I'm always looknig for companies doing the right and smart things in unified communications. The other day I had the opportunity to chat with Rick Dalmazzi, CEO at VoIPshield. They're one such company, and I'll be talking to them more in the weeks and months ahead. They're doing some pretty sharp things, and we'll be coordinating a podcast chat with Bogdan Materna, their CTO.

Today at Interop Las Vegas, VoIPshield Systems announced its new VoIPshield Security Suite which is a comprehensive VoIP security system. The suite is designed for enterprises, VoIP service providers, security integrators and consultants and offers the industry’s first VoIP-specific vulnerability assessment, IPS, NAC, and Anti-SPIT offerings. VoIPaudit 2.0, the first offering in the suite is commercially available today and provides a power tool to identify and fix security holes in the complete VoIP network.

VoIP networks and devices are vulnerable to unique security threats and exploits, because of the real-time nature of the traffic. In addition, many new protocols and products make up the VoIP infrastructure, which traditional security products and approaches are not designed to protect. The VoIPshield Security Suite fills the gap between VoIP systems and traditional data security offerings with the company’s proprietary database of VoIP-specific vulnerabilities and exploits, developed by VoIPshield Labs. The database is a collection of previously-undiscovered exploits and zero-day attacks on popular VoIP PBXs and phones, and is unique in the industry.

VoIPshield is really bringing some powerful tools to the unified communications space, and I encourage you to check them out.

VoIPshield Security Suite Debuts at Interop Las Vegas
Comprehensive VoIP Security System Designed for Enterprises, VoIP Service Providers, Security Integrators and Consultants

Las Vegas, NV - Interop (Booth #90) May 23, 2007 – VoIPshield Systems today announced the VoIPshield Security Suite, a comprehensive set of VoIP security applications purpose-built to protect VoIP networks. The products ship in appliance or software form, and are designed for use by enterprises, VoIP service providers, security integrators and consultants.

VoIP networks and devices are vulnerable to unique security threats and exploits, because of the real-time nature of the traffic. In addition, many new protocols and products make up the VoIP infrastructure, which traditional security products and approaches are not designed to protect.

The VoIPshield Security Suite includes:

• VoIPaudit™ - VoIP vulnerability assessment (VVA) and penetration testing tool
• VoIPguard™ - VoIP Intrusion Prevention System (VIPS)
• VoIPscreen™ - VoIP Network Access Control (VNAC) system
• VoIPblock™ - Anti-SPIT (Spam over IP Telephony) system
• VoIPportal™ - VoIPshield Application Portal and Management Console

Each application draws on VoIPshield’s proprietary database of VoIP-specific vulnerabilities and exploits, developed by VoIPshield Labs. The database is a collection of previously-undiscovered exploits and zero-day attacks on popular VoIP PBXs and phones, and is unique in the industry.

The first entry in the suite, VoIPaudit 2.0, which has been in customer trials since last year, is now generally available. VoIPaudit scans an enterprise VoIP network, identifying where devices are vulnerable to attacks such as denial-of-service attacks, call eavesdropping, registration hijacking, toll fraud, and vishing (voice phishing). For each found vulnerability, VoIPaudit identifies procedures to remediate the security threat. VoIPaudit’s customers receive continual updates to the vulnerabilities database through VoIPaudit’s ActiveUpdateTM function, included in all VoIPshield’s security products. VoIPaudit supports products from the leading VoIP PBX and phone vendors, as well as all products using the Session Initiation Protocol (SIP).

“We selected VoIPaudit based on the quality of the company’s research on VoIP vulnerabilities and unique understanding of VoIP-specific threats,” said Min Wang, Senior Manager, Public Services Technology Infrastructure Solutions, BearingPoint.

VoIPaudit also assists enterprises in preparing for internal and external IT security audits. Wolf & Company, P.C. provides assurance and advisory services to banks in the Boston area. “The Gramm-Leach-Bliley Act mandates that banks and other financial institutions protect customer information against security threats that compromise confidentiality and privacy,” said Matthew Putvinski, Principal, Wolf & Company. “Our security audits must include VoIP systems as part of the overall IT infrastructure, as these systems have unique vulnerabilities that may potentially expose sensitive customer information. VoIPaudit will help us uncover potential vulnerabilities in our clients’ VoIP implementations, and identify remedies to ensure the security of customer information.”

The remaining products in the VoIP Security Suite will enter beta testing this summer. The next product scheduled to be released is VoIPguard, the Voice Intrusion Prevention System.

"There has long been a gap in the traditional IDS/IPS space when it comes to VoIP threats. VoIPshield's VIPS product has the potential to make significant strides towards closing that gap. I am keenly interested in seeing the end result of the development of this product," said Rick Wanner, Corporate Security, SaskTel.

Attacks on VoIP systems fall into one or more of five categories: (i) Confidentiality (Privacy), which includes call eavesdropping, call recording and voicemail tampering; (ii) Availability, which includes denial of service attacks, buffer overflow attacks, and malware; (iii) Authenticity, which includes registration hijacking, caller ID spoofing, and sound insertion; (iv) Theft, which includes toll fraud (service theft) and data theft through masquerading data as voice and data network crossover attacks; and (v) Voice Spam, known as SPIT, which includes unsolicited calling, voice mailbox stuffing, and vishing (voice phishing).

“Some of the attacks are pretty sophisticated, and companies don’t like to publicize it when it happens to them, but it does,” said Rick Dalmazzi, President and CEO of VoIPshield Systems. “It happens from outside and inside the organization. Extortion and blackmail, organized crime, industrial espionage, it’s all there. SIP is a very open protocol. The IP PBX systems are first-generation implementations. Everything is very vulnerable right now. And hacking is no longer for fun, it’s for profit. People trust phone systems, and the bad guys use that to their advantage.”

VoIPshield has also formed a new professional services group designed to guide enterprises in their VoIP security efforts, and assist security integrators and consultants in building their VoIP security practices. The company is also announcing the “VoIP Security QuickStart” program, which bundles the VoIPaudit VoIP Vulnerability Assessment product with custom professional services at an attractive price. Information about this offering can be found at the company’s website at www.voipshield.com.

Pricing and Availability
VoIPaudit 2.0 is available immediately. Pricing is dependent on installation environment. Trial systems are available to qualified customers, and channel partners. For details see www.voipshield.com.

About VoIPshield Systems
VoIPshield Systems Inc. develops products to secure voice communications on IP networks. The company's VoIP Security Suite includes VoIPaudit™, a VoIP Vulnerability Assessment (VVA) and penetration testing tool; VoIPguard™, a VoIP Intrusion Prevention System (VIPS); VoIPscreen™, a VoIP Network Access Control (VNAC) system; VoIPblock™, an Anti-SPIT (Voice Spam) system; and VoIPportal™, a common application portal and management console. Each application draws on VoIPshield’s proprietary database of VoIP-specific vulnerabilities and exploits, developed by VoIPshield Labs. The database is a collection of previously-undiscovered exploits and zero-day attacks on popular VoIP PBXs and phones, and is unique in the industry. For more information on VoIPshield, please visit www.voipshield.com.