Voice over IP
(VoIP) provides businesses with lower cost calling, more powerful and
robust private branch exchange functionality, and the ability to add numerous
value-added services to basic calling. Tools and techniques exist for using
VoIP to enhance enterprise security, including call recording, voice
biometrics, and voice analytics.
Call recording is the
most basic VoIP service to support enterprise security. Businesses with
regulatory compliance needs (such as financial, legal, and health care) record
all calls made on company phones, including mobile devices. Vendors in this
space sometimes refer to call recording as voice documentation because it
provides a complete electronic record of what is said between parties during
phone calls. In legal disputes, call recording can provide evidence that best
practices and proper procedures are followed.
Voice
biometrics provide a layer of security to authenticate individuals. Avaya,
NICE Systems, and others provide solutions that are used for basic
authentication during call center transactions, securing applications and
transactions, and mobile applications. Using voice also provides the
ability to replace personal identification numbers, passwords, and challenge
questions with a faster method of authentication, saving time for customers and
businesses while providing better security. Financial institutions such as
Barclays, Banco Santander Mexico, and U.S. Bank all use voice biometrics to
provide secure customer authentication.
Businesses and
organizations can use voice biometrics to provide authentication to field
service personnel interacting with a dispatch center and other daily
communications where there is potential for a third party to gain access to
internal business processes through social engineering. An attacker will call
into an organization posing as a company employee and use a series of
techniques to build trust and gather information on a target. Voice biometrics
can be used to provide an automated gatekeeper function to screen inbound and
in-house calls for bad actors.
In combination with call
recording and voice biometrics, voice analytics can provide in-depth defense
against social engineering attacks. Traditionally, voice analytics has been
used as a big data–style application to monitor call center performance, gauge
the success of new products, and provide competitive intelligence through the
ability to look for key words and phrases. Existing processes can be tuned to
look for social engineering attacks phishing for passwords and other sensitive
information as a part of the nightly and weekly analytics batch runs.
Once an attack instance
has been identified, the attacker’s voice biometric information can be
identified and used to search through the archive of daily calls for other
instances to build a picture of the type of information being sought and what
departments are being targeted. The voiceprint then can be incorporated into
blacklist processes to flag and block calls from an identified attacker. Other
information can be gleaned from the characteristics of the calls themselves,
including length of call, time of day calls are made, and the IP address of
origin if it’s VoIP from end to end.
Until recently, call
recording and voice biometrics have only been available as dedicated solutions.
Cloud-based services are now making recording and biometrics both more
available and more affordable than expensive solutions tailored to large call
centers with a substantial number of calls per hour. Voice
analytics is becoming an option for cloud-based call center offerings, but
the effectiveness of the technology as a security measure is dependent upon
being able to process through all calls within the business. If limited to the
call center, voice analytics will not catch attackers calling to internal
extensions while posing as employees.
Voice technology being
rolled out this year will enable real-time machine actions to be triggered on
key words or phrases, speeding up the process of identifying an attack. A
request for a password during a phone call could send an immediate text or
e-mail message or bring in the IT security desk to monitor the call as it takes
place.
None of these solutions
are magic bullets to prevent security breaches. Instead, view them as potential
components of a holistic security plan. Determined attackers will figure out
ways around security schemes, so the objective within a larger enterprise
security plan is to provide as many barriers to entry as possible to deter
break-in attempts.
Contact MCC’s Telecom
Division today to learn more about VoIP and how it can benefit your
organization!
For more details please contact us at:
Memphis Communications Corporation
4771 Summer Ave
Memphis, TN 38122
Tel: 901.725.9271
Fax: 901.272.3577
Toll Free: 866.805.5893
Service and Supplies: 901.257.2500
Website: http://www.memphiscommunications.net
No comments:
Post a Comment