection, and highlights that mobile operators are reacting to the threat.
So unless a signaling firewall can provide cross-protocol protection, the network remains exposed to the hackers and fraudsters looking to systematically exploit all points of entry that they can identify, leaving subscribers vulnerable to potential fraudulent activity.
Download the full report here