On-premise SS7 Firewalls

Many operators are wondering if they should install an on-premises SS7 firewall to protect their network. Some have already done so, while others are in the process of conducting RFPs.

So is it a good idea to install an SS7 firewall into your network? Absolutely, we think so!
… but, not all SS7 firewalls are created equal, and while the SS7 firewall vendor may provide you reports of the threats they were able to block/prevent, how are you to know which attacks are still reaching your core network, undetected by the firewall. Indeed, as attackers get smarter, they discover ways to circumvent the more basic, first generation firewalls with some of their attacks.

So how should you assess the effectiveness of a prospective or current firewall vendor? We recommend performing remote SS7 penetration test and telecom network security audit before and after the installation of your firewall, and continue to perform scans periodically to ensure that the firewall stays on top of new emerging ways to penetrate your network.
We can also assist you in conducting your SS7 firewall vendor RFP and independently evaluate vendors against specific threats that are important to you. We will also make sure that you follow best practices, such as firewalling your domestic SS7 traffic with may contain messages from domestic MVNOs!

At this stage, some operators opt for our SS7 Cloud Scanner which allows their properly trained staff to generate ad-hoc SS7 messages from the external plane in order to test new firewall rules. This can be particularly useful during the time when remediation work is conducted.

The industry-first Telecom Defense firewall certification is a process by which we test SS7 firewall installed on live mobile networks, to certify that a firewall protects against all category 1, 2 and 3 threats as defined by the GSMA (FS.11). This allows you to ensure that a firewall selected in your RFP process will indeed protect you as intended, before it is too late and the firewall is installed in your network.
If you are a SS7 firewall vendor and would like to be tested for certification, please contact us.

Below is a non-exhaustive list of on-premises SS7 firewall vendors, in no particular order, for those networks looking to implement one:

Adaptive Mobile, based in Ireland. This firewall holds the Telecom Defense firewall certification.

Anam, based in Ireland

Cellusys, based in Ireland

HAUD, based in Malta

jtendo, based in Poland. This firewall holds the Telecom Defense firewall certification.

Oracle, based in USA

Mavenir (formerly Xura), based in USA

Mobileum, based in USA. Mobileum acquired rival Evolved Intelligence in 2018.

NetNumber, based in USA

Note: we are not affiliated with of the vendors listed above, but we certify that those vendors holding the Telecom Defense firewall certification will protect your network as intended. We specialize in remote signalling vulnerability testing and do not sell on-premises firewall solutions.