SimCon event shows Simwood’s growing influence

Endemic apathy and arrogance continue to fail the comms industry's most critical imperative - combating VoIP fraud - argued Simwood Managing Director Simon Woodhead at the company's inaugural SimCon event last month where he also reaffirmed his commitment to high tech network innovation and channel partners who add value to his proposition.

There's something amiss when an industry fails to adequately address one of the biggest issues it has ever faced. But running against convention Woodhead has made a name for himself in drawing attention to and doing something about what the majority would rather repress and sweep under the carpet - the dominant issue of VoIP fraud. It is a fact that the stain of VoIP fraud continues to spread and according to Woodhead the answer is to see trouble coming and ensure that the thief is not one step ahead of the cop, which can be especially challenging as the comms industry passes through its most seismic episode for decades.

Take note: Woodhead's endgame is to win rather than muddle through, and for businesses desperate for guidance he continues to build on the leadership role he first undertook in 2009 when running a Darknet to identify sources and types of dirty traffic on the Internet.

Woodhead went on to gather important information from a system of Honeypots all configured to look and behave like a production service (in this case a SIP proxy) for the purposes of capturing data on attempted security intrusions. "We published our Honeypot data and made it available as a download that was updated in real-time," explained Woodhead, who evolved the Simwood network and service according to his gathered science, observing in particular the mechanics of intrusion and post-intrusion behaviour, which in part led to the publication of his first VoIP Fraud analysis report in 2014. "This analysis of three years of Honeypot data attracted great interest and put Simwood on the map," he said.

No responsible network operator can opt for short-termism in their efforts to combat VoIP fraud, so Woodhead continually takes his endeavour to higher levels. In his 2016 VoIP Fraud report he showed that distributed Honeypots on their own were becoming irrelevant in the context of how the threat landscape was evolving. "We now face a highly organised and professionalised attack mechanism," stated Woodhead. "Rather than having Honeypots scattered about the network we need to look at the whole network in real-time. Only then can we determine what is a scan across all IP addresses and across all ports, rather than wait for an attack on a particular IP address."

Last year Woodhead put pen to paper again and wrote a book called Speaking up on Telephony Risks that will be delivered to every business in the UK with a turnover of £50 million-plus. It is perhaps his biggest undertaking to date in putting all things VoIP fraud between the covers, ranging from caller ID spoofing to mobile phone interception. His intention is to smarten up end user thinking on the fraud issues at hand.

The nature of VoIP fraud is fast changing and expanding but industry reaction to the threat is not remotely on an equal scale, believes Woodhead. Amid the changing threat landscape he says some things just don't change - apathy and arrogance - referring to those that do nothing and those that think they have it covered, and do nothing. It is however imperative that all interested parties accept the disciplines Woodhead puts forward as two new attack categories emerge from the former reign of ‘organised' VoIP fraud.

"The scale of it is now industrial," said Woodhead. "New machines brought into life may be scanned almost immediately. However, heavy automation means that attempts at VoIP fraud are occurring in a defined and predictable way which is easier to discern. But this industrial harvesting of victims is poles apart from the second new category - targeted attacks. We are seeing more of these but rarely at the SIP layer. Such attacks target other vulnerabilities on the equipment like a http-based control panel, or a protocol baked into a 20 year old PBX that's been IP enabled, for example."

Network vulnerability comes in many shapes and forms, and it is certainly the case that businesses should remain on high alert during periods of VoIP fraud ‘silence'. "Hackers may have carried out reconnaissance and be waiting for an opportunity," added Woodhead. "During a quiet time of year they may suddenly hack you. Long gone are the days when hackers make their presence felt by brute force."

The solution to all this is to deal with a competent carrier that has your back, pointed out Woodhead, who has architected Simwood to be its partners' only carrier. He claims to have developed and aggregated the most comprehensive range of fraud controls in the industry which he continues to augment. And as an industry speaker on the global stage he hopes to build a united front and also advance his cause to create a fair and transparent market.

It's a vibe Woodhead aims to recreate in the UK via the SimCon symposiums, the first of which took place last month at the company's new Bristol offices. It was well attended and well received by delegates keen to learn more about the future role of WebRTC, the Asterisk open source comms community, the issues that blight number porting, how to approach GDPR, troubleshooting SIP, as well as the big themes of VoIP fraud and the evolution of Simwood's infrastructure.

Since it was founded by Woodhead 20 years ago Simwood's infrastructure has undergone a 100 per cent hardware refresh four times, and over the past two years everything from network to the customer facing application stack has been replaced. Part of that journey was containerisation, a process through which Simwood did away with vSphere in its network. Instead, everything is containerised.

A container functions like a virtual machine but it shares the host kernel. That means it uses the actual CPU. The advantage of this is reflected in the development practices adopted by Simwood. "We've been able to flatten how we build services," said Woodhead. "Not just in terms of code, but finished containers are committed to version control which cannot be done with a virtual machine.

"The host works like a router and a container becomes a first class citizen on the network with a true IP address and without any complications. I would also argue that containers are more secure because of the development practices they have enabled us to exploit. A Simwood container not only houses network information it also encapsulates security data with more granular rules."

This project was made immeasurably easier and more successful by some nifty work that removed the need for what's called a docker bridge in the container. "Every project we looked at had this user LAN proxy, with NAT and other horrible things that seemed like a backward step, especially in the world of SIP and RTC," explained Woodhead. "It was asking for trouble so we resolved it by developing a plug-in called Simwood Container Networking, which in essence enables us to give a public IP address to a container in the same way we could with a VM, but with more flexibility."

Simwood has always aimed to stay on top of the latest architectural evolutions and ahead of the pack, confirmed Woodhead. "From the outset 20 years ago we could not find anyone able to meet our requirements nor provide the service assurance we wanted," he said. "So we spent many years climbing the food chain and getting as deep into the core as possible. That means we have total control over the service we provide. Our core services of SIP, VoIP, applications and billing are controlled in house.

"Everything we sell, we originate. The furthest we get away from originating is adding value, and we expect the same from our customer base. We don't deal with resellers that just want to pick up what we have, sell it and take a cut. We work with people that take the raw materials and add value. Everyone in the supply chain should be adding value."

Simwood's infrastructure extends to the US where it has two PoPs and the company is a licensed Competing Local Exchange Carrier (CLEC). This is a rapidly emerging market for Simwood and the CLEC badge opens doors to where it wants to be in the food chain. On home territory Simwood operates three availability zones - Manchester, Slough and London. "We can lose multiple availability zones and the service carries on," said Woodhead. "Any one of our PoPs carries all of the network traffic."

As Simwood evolved and grew it inevitably came face to face with SS7, which is the only way to access a Regulated Interconnect to BT, as opposed to being a customer of another operator. The traditional legacy operator has a TDM core while Simwood's is IP, but the transition is a simple one for Simwood as contracts move from SS7 to IP transport.

"We face BT in a different way to many other operators when it comes to SS7," said Woodhead. "There is no requirement for remapping in the event of a failure. We are architected for availability which is why we face the same point of interconnects on BT's network from each of our PoPs. BT sees that as one fat circuit. If we lose a site BT does not notice and traffic flows the other way. We are in control."

To say that Woodhead gets ‘stuck in' to some of the big issues impacting the comms industry would be to greatly understate the nature of how far Simwood punches above its weight. Within 24 hours of Woodhead's 2016 VoIP Fraud analysis publication three of the top 10 operators in the world - including the largest - requested copies. This single fact points to a pathfinding and pioneering spirit that will ensure Simwood's voice (including the company's much read blogs) will remain a stand out feature on the comms channel landscape.

"For 20 years we have been about the convergence of technology and making it accessible for partners to create amazing products," stated Woodhead. "We champion the cause of a fair and transparent marketplace, we are vocal in our beliefs and thought leadership, we are equally committed to building our community and sharing knowledge through our new SimCon events, and we will continue to punch above our weight and make our influence felt."