About the company
Elisa Eesti AS is a branch of Elisa Corporation, based in Tallinn, Estonia. Elisa offers a wide variety of cellular, mobile, fix-internet, and TV services to private and corporate customers. With serving around 600 thousand clients, Elisa Eesti AS is the market leader in providing telecommunications to the Estonian market, holding the first place in paid TV segment and second place in fix-internet services. Elisa's mission is to bring experiences and productivity into everyday life of its consumers. Elisa's core values are customer orientation, responsibility, renewal, results orientation and collaboration.
In the modern world, every mobile network operator (MNO) strives to take all security precautions and protect its infrastructure, subscribers and their data, and other assets from cyberattacks. One of the main protocols employed in telecommunications industry is a set of telephone signaling protocols used to set up telephone calls, prepaid billing, SMS and other services, called SS7. The other one—Diameter protocol—provides interaction between clients for authentication, authorization and accounting of various services. Both of them are the universal protocols that mobile network operators use to regulate system networks and govern the exchange of data through them. However, these protocols are easily exposed to security vulnerabilities, thus putting the whole MNO ecosystem under threat. To test if its cellular SS7 and Diameter networks are configured securely and to receive recommendations on how to improve security level, Elisa Eesti AS searched for a loyal and reliable partner. Additionally, Elisa was seeking a stable partnership with an international company that provides trainings and gives valuable recommendations for their team. Throughout tender procedure and choosing the proper vendor, Elisa joined efforts with Positive Technologies, renowned for being an expert and a pioneer in telecommunications security.
The service was primarily provided in order to see whether the configuration of the networks at Elisa works properly and securely. There were two phases that the PT team in collaboration with Elisa Eesti AS had to perform. First step included the specialists from Positive Technologies to do a security check, assess the flaws in the main Elisa's networks, and help prioritize the security measures based on the real data, to address the top issues with increased attention. Since Positive Technologies can approach the problematic matters within a limited time, but with a high-quality performance, throughout a two-month summer period in 2018, Positive Technologies experts did the security audit.
The second step that PT experts took within the Elisa–PT cooperation was the training sessions provided for the team of Elisa. From October to November, experts from PT gave recommendations, tips and instructions for Elisa's team on how to maintain full security in their networks and continuously keep security level high and up-to-date.
PT Telecom Security Assessment service had the right set of security checks to cover the whole process of the deep and thorough audit. It provided several unique benefits for the team of Elisa.
- Firstly, by request of Elisa, experts checked for the threats for the main telecom network, such as services disruption, fraudulent activities and clients' data and messages leakage. Meanwhile, specialists installed Telecom Attack Discovery signaling threat prevention platform, also a product of Positive Technologies, and implemented security monitoring to visualize and prioritize major threats in real-time.
- Secondly, the product and the service brought transparency into the current condition of signaling protection for both protocols and outlined the major tips to remediate the network in case of an occurring threat.
- Finally, PT specialists checked the compliance of Elisa's networks to the telecommunications industry standards of GSMA to help the company keep up with industry best practices and be the leaders known for their secure services for subscribers.
PT specialists ran a full check-up on Elisa's networks. The audit was performed using such services and tools as Telecom Security Assessment and Telecom Attack Discovery, the market leading signaling threat prevention platform according to Rocco 2018 research. Eventually, after the thorough screening of networks, Elisa was delighted with the results. This complex strategy benefited Elisa in several ways by bringing new research results that showed the company the major vulnerabilities, which directly helped it to manage risks, address the priority threats, and improve the security level in the whole system and, mainly, cellular networks. Furthermore, thanks to PT experts, Elisa's network team raised its competences in cybersecurity matters.