During development, deployment and extensive penetration testing, the two thwarted all efforts to bypass the firewall’s security controls
Saudi Arabia’s largest mobile network operator, stc, has become one of the few telecom operators worldwide to achieve 100% compliance with the signalling security controls recommended by the GSMA. stc set out to defend itself against issues from personal data leaks and unauthorised location tracking to the interception of sensitive communications through phone calls, messages and data.
The operator is a key enabler of Saudi Arabia’s Vision 2030, including the provision of secure and reliable communications to consumer and business subscribers. Working with Enea, it designed and implemented security controls, then validated their effectiveness through penetration testing, adhering to the GSMA’s security guidelines throughout plus other measures.
The two combined stc’s proactive approach to security with Enea’s signalling firewall technology and threat intelligence to develop robust defences against cross-protocol attacks. They worked closely together through a continuous cycle of testing, threat analysis, developing use cases and improving the deployment of the signalling firewall.
Pushing secure boundaries
The press statement said that while GSMA recommendations are a valuable foundation, stc is committed to pushing the boundaries of signalling security still further “to deliver the highest level of protection for its network and subscribers”.
For example, the testing included complex cross-protocol attacks with the signaling firewall carrying out cross-protocol analysis to detect the threats. stc and Enea adopted a threat actor’s perspective then leveraged their combined expertise to ensure all attempt to bypass the firewall’s security controls failed.
100% compliance rating
Abdulaziz Alaqil, Cybersecurity & Data Governance Excellence GM at stc, stated, “Achieving a 100% compliance rate to GSMA guidelines is about much more than passing tests; it’s a testament to stc’s comprehensive security strategy and our relentless pursuit of excellence in protecting our subscribers.
He added, “As one of the few operators globally to reach this level of compliance, stc is proud to lead the industry in setting new benchmarks for telecom security. Enea’s expertise and technology have been instrumental in reaching this 100% signaling security milestone, and the accomplishment is a direct result of our strong partnership”.
John Huges, SVP and Head of the Network Security Business Group at Enea, commented, “Working closely with stc’s cybersecurity team, regarded as one of the most skillful in the industry, helps us stay on our toes and show what is possible. We are very proud of achieving this milestone together with stc.”
