Detects attacks unique to VoIP telephony
Integrates deeply with Asterisk to monitor user activity in realtime
Leverages massive database of VoIP specific hacker IP addresses and fraud related phone numbers
Offers ability to create responses unique to each attack using SecAst’s Event Handler system
Created in C++ for low resource consumption, fast attack detection, and rapid response

Major Modules

Intrusion Analysis Engine

The Intrusion Analysis Engine is at the heart of SecAst, monitoring inputs from Asterisk, the operating system, behavioral history, and proprietary security databases. User and device activities are constantly being profiled looking for suspicious behavior and SecAst maintains risk scores for every existing connection and attempted connection. Based on administrator defined thresholds, SecAst will block or restrict activities of any user or device to ensure fraud is mitigated and hacking is prevented.

Operating System Sensors

SecAst monitors network connections, attempted network connections, network traffic, device profiles and more. These inputs are derived from SecAst’s proprietary network sensors which continually feed data to SecAst. The Intrusion Analysis Engine uses these inputs to prevent a connection, flag a connection for further monitoring, or even detect unusual traffic patterns.

Asterisk Sensors

SecAst integrates deeply with Asterisk to monitor dialplan operations, and more specifically the behavior of individual connections. Data such as call setup frequency, dialing rates, etc. all serve as inputs to the Intrusion Analysis Engine.

External Firewall Controller

A best practice common to computing environment hardening is to keep attackers off the internal network. SecAst offers an API to communicate with virtually any external firewall to block, unblock, and monitor undesirable IP addresses at the network edge. SecAst includes sample handlers for firewalls from Cisco, Mikrotik, pfSense, and more.