Alcatel Buys Some VOIP Security
Alcatel SA (NYSE: ALA; Paris: CGEP:PA) announced today it has acquired technology assets from Avarox Technologies, a startup that created an IP session border controller but failed to take it to market.
The deal makes Alcatel one of the first major vendors to offer a voice-enabled firewall and security product along with its softswitch.
Details of the deal were not available, but it is safe to assume that Alcatel got a bargain. Aravox, which had raised about $16.5 million in three years, shut its doors for good on August 2, 2002. The company had grown to just over 50 employees. Backers included Global Crossing Ventures, SAIC Venture Capital Corporation, and St. Paul Venture Capital.
“Value was certainly a consideration,” says Larry O’Pella, a director at Alcatel. “But we had an existing partnership relationship with Aravox, so I don’t think it was price that was the main driver for this deal.”
So what exactly is an "IP session border controller"? At a basic level, it is an edge device that opens and maintains a secure hole through a firewall for real-time traffic, like voice over IP or IP video. These devices contain call control features such as a Session Initiation Protocol (SIP) proxy server and an H.323 gatekeeper, so that media ports can be opened and closed on a per-call basis. They also perform network address translation from private to public networks.
IP session border controllers provide security for softswitches, which provide the call control and signaling in a voice-over-IP (VOIP) network.
So far, the market for these esoteric necessities is comparatively small. In 2002 the total market for this gear was only about $10.4 million, according to the Yankee Group. The firm says this figure could rise to $624 million by 2007.
Being small, the market for IP session border controllers is dominated by a handful of startups, including Acme Packet, Jasomi Networks, Kagoor Networks, Netrake Corp., and NexTone Communications Inc.
The Alcatel acquisition marks the first time a large telecom equipment provider has sought to acquire one of these companies. Avarox's technology will become a part of Alcatel's Next Generation Networks portfolio. Specifically, the IP session border control device will be sold alongside Alcatel’s 5020 Softswitch solutions. It will act as a firewall with network address translation.
The news has some of the other players perking up. “The big guys now have their eyes on this space,” says Annalisa Ouellette, a spokesperson for Acme Packet. “This is good news for us, because it helps bring more validation to the product category. We’ve seen so many requests for proposal from carriers that have had bits and pieces of what session border controllers do, and now we’re starting to see them actually asking for and putting a name to the product category.”
Why was Alcatel so eager to get this kind of technology? “The border between the enterprise and a carrier network, or between carrier networks, becomes a place where security is necessary,” says Alcatel’s O’Pella. “Traditional firewalls use a static configuration, but when you’re dealing with voice over IP and SIP, there is a whole set of issues that come up.”
Most firewalls today are designed to protect data networks. But data firewalls cause latency in real-time communications such as voice and video transmissions. Instead of monitoring just one port for HTML traffic, VOIP applications use a range of ports, which dynamically change as new sessions begin and end.
As a result, many voice transmissions travel unprotected from port to port to prevent delays and disruptions, which leaves the door open for hackers and denial-of-service attacks. Today, VOIP traffic occurs in private networks, but as it migrates to the public Internet, more firewalls geared specifically toward VOIP, like Avanox's, will be needed.
“Setting up rules or algorithms for a firewall is a real art,” says Matthew Covar, director of security solutions and services at Yankee Group. “Voice-over-IP is still so new, we don’t even understand yet how hackers will attack it. Being able to manage the dynamic nature of SIP and voice traffic is pretty important going forward.”
Avarox apparently wasn't the most sophisticated product on the market. While Avarox technology offers some basic session border control functions, some of the startups mentioned above have added additional functionality to their products. Following is a rundown of features that some of these startups are offering.
- Quality of Service and SLA Assurance: Allows devices to mark and understand DiffServ labeling and VLAN tags.
- Signal Protocol Interworking and Intelligence: Directs traffic based on Layer 5 session information, providing services like follow-me-anywhere calling. Useful for carriers planning VOIP services.
- Law Enforcement: Helps carriers comply with a Federal Communications Commission (FCC) requirement to provide law enforcement with call-identifying information and content when requested.
“It’s still very early,” says Kevin Mitchell, an analyst with Infonetics Research Inc. “Carriers are still defining what service they want to offer. And they’re trying to figure out if they can offer them by tweaking their existing gear.”
— Marguerite Reardon, Senior Editor, Light Reading