Protect your customers effectively from global signaling attacks
Security in roaming is a major issue in our industry. Our Magenta Security Roaming concept is designed to counter market threats and safeguard mobile networks and users from cyber threats, not matter which protocol they use. The new security-by-design concept comprehensively addresses operators’ increasing need for low-latency, reliability and security when roaming in today’s interconnected world.
Effective roaming security services for all protocols
2G/3G – SS7 Firewall: Protect yourself from outside security threats with our fully managed SS7 Firewall. Abuse of signaling is detected automatically and immediately, so unwanted traffic causing significant breaches of privacy (e.g., location tracking and interception of communication) is seen and blocked.
4G/5G NSA – Diameter Firewall: The ever-increasing volume of M2M devices and applications brings with it new threats and vulnerabilities and therefore the need for highly advanced security solutions. Minimize these growing risks with our fully managed Diameter Firewall protecting you against rogue diameter signaling.
4G/5G NSA – DESS, phase 1: Enable authentication via digital signature and verification of the message to exclude man-in-the-middle-attacks with our Diameter End-to-End Security Solution (DESS) – a powerful add-on to the Diameter Firewall.
5GSA – Magenta Security Roaming also extends to 5G SA Roaming Enablement. Read more about it here.
Learn more about our Mobile Roaming Security sub solutions
SS7 Firewall
SS7 Firewall, tailored for our Group mobile operators, offers top-tier anti-fraud solutions. Utilizing industry best practices, it intercepts, analyzes, and blocks threats, ensuring robust, flexible, and cost-effective protection.
Diameter Firewall
Protect your diameter network with our Diameter Firewall. It blocks malicious attacks, malformed messages, and more, while providing clear visibility and detailed statistics on blocked threats.
DESS, phase I
DESS ensures complete message integrity and authentication between operators, offering robust inbuilt security and reliability for seamless and secure communication.
Key facts for our SS7 Firewall solution
Background |
---|
SS7 is a 50-year-old 2G protocol with no built-in security or authentication. |
Many mobile operators still operate 2G, primarily for roaming messaging, but also for toll-free services and call forwarding. |
There are inherent 2G risks, including some operators cancelling SS7 due to 3G sunset but retaining 2G, and others maintaining firewalls but not updating the rules. |
Benefits |
---|
SS7 Firewall analyzes the signaling security of your traffic at the network border. |
Detect and eliminate critical, flawed, or manipulated content, keeping your mobile network clean as well as your subscriber loyalty high. |
Central adaptation to new attack scenarios – your involvement is not needed. |
GUI for monitoring, reporting, and alarming of all types of well-known SS7 threats. |
SS7 Firewall is continually refined and upgraded to adapt to new types of signaling attacks. |
It conforms to GSMA security requirements. |
Defend your brand image by offering a secure signaling network. |
Key facts for our Diameter Firewall solution
Background |
---|
Diameter has been introduced for 4G LTE and VoLTE packet networks and IP Multimedia Subsystem (IMS)-based systems. |
Nominated officially as an "improvement from SS7", it is ranked as #2 after SS7 and is getting ready to take the #1 place thanks to 3G sunset. |
Diameter offers a hop-by-hop security and represents "only" about 25% of signaling fraud cases worldwide. |
Despite all improvements, this protocol is also very vulnerable: for instance, messages sent over Diameter are open to man-in-the-middle attacks because they are read at several stages and by several systems but unlike in SS7, a Diameter answer is always taking the same IP-path (carrier) back to the sender of the request. |
5G NSA is the transition phase between 4G and 5G SA and represents a combination of 5G Radio Network and 4G Core network. |
This means that all vulnerabilities of 4G were per default transferred into 5G SA, and both protocols need to be equally protected. |
Background |
---|
Minimize growing risks from ever-increasing volume of M2M devices and applications. |
Protect yourself against rogue diameter signaling, location tracking, financial fraud & theft, denial of service attacks, illegal intercept, and digital identity theft. |
Count on a firewall that is continuously refined & updated based on security requirements. |
Stay resilient against hiding techniques (XUDT, TCAP, Handshakes, MAP Chunking). |
Key facts for our DESS, phase I solution
Technical Imperfections of 4G / 5G NSA |
---|
Visibility: Messages sent over 4G/5G NSA are visible and can be intercepted or tampered with due to lack of robust security measures. |
Predictability: responses always follow the same route back to the sender, making it easier for malicious actors to anticipate and exploit this pattern. |
No authentication: Attribute Value Pairs are easily modified or inserted. |
High probability of man-in-the-middle attacks. |
Benefits |
---|
We are the only carrier to offer DESS, phase 1 for 4G and 5G NSA services, which guarantees end-to-end authentication of signaling messages, ensuring no man-in-the-middle attacks. |
The combination of our LTE Signaling Firewall and DESS, phase 1 enables the world’s most secure LTE and 5G NSA exchange between mobile operators. |
The dedicated 4G and 5G roaming security services complement the implementation and continuous management of our long-standing firewalls for 2G and 3G, thereby providing a truly all-inclusive and future-proof security environment. |
Future-proof roaming security with Magenta Security Roaming
Magenta Security Roaming is our exclusive one-stop shop for all your roaming security needs. It offers innovative and secure connectivity for all protocols our customers currently use: 2G, 3G, 4G, 5G NSA and 5G SA.
For each protocol, corresponding protection layers are in place which work in unison: SS7 Firewall, Diameter Edge Agent (DEA) Firewall, Diameter End-to-End Signaling Security (DESS), phase 1, as well as Security Edge Protection Proxy (SEPP) in several configurations.
Magenta Security Roaming’s approach to roaming security is unique, as it keeps technology, operations and management under one umbrella. This means that our customers don’t need to worry about any of the aspects involved, such as platforms, the set-up of roaming relationships, analytics or reporting. Our roaming security efforts also help our customers avoid financial losses and reputational impact, and protect their end users.
All our services are available to both, our own Group national operator companies (NatCos), as well as operators across the globe, and come with dedicated support and strict SLAs.
Explore related solutions to our Roaming Security solution
Discover more solutions from the Mobile Roaming world.
Tune up with global news updates
Enjoy the latest updates around our Roaming Security solution and related Internet services.
We have received your message and forwarded it to the responsible expert. He or she will get in touch with you as soon as possible.