Richardson, TX, January 14, 2009 - Sipera Systems, the leader in real-time Unified Communications (UC) security, today released its UC Security Trends to Watch list, highlighting security issues and best practices adopted by enterprises implementing UC.

Sipera's list is based on its experience with dozens of enterprise customers and value-added resellers that are leading the transformation to UC, converging voice, video, messaging and collaboration applications onto a common, next-generation IT infrastructure. Chief among the findings is a trend toward addressing security for both control plane signaling and real-time application media, along with radically differing security architectures adopted by enterprises to comply with unique business requirements, such as regulatory mandates and industry standards for privacy.

UC Security Trends to Watch

1. Security for Real-Time Application Media As they implement UC, Sipera's customers are deploying security measures that mitigate application-layer threats without degrading real-time communications performance. Moving to UC promises to deliver a consistent user experience and interface across a set of real-time applications such as VoIP, instant messaging, web-based collaboration and videoconferencing, enhanced by location and presence data and the efficiencies of a common infrastructure and enabling technologies such as SIP. But unifying these applications presents a variety of vulnerabilities and exploits that must be addressed without introducing delay in the signaling and media for this time-sensitive traffic.

Security postures in these deployments include provisions for privacy and policy enforcement on a per-application, per-user basis, and must consider the real-time nature of UC media to comprehensively protect against threats. Further, an increasingly common best practice among IT groups is to conduct periodic vulnerability assessments that evaluate the security risks associated with VoIP and other real-time UC media. In addition, enterprises are frequently evaluating and protecting against UC threats including Number Harvesting, Call Walking, Denial of Service, SIP Worms, Service theft and Identity theft.

2. Targeted UC Security in the Insecure Enterprise Managers in some enterprises implementing UC are taking a non-traditional approach to security that assumes there are no assurances of security throughout most of the enterprise network. Instead, the security architecture for these enterprises is based on identifying particular applications and information that is to be secured, and then implementing targeted security.

For example, many universities and other institutions of higher education must operate on the assumption that the majority of their network is exposed to potential attack. This may be because these universities commonly have public IP addressing and many resources open to the Internet, because students are constantly challenging the defenses of the university IT infrastructure, or IT does not control security for all machines that use its networks. In some cases, IT managers in such environments simply decide that there is no secure, perimeter DMZ. Instead, they identify applications that must be secured, such as voice connectivity for the student financial services department, and secure that traffic via application-layer security techniques and focused access control and policy enforcement.

3. The Secure Extended Enterprise In contrast to enterprises that adopt targeted security, other enterprises take the opposite approach and secure the perimeter DMZ while still enabling rich, UC interaction with third parties outside this trust boundary. UC enables enterprises to engage in new forms of communication and collaboration with customers, partners, suppliers and an extended workforce of teleworkers and remote call centers. But for many enterprises a central requirement for all interactions is air-tight security for the perimeter and for communications to third parties that involve private customer or financial transaction information, especially in industries such as financial services.

In a financial services enterprise, virtually every communication between parties has the potential to contain sensitive information, often protected by privacy statute or industry best practices. Financial services IT managers involved in transformation to UC are adopting an extended enterprise security posture that seeks to enforce policies, extend access control, employ 2-factor authentication, and ensure privacy across a range of applications, including IM, email, VoIP, videoconferencing and data network transactions that involve parties beyond the trusted limits of the traditional enterprise perimeter.

4. Unified Security Approach for UC Regulatory Compliance One driver for implementing UC in many enterprises is to provide a multitude of separate but integrated methods for interacting with end clients. For example, healthcare industry firms moving to UC often seek to create richer and more efficient interactions with patients. A patient may access personal health data from a secure web site and then click on a link to establish an instant message communication with a billing representative. The communication could potentially escalate to a voice or video call to resolve the patient's issue. This multi-application method of communications has clear privacy and regulatory implications, especially for healthcare providers that must comply with HIPAA. Sipera's customers are addressing this requirement with a unified security posture that applies appropriate access controls, policy enforcement and encryption across all applications, including IM, voice, video, and collaboration.

About Sipera Systems Sipera Systems, the leader in real-time UC security, enables enterprises to simplify and confidently deploy their VoIP and unified communications over any network to any device while service providers can protect and quickly offer new IP-based communication services. Backed by the extensive vulnerability research of the Sipera VIPER Lab, the Sipera IPCS(tm) products provide comprehensive threat protection, policy enforcement, access control, and privacy in a single, real-time appliance. For more information, visit http://www.sipera.com.

Sipera, Sipera logo, Sipera IPCS, Sipera IPCS 210, Sipera IPCS 310, Sipera IPCS 410, Sipera IPCS 510, Sipera IPCS 520, Sipera LAVA and Sipera VIPER are trademarks of Sipera Systems, Inc. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.

Media Contact: Jan Jahosky, TurboPR, 407-331-4699, [email protected]