Verizon adds VoIP security consulting

Verizon today announced a new consulting service that will enable business and government customers to assess the risks of using Internet telephony.

Verizon’s VoIP Security Assessment Service is a professional service offering that will identify security risks for commercial customers as they switch to VoIP and manage those risks. Those risks include the traditional voice network issues such as toll fraud and traditional IP-network issues including viruses, denial of service attacks and SPIT (spam over Internet telephony), along with new risks associated with handing VoIP calls off to the PSTN.

“Companies cannot have expertise on your staff to handle all the security issues – it’s a very specialized field,” said Sara Santarelli, chief information security officer at Verizon Business. “You need a trusted partner.”

Although there haven’t been a flood of VoIP-related security problems, there is reason to believe they are coming.

“We haven’t seen a whole lot of nasty attack-type traffic,” she said. “But what we are really doing is getting out there in a proactive fashion. Before that happens, there are things you should be doing in your enterprise, like making sure you have good strong controls, filters in place, firewalls in place, such that if something does happen or we begin to see that attack profile grow. It’s coming.”

Verizon will do a comprehensive review of security policy, local area network and wide area network architectures. The company then develops a detailed analysis based on industry best practices and threat categories and guidelines from the National Institute of Standards and Technology. The analysis includes a VoIP architecture review, a network and device penetration testing and risk assessment, evaluation of standards, policies and procedures and a findings and action plan.

The VoIP Security Assessment Service is part of Verizon Business’ focus on managed security.

The nature of security has changed, Santarelli told a media conference Tuesday. No longer are the “bad guys” teenagers looking for attention – today, they tend to be professionals looking for money, either by stealing credit card numbers or social security numbers or even through extortion of major money-making sites such as gambling organizations, she said. Often the goal is to take control of a computer and operate it as a “bot” for the purposes of sending spam or other purposes.