Light Reading
Startup aims to help service provider and enterprise CIOs secure and manage SIP applications

Covergence Banks on SIP Risks

Light Reading
News Analysis
Light Reading
8/22/2005
50%
50%

Massachusetts-based startup Covergence Inc. believes it has cooked up a cure for some of the risks associated with implementing new SIP-based applications (see SIP Guide).

With new session initiation protocol (SIP) applications like VOIP, instant messaging, and audio/video conferencing taking root at service providers, the operators need a way to secure and provide quality of service (QOS) for those applications, according to the startup, which was founded in 2003 and has raised $16 million in venture funding. Covergence is set to introduce a carrier-grade security and management solution (see Tekelec Reports Q2, Buys SIP Vendor). The product will serve as an early response system for SIP threats like hacking, spying, eavesdropping, spamming, hijacking, viruses, and denial-of-service attacks.

While Covergence isn’t letting go of many details prior to the launch, Light Reading has learned that the product consists of a series of network appliances that report SIP security and service availability problems to a central monitoring and control point (see Cisco IOS Hole Points to VOIP Threat).

The company and its VC backers believe many service providers and Fortune 2000 companies have bought into the SIP concept, but didn’t anticipate the new risk exposure. One investor says that as the SIP boom takes hold, security may have been overlooked.

"As SIP has become the de facto for messaging and other real-time applications, it has opened up a bunch of quality assurance, security, and administration issues,” says Sean Dalton, a partner at Highland Capital Partners, an investor in Covergence. “For companies that are just starting to implement IP, the issues of security and management just kind of go right over them... and then they call back six months later and say, ‘Now I get it.' "

SIP apps work differently than circuit-switched ones, explains Heavy Reading analyst at large Tim Hills. SIP uses in-band signaling, meaning that the signaling messages that control the system are transported by the same mechanism (IP packets) that transports the service media (like the voice channel for VOIP), Hills says in a recent Heavy Reading report (see SIP Guide).



The separation between signaling and media streams is logical, Hills says, not physical. This makes for an open architecture -- high on flexibility, but not inherently secure.

As such, Covergence's VP of marketing Rod Hodgman says, managing the risk isn’t easy. “It’s a hard road; you’ve got to look at interoperability, quality assurance, high availability, and confidentiality,” he says. “You’ve got internally launched virus attacks and even alleged attempts at corporate espionage." And all that, he notes, can happen behind the firewall.

Hodgman says attacks against SIP applications are not widespread today but will increase as the protocol becomes more established. For example, Hodgman says Microsoft Corp.'s (Nasdaq: MSFT) new, SIP-based Live Communications Server, is “extremely attractive” to Fortune 2000 companies, but security issues are hindering deployments.

“There are those that I know are sitting in the labs and trying to figure out how to deploy the solution,” Hodgman says. “What’s preventing that is the security and compliance officer." (See Microsoft Intros FMC Solution.) Asked if Covergence is in discussions to partner with Microsoft on the product, Hodgman pleads the Fifth.

So if this SIP security thing is such a glaring problem, new companies must be lining up to provide the fix for it, right?

“I suspect there are a lot of smaller companies flying under the radar right now -- Borderware has a product," Hodgman says. ’s product, SIPassure, is billed as a "SIP firewall." Others involved in the space include Radware Ltd. (Nasdaq: RDWR) and M5T.

Covergence's funding is led by Highland Capital and North Bridge Venture Partners. The company got a $6 million first round of funding in January 2004 and a second round worth $10 million in June 2005.

— Mark Sullivan, Reporter, Light Reading

(2)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Mark Sullivan
50%
50%
Mark Sullivan,
User Rank: Light Beer
12/5/2012 | 3:04:46 AM
re: Covergence Banks on SIP Risks
Hey friends, what do you think about this company? Are security issues really preventing the deployment of new SIP apps? Please post any insights you may have. Thanks. -Mark
Mark Sullivan
50%
50%
Mark Sullivan,
User Rank: Light Beer
12/5/2012 | 3:04:46 AM
re: Covergence Banks on SIP Risks
Hey friends, what do you think about this company. Are security issues really preventing the deployment of new SIP apps? -Mark
Flash Poll
LRTV Custom TV
A New Security Paradigm in SDN/NFV

7|28|14   |   02:54   |   (0) comments


Paul Shaneck, Global Director Network Solutions for Symantec, discusses the evolving virtualized network, explaining how Symantec is leading the security discussion as it relates to SDN and NFV, and helping to ensure the network is protected and compliant.
LRTV Documentaries
Sprint's Network Evolution

7|24|14   |   14:59   |   (0) comments


Sprint's Jay Bluhm gives a keynote speech at the Big Telecom Event (BTE) about Sprint's network and services evolution strategy, including Spark.
LRTV Documentaries
BTE Keynote: The Software-Defined Operator

7|24|14   |   18:43   |   (1) comment


Deutsche Telekom's Axel Clauberg explains the concept of the software-defined operator to the Big Telecom Event (BTE) crowd.
Light Reedy
Numbers Are In: LR's 2014 Salary Survey

7|24|14   |   1:25   |   (7) comments


Our fourth annual Salary Survey paints a picture of who's hiring, firing, earning, and yearning for a change in the telecom industry.
LRTV Custom TV
Driving the Network Transformation

7|23|14   |   4:29   |   (0) comments


Intel's Sandra Rivera discusses network transformation and how Intel technologies, programs, and standards body efforts have helped the industry migration to SDN and NFV.
LRTV Custom TV
Distributed NFV-Based Business Services by RAD

7|18|14   |   5:38   |   (0) comments


With the ETSI-approved Distributed NFV PoC running in the background, RAD's CEO, Dror Bin, talks about why D-NFV makes compelling sense for service providers, and about the dollars and cents RAD is putting behind D-NFV.
LRTV Custom TV
MRV Accelerating Packet Optical Convergence

7|15|14   |   6:06   |   (0) comments


Giving you network insight to make your network smarter.
LRTV Custom TV
NFV-Enabled Ethernet for Generating New Revenues

7|15|14   |   5:49   |   (0) comments


Cyan's Planet Orchestrate allows service providers and their end-customers to activate software-based capabilities such as firewalls and encryption on top of existing Ethernet services in just minutes.
LRTV Custom TV
Symkloud NVF-Ready Video Transcoding, Big Data

7|9|14   |   3:41   |   (0) comments


Kontron and ISV partner Vantrix demonstrate high-performance video transcoding and data analytic solutions on same 2U standard platform that is ready for SDN and NFV deployments made by mobile, cable and cloud operators.
LRTV Huawei Video Resource Center
The Evolving Role of Hybrid Video for Competitive Success

7|4|14   |   4:09   |   (0) comments


At Huawei's Global Analysts Summit in Shenzhen, China, Steven C. Hawley from TV Strategies speaks to us about the evolving role of hybrid video for competitive success.
LRTV Huawei Video Resource Center
How CSPs Leverage Big Data in the Digital Economy

7|4|14   |   4:48   |   (2) comments


Justin van der Lande from Analysys Mason shares with us his views on how telecom operators can leverage customer asset monetization with big data. His discusses the current status of big data applications and the challenges and opportunities for telecom operators in the digital economy era.
LRTV Huawei Video Resource Center
Accelerator for Digital Business Future Oriented BSS

7|4|14   |   3:08   |   (0) comments


Mobile and internet are becoming intertwined; IT and CT are integrating; and leading CSPs have begun to transform to information service and entertainment providers. How should the BSS system evolve to enable this transformation? Karl Whitelock, an analyst at Frost & Sullivan, shares his views.
Upcoming Live Events!!
September 16, 2014, Santa Clara, CA
September 16, 2014, Santa Clara, CA
October 29, 2014, New York City
November 6, 2014, Santa Clara
November 11, 2014, Atlanta, GA
December 9-10, 2014, Reykjavik, Iceland
June 9-10, 2015, Chicago, IL
Infographics
Packet Design asks network professionals how they handle the cloud, SDN, and network management.
Today's Cartoon
Vacation Special Caption Competition Click Here
Latest Comment
Hot Topics
The Municipal Menace?
Jason Meyers, Senior Editor, Utility Communications/IoT, 7/22/2014
Cisco Puts a Fog Over IoT
Sarah Reedy, Senior Editor, 7/23/2014
Apple Earnings: Strong iPhone Sales, iPad Sales Slump, $7.8B Profit
Mitch Wagner, West Coast Bureau Chief, Light Reading, 7/22/2014
Salary Survey Report 2014
Sarah Reedy, Senior Editor, 7/23/2014
Like Us on Facebook
Twitter Feed