Expert Opinion: Salman Nayyar on SMS Firewalls

6 min read

Cyber security is a hot topic in the world today, and for those of us in the mobile messaging world, SMS security is more important now than ever. 

One of the best ways to protect your network and subscribers against cybercrime is by using an SMS firewall. To give you a better understanding of how excellent firewalls protect your network, we spoke to Salman Nayyar, GMS Group Director — Products, Strategy and Innovation to get his expert opinion and advice.

Sam Harrison — GMS Content Writer:  What is the current threats landscape for SMS business?

Salman Nayyar — GMS Group Director — Products, Strategy and Innovation: When looking at threats to your network, there are actually multiple threats that you need to be concerned about. As you may be aware, the fraudsters of this world are always looking for loopholes, and threat development is ongoing and evolving over time. Four or five years ago, the threats were relatively simpler, but now the methodology has evolved, so firewalls have had to evolve to meet that. 

Talking about monetisation, many of the threats are related to bypassing legal channels using things like grey routes to terminate premium traffic using inexpensive routes. Originally this was done by changing the content of the message, for example, replacing an S with a five or zero with an 0. Today fraudsters are using more sophisticated methods like hidden characters that arestill not widely known or understood in our industry.

Also, smishing is a massive danger to your subscribers. Just like phishing emails, criminals will send links in messages that are designed to get your subscribers to hand over private personal details such as banking information or passwords or date of birth. This became a huge issue during the COVID-19 pandemic where fraudsters were impersonating delivery companies, major brands like McDonald’s or even National Health agencies. Recently we’ve seen the rise of new malware techniques such as Flubot, where the malware would infect a subscriber’s device and use it to send SMS to everyone in the user’s contacts, spreading the malware like a virus.

One final threat that is becoming more and more common is flash calling. Basically, this completely bypasses messaging by using short “flash” calls to authenticate users. Many large enterprises are looking for an alternative to SMS because of the increase in SMS cost and have started using flash calls. This is a problem for MNOs because these flash calls are often not monetised.

SH: In terms of threats, we have smishing, spam messaging, grey route traffic, and flash calling. Will all of these will affect the network’s revenue?

SN: Yes. These are the most prevalent threats, there are some others, but in many cases, there are solutions to those other threats in the marketplace. It’s not so much that these problems are fully contained but more that many networks do not see them on a high enough scale. These threats will, of course, affect network revenues. For example, grey route traffic will mean that networks are not receiving the proper payment for the services they are supplying; in the case of smishing, this can cause subscribers to lose trust in networks and take their business elsewhere.

SH: So, what is an SMS firewall? And how does it protect revenue?

SN: I know people have not done as much air travel in the last two years, but if you think back to when you had to go through security, an SMS firewall functions much like the airport security operation. The MNO is the country on the other side of the security gate, and the firewall is the x-ray scanner that you put your suitcase through. The firewall scrutinises the content of each and every message. 

The firewall searches the content of the message to identify and categorise it. Is it P2P or A2P, international or domestic? Categorising the message is very important, not just for security but also for pricing — it is a lot easier to charge customers correctly for their messaging when you know exactly what it is and what it should cost.

One thing that some firewall operators, such as GMS, are doing is keeping an eye on not just the type of messaging that is coming to the firewall but also its volumes and origins. So, for example, we know how many messages a particular enterprise sends on average. When that number reduces, we know that somewhere in the chain, the messages may not be properly monetised, as we are missing out on the traffic.

This visibility of the content, categories and messaging volumes is what makes firewalls so effective. 

SH: So we are not just looking at what is received and ensuring that it was monetised correctly; we are also looking at the negative space by comparing it to our other partners worldwide and sharing that knowledge.

SN: Absolutely. Speaking globally, I’m sure you know that international traffic has a premium price tag when compared to domestic traffic. Unfortunately, some global brands have tried to disguise their traffic as domestic and use routes with lower tariffs. We can find the origin of the SMS and then ensure that the traffic is monetised correctly in that way too.

SH: A firewall does not just protect against direct revenue loss but also protects against undesirable traffic like smishing attempts and spam messages. How is that done?

SN: To protect the network’s subscribers against this kind of unwanted messages, we use sets of rules. This is actually quite difficult to do, as you must be very specific to allow through the legitimate traffic and block the undesirable content. So the more complicated it is to manage this entire system of things, the more difficult it is to set up the rules in the firewall. 

This takes us to the crux of many firewall issues — it is not which firewall you are using but more how you use it. You need both a set of rules and a deft hand to ensure that everything is monetised correctly and that no spam makes it through while still blocking all the harmful messages. 

SH: That is very interesting. How does this work as an ongoing process? I assume you cannot just set it up and then ignore it?

SN: Absolutely, you cannot. It is not a one-time task, Sam, that we build the rule, and off you go; it is not as simple as that. It is a continuous evolution, continuous tweaking. We undertake ongoing modification of those rules on a daily and sometimes hourly basis. We can do this accurately and efficiently because we are constantly monitoring traffic, but there is also another aspect to this — network testing.

GMS undertakes continuous testing of our partner networks, generating test traffic to try and breach firewalls. With this testing, we can often identify loopholes in the rules before they occur. 

SH: So GMS is quite proactive when it comes to protecting partner networks?

SN: Absolutely. Interestingly even though we are now a globally connected, always-online society, fraud trends often start in geographically isolated areas. So, for example, you might see a new method of fraud in Indonesia months or even years before you see it in America or Europe. To best protect your network, you want to keep up with what is going on worldwide, which we do by taking the learnings from our partners worldwide and applying them where relevant to all of our other partners.

SH: One last thing. So recently, we were ranked Tier 1 by ROCCO Research for our firewall provision. What does that mean for our customers?

SN: That is a great question. So ROCCO is not just looking at our brand and our features and saying “oh these guys are top tier” — they are talking to MNOs and partners worldwide about how we perform. They ask them how well-protected they feel with our firewall, how well we support them as a partner, and many other things. Based on these criteria, they have ranked us as Tier 1, the best possible tier for firewall provision. 

This is something I am extremely proud of, but getting ranked tier one is not the end for us. We are looking to constantly improve our service, and SMS firewalls are just one aspect of our Messaging Protection product. I think the security offered by GMS and Messaging Protection is second to none, and everyone here is dedicated to making it even better.

If you’d like to know more about GMS’ Messaging Protection you can get some more information at this link or by getting in touch with one of our experts today.

Add Your Heading Text Here