VIPER Services: VoIP Vulnerability and Risk Management
Backed by the world-leading VoIP/UC security research organization, Sipera VIPER Services test the applications, infrastructure and devices themselves to ensure they are protected from VoIP/UC-related attacks. Ensuring complete vulnerability and risk management, these services start with the discovery of all VoIP/UC assets, protocols, and applications on the networks which are then analyzed using the most up-to-date vulnerability information databases. Targeting both enterprises and services providers looking to assess their VoIP/UC network or OEMs looking to test the latest VoIP/UC device, the Sipera VIPER Services consist of 3 components:

Vulnerability Analysis
The Vulnerability Analysis service evaluates the robustness of the VoIP/UC devices, infrastructure and applications on the network by using the following and other attack vectors:

  • Reconnaissance
  • Intentional Service Disruption
  • Eavesdropping
  • Message Manipulation Service Theft
  • VoIP Spam
  • VoIP-to-data Exploits
  • Quality Degradation
This analysis is based on the attacker’s location includes the network entry points where the attacker could breach the network security. An asset listing, threat analysis and remediation report is included as part of this service. This report highlights new vulnerabilities discovered and/or those fixed since the last threat analysis report if part of an ongoing service.

Risk Assessment
Threats are carefully assessed and risk is prioritized based on “asset value” and “probability of exploitation”. An asset in this context is defined as a value-bearing component in the infrastructure or service where revenue is lost if the asset becomes unavailable.

Penetration Testing
The Penetration Testing service consists of launching ethical hacks on a controlled environment such as a lab or an isolated piece of a production network. Exploits of known vulnerabilities are launched, using the Sipera LAVA Tool and other tests, based on the information gathered about the network in the discovery phase. This test also exposes points where the attacker could breach the network security. A penetration testing report is generated which shows evidence of the existence of vulnerabilities along with the necessary recommendations.

For more information, download the VIPER assessment services data sheet.

For a personal, private consultation on how VIPER can help you, please fill out this form:

VIPER > VIPER Services
© Copyright 2006-2010 Sipera Systems, Inc. All rights reserved. Sipera, Sipera UC-Sec and related products, Sipera LAVA and Sipera VIPER and related services are trademarks of Sipera Systems, Inc.