VoIP Leaders Form Alliance for VoIP Security Research and Testing, TippingPoint Facilitates Formation
AUSTIN, Texas – Feb. 7, 2005 – TippingPoint, a division of 3Com (Nasdaq: COMS) and the leader in intrusion prevention, today announced it has established the industry’s first Voice over Internet Protocol (VoIP) Security Alliance in conjunction with leading VoIP vendors, providers, security researchers, and thought leaders to discover and reduce VoIP security risks. Some of the charter members include 3Com, Alcatel, Avaya, Codenomicon, Columbia University, Ernst and Young’s Guiliani Advanced Security Center, Insightix, NetCentrex, Qualys, SecureLogix, Siemens, Sourcefire, Southern Methodist University, Spirent, Symantec, the SANS Institute and Tenable Network Security. A complete list of members can be accessed at www.voipsa.org.
The growing convergence of voice and data networks only serves to exacerbate and magnify the security risks of today’s traditional prevalent cyber attacks. Successful attacks against a combined voice and data network can cripple an enterprise, halt communications required for productivity, and result in irate customers and lost revenue. As VoIP deployments become more widespread, the technology becomes a more attractive target for hackers, increasing the potential for harm from cyber attacks. The emergence of VoIP application-level attacks will likely occur as attackers become more familiar with the technology through exposure and easy access.
The VoIP Security Alliance (VOIPSA) aims to help organizations understand and avoid VoIP security risks through discussion lists, white papers, sponsorship of VoIP security research projects, and the development of tools and methodologies for public use. VOIPSA is the first and only group solely and holistically dedicated to VoIP security backed by a wide spectrum of organizations represented by universities, security researchers, VoIP vendors, and VoIP providers. With VOIPSA collaboration, TippingPoint hopes to use and improve a VoIP security testing tool it developed to find and research VoIP vulnerabilities.
“Despite the advantages of VoIP, if the technology is not implemented properly and securely, we will likely circumvent existing security controls and expose our networks,” said Brian Kelly, director of Giuliani Advanced Security Center at Ernst & Young. “This alliance is an important initiative to help us leverage the technology while understanding and managing the risks.”
Joseph Curcio, vice president of security technology development at Avaya, said, “Once the decision is made to put VoIP at the heart of their business, companies need to address security holistically – at the applications, systems and services layers. Avaya believes the VoIP Security Alliance will enable businesses to experience the benefits of IP, while ensuring network security and preserving business continuity.”
“VoIP is starting to gain momentum in the market, but proactively addressing security concerns will help drive widespread adoption,” said Gerhard Eschelbeck, VP of Engineering and CTO of Qualys. “Qualys is excited to participate in an industry-wide effort to continue this work and develop solutions to meet the security requirements of VoIP.”
“VoIP has the potential of becoming widely deployed in critical infrastructure, and without an active community in VoIP security, the quality and reliability of VoIP can easily regress into the patch-and-penetrate race we have had to witness with other widely deployed communication software,” said Ari Takanen, CEO and co-founder of Codenomicon Ltd. “Since 2002, we at Codenomicon Ltd. and our research partner, the University of Oulu, have been actively working with VoIP security by issuing both free PROTOS test-suites and commercial testing tools for improving VoIP security and robustness.”
“Enterprises are rolling out VoIP solutions to reduce costs and increase operating efficiencies, but this also introduces new security risks that could negate those savings and demand increased resources if not managed properly,” said Martin Roesch, creator of Snort and founder and CTO of Sourcefire. “We are optimistic that this group will result in stronger solutions that help end users better protect their assets.”
“VoIP has finally arrived, and vulnerabilities in devices and services which enable this technology need to be discovered and mitigated,” said Ron Gula, CTO of Tenable Network Security.
“The VoIP Security Alliance is a practical framework for accelerating IP telephony adoption,” said Dave Hattey, 3Com vice president and general manager, enterprise voice solutions. “As a charter member, we believe it is our duty to advance this alliance and its principles for the betterment of VoIP security.”
“Last year, TippingPoint announced the formation of a VoIP Security Research Lab to discover and analyze VoIP threats,” said TippingPoint’s Chief Technology and Strategy Officer Marc Willebeek-LeMair. “VOIPSA is the culmination of our efforts to work alongside VoIP leaders to analyze weaknesses in VoIP architectures and discover new vulnerabilities through functional protocol testing. VOIPSA’s research will facilitate better education for the industry and help reduce the risk of threats.”
TippingPoint is providing an administrative service in forming VOIPSA, recruiting members and facilitating VOIPSA meetings. For more information on joining VOIPSA, visit www.voipsa.org.
About TippingPoint, a division of 3Com
TippingPoint, a division of 3Com, is the leading provider of network-based intrusion prevention systems that deliver in-depth Application Protection, Infrastructure Protection, and Performance Protection for corporate enterprises, government agencies, service providers and academic institutions. Our innovative approach offers customers unmatched network-based security with unrivaled economics, ultra-high performance, scalability and reliability. TippingPoint is based in Austin, Texas, and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-888-TRUE-IPS.
About 3Com Corporation
3Com is a leading provider of secure, converged voice and data networking solutions for enterprises of all sizes. 3Com offers a broad line of innovative products backed by world class sales, service and support, which excel at delivering business value for its customers. When customers exercise choice, their choice is 3Com. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox. Copyright © 2005 3Com Corporation. 3Com, 3Com logo, TippingPoint Technologies, the TippingPoint logo (and Digital Vaccine) are registered trademarks and Exercise Choice is a trademark of 3Com Corporation. All other company and product names may be trademarks of their respective holders.