x
Optical/IP

Alcatel Buys Some VOIP Security

Alcatel SA (NYSE: ALA; Paris: CGEP:PA) announced today it has acquired technology assets from Avarox Technologies, a startup that created an IP session border controller but failed to take it to market. The deal makes Alcatel one of the first major vendors to offer a voice-enabled firewall and security product along with its softswitch.

Details of the deal were not available, but it is safe to assume that Alcatel got a bargain. Aravox, which had raised about $16.5 million in three years, shut its doors for good on August 2, 2002. The company had grown to just over 50 employees. Backers included Global Crossing Ventures, SAIC Venture Capital Corporation, and St. Paul Venture Capital.

“Value was certainly a consideration,” says Larry O’Pella, a director at Alcatel. “But we had an existing partnership relationship with Aravox, so I don’t think it was price that was the main driver for this deal.”

So what exactly is an "IP session border controller"? At a basic level, it is an edge device that opens and maintains a secure hole through a firewall for real-time traffic, like voice over IP or IP video. These devices contain call control features such as a Session Initiation Protocol (SIP) proxy server and an H.323 gatekeeper, so that media ports can be opened and closed on a per-call basis. They also perform network address translation from private to public networks.

IP session border controllers provide security for softswitches, which provide the call control and signaling in a voice-over-IP (VOIP) network.

So far, the market for these esoteric necessities is comparatively small. In 2002 the total market for this gear was only about $10.4 million, according to the Yankee Group. The firm says this figure could rise to $624 million by 2007.

Being small, the market for IP session border controllers is dominated by a handful of startups, including Acme Packet, Jasomi Networks, Kagoor Networks, Netrake Corp., and NexTone Communications Inc.

The Alcatel acquisition marks the first time a large telecom equipment provider has sought to acquire one of these companies. Avarox's technology will become a part of Alcatel's Next Generation Networks portfolio. Specifically, the IP session border control device will be sold alongside Alcatel’s 5020 Softswitch solutions. It will act as a firewall with network address translation.

The news has some of the other players perking up. “The big guys now have their eyes on this space,” says Annalisa Ouellette, a spokesperson for Acme Packet. “This is good news for us, because it helps bring more validation to the product category. We’ve seen so many requests for proposal from carriers that have had bits and pieces of what session border controllers do, and now we’re starting to see them actually asking for and putting a name to the product category.”

Why was Alcatel so eager to get this kind of technology? “The border between the enterprise and a carrier network, or between carrier networks, becomes a place where security is necessary,” says Alcatel’s O’Pella. “Traditional firewalls use a static configuration, but when you’re dealing with voice over IP and SIP, there is a whole set of issues that come up.”

Most firewalls today are designed to protect data networks. But data firewalls cause latency in real-time communications such as voice and video transmissions. Instead of monitoring just one port for HTML traffic, VOIP applications use a range of ports, which dynamically change as new sessions begin and end.

As a result, many voice transmissions travel unprotected from port to port to prevent delays and disruptions, which leaves the door open for hackers and denial-of-service attacks. Today, VOIP traffic occurs in private networks, but as it migrates to the public Internet, more firewalls geared specifically toward VOIP, like Avanox's, will be needed.

“Setting up rules or algorithms for a firewall is a real art,” says Matthew Covar, director of security solutions and services at Yankee Group. “Voice-over-IP is still so new, we don’t even understand yet how hackers will attack it. Being able to manage the dynamic nature of SIP and voice traffic is pretty important going forward.”

Avarox apparently wasn't the most sophisticated product on the market. While Avarox technology offers some basic session border control functions, some of the startups mentioned above have added additional functionality to their products. Following is a rundown of features that some of these startups are offering.

  • Quality of Service and SLA Assurance: Allows devices to mark and understand DiffServ labeling and VLAN tags.
  • Signal Protocol Interworking and Intelligence: Directs traffic based on Layer 5 session information, providing services like follow-me-anywhere calling. Useful for carriers planning VOIP services.
  • Law Enforcement: Helps carriers comply with a Federal Communications Commission (FCC) requirement to provide law enforcement with call-identifying information and content when requested.
Right now, demand for all the above bells and whistles seems subdued, which may have been a factor for Alcatel. Since VOIP services are still relatively rare, the market could take awhile to develop.

“It’s still very early,” says Kevin Mitchell, an analyst with Infonetics Research Inc. “Carriers are still defining what service they want to offer. And they’re trying to figure out if they can offer them by tweaking their existing gear.”

— Marguerite Reardon, Senior Editor, Light Reading
photon_mon 12/5/2012 | 12:44:41 AM
re: Alcatel Buys Some VOIP Security Pardon the irreverence. Too long of a day.
Just thought this to be an amusing term.

And don't get me started about "Acme Packets"
- I picture Wily Coyote orchestrating a DoS
attack on Road Runner using their Beta version.
optical_man 12/5/2012 | 12:44:37 AM
re: Alcatel Buys Some VOIP Security Author: photon_mon Number: 1
Subject: VOIP Security: The Next Oxymoron? Date: 1/30/2003 10:43:10 PM
Pardon the irreverence. Too long of a day.
Just thought this to be an amusing term.
And don't get me started about "Acme Packets"
- I picture Wily Coyote orchestrating a DoS
attack on Road Runner using their Beta version.

photon_man,
VoIP is happening on a carrier level. Very slowy, but it's starting.
Your comment sounds like "those aero machines will never work" or "this crazy Radio thing is neat but useless".
Were you around during the 1970's switch from Analog to Digital switching/phone service? The same "it's stupid to spend money on such a useless upgrade to a perfectly good system" arguments were made then.
What you're seeing is small steps to unify a system that is being tested in all the RBOC's.
opti
photon_mon 12/5/2012 | 12:44:30 AM
re: Alcatel Buys Some VOIP Security optical_mon wrote:

"photon_man,
VoIP is happening on a carrier level. Very slowy, but it's starting.
Your comment sounds like "those aero machines will never work" or "this crazy Radio thing is neat but useless".
Were you around during the 1970's switch from Analog to Digital switching/phone service? The same "it's stupid to spend money on such a useless upgrade to a perfectly good system" arguments were made then.
What you're seeing is small steps to unify a system that is being tested in all the RBOC's.
opti"


__________________________________________________

Optical_man,

Actually, I am DELIGHTED to learn that the carriers are getting off of their cans and pursuing a next-gen* (* to THEM, at least) approach (like VOIP).

I'm all for getting those old circuit-switched "zero-net-job-creating dinosaurs" out of there (provided that we are ABSOLUTELY CONVINCED via long-term parallel trials that VOIP is just as robust and reliable, and of course totally immune to the occasional calamities that befall current IP infrastructures --- can we say that right now?).

As has been reported and lamented on this board many, many times, we have all been waiting on (the vast majority of) these Dilberts to take the initiative - and stop trying to milk the same tired old cash cows. For obvious reasons, they are the ones best situated to help our industry awaken from its coma, with new and improved products and services based upon newer technology (like VOIP!). And of course, STOKE NEW JOB GROWTH!

Paradigm shifts and the associated adoption of new implementations (such as VOIP) are (like Martha would say, especially if she held friendly options in the affected companies) a GOOD thing.

However, there IS a grain of seriousness in my concern about VOIP security, as well as the other IP intranetworking issues that exist today. These concerns that have been long (and hotly) debated on other threads by sharper minds than my own, so I will spare any possible "what's wrong with IP?" discourse on this particular one.

Besides, if I stay too long on an Alcatel thread, I start to feel extremely "dirty", and my self-esteem quickly wanes.

So, in an extremely verbose way, what I'm trying to say is that I WAS JOKING! Tell you what, from now on, when I submit a VOIP-specific post, I'll use more smileys (ex. ;-) ) to ensure that you know that it's in jest!
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE