Skip to content

Securing real-time communications from cyberthreats with AI

An introduction to Oracle Communications Security Shield Cloud


When it comes to IT initiatives, most businesses prioritise cybersecurity. This is because the scope, scale, and costs of data breaches, denial of service attacks, and ransomware have all increased. Some of these have even been successful enough to shut down entire companies for long periods of time, and details for many of these incidents are often left ambiguous because victims are afraid of disclosing information that could lead to further attacks.

Real-time communications security has many similarities with other business-critical applications, but also has its own set of threats, attack points, and risks. If unprotected, unified communications, enterprise telephony, and contact centres bear the brunt of targeted attacks.

This resource page will discuss some of the unique challenges of real-time communications, provide best practices for securing them, and provide a high-level overview of Oracle Communications Security Shield Cloud, a tool designed to tackle these challenges. To find out more about Oracle Cloud Security Solutions, check out our services and speak to an Oracle Cloud expert today.


The Challenges

According to Metrigy research, only 41% of organisations have a proactive security plan for their communications services.

According to the same Metrigy research only 35% of businesses conduct a security assessment of their communications providers.

Your in-house infrastructure is also vulnerable. According to the Communications Fraud Control Association's (CFCA) 2019 Fraud Loss Survey, losses from IP-PBX hacking totalled $1.8 billion. Therefore, there are numerous challenges and risks that must be monitored in order to develop a plan of action to mitigate them.

Control and Visibility

Companies are embracing 'Unified Communication as a Service,' (UCaaS), which are cloud-based collaboration tools like Zoom or Microsoft Teams. Alternatively, they are utilising cloud-based call centre services known as 'Call Centres as a Service' (CCaaS). These solutions are often piecemeal; one portion of the services is cloud-based, while the other is on the customer's premises. This solution is commonly a mash-up of multi-vendor solutions with a high integration cost to ensure that all applications work together. Maintaining centralised control becomes more difficult as organisations' real-time communications solutions become more complex. However, losing control means losing visibility and security.

This lack of control and visibility leads to:

  1. Being incapable of detecting security threats in real-time communications channels 

  2. Recognising the real threats associated with security risks

  3. Voice channel threats not effectively correlated with other security breaches

  4. Security flaws allowing bad actors to operate undetected when attacking voice and collaboration applications

Authentication and Identity Fraud

The Public Switch Telephony Network (PSTN) was built on the fundamental principles of trust, personal identity, and built-in authentication. Even with the rise of the internet and cloud computing, the PSTN has maintained these same principles in the digital age. Anyone in the world can talk to you on their phone. The underlying process hasn't changed much, but our behaviour around it has. Prior to Caller ID, you had to identify the caller verbally. Now, you probably ignore or send to voicemail any number you don't recognise.

LinkedIn - Templates  (11)-3

That is not an option for businesses or contact centres. That call could be from a new colleague or an important customer, so it needs to be answered. Businesses, unlike individuals, must receive and process all calls regardless of who is calling, and the receiver of the call is left responsible for verifying the caller's identity. 

Passwords, PINs, and knowledge-based identification are frequently used in contact centres to help authenticate callers, but they are not infallible - callers genuinely forget their passwords. And, when a customer or employee forgets their login information, the overall user experience may suffer.

To utilise this authentication gap, these three tactics are frequently used in combination:

1. Robocalling


While robocalls are undoubtedly annoying to consumers, they cause havoc in call centres, as legitimate callers are placed in long lines and are subjected to lengthy hold times while the call centre attempts to dismiss the robocall.



robocalls placed in 2020

2. Call Spoofing

Numbers and caller IDs can be easily falsified because the PSTN provide no guarantees on caller identity. As of June 2021, the Google Play store has over 200 call spoofing apps, many of which are free. Scammers will spoof numbers from within your company, from customers, from nearby numbers, or from any number they believe will lower your defences and elicit a response. 

An industry standard known as 'STIR/SHAKEN' is being used to combat this threat. STIR/SHAKEN is designed to prevent call spoofing and robocalling by digitally signing the call with an attestation rating and providing a level of authentication to the calling number. While STIR/SHAKEN may be beneficial, it will not eliminate more sophisticated spoofing techniques.



call spoofing apps

3. Social Engineering

In terms of cybersecurity, social engineering is the use of deception to persuade people to give up their personal information online, which is then used to launch cyberattacks. Businesses must be aware of these callers, who are attempting to manipulate employees into divulging information for fraudulent purposes. It is currently the most efficient way to gain access to your data. According to Verizon, social engineering tactics are used in 22% of all breaches. They are then used to commit frauds like identity theft and account takeover. The fact that 83% of call centres rely on agents to detect fraud reveals a flaw in many organisations' security procedures, as most agents receive little or no training on detecting these threats.

Furthermore, if a social engineering attack is successful, it may take a long time for the breach and associated costs to be discovered. This is because it is often different criminals conducting each crime, making both risks and detection difficult to estimate.


of all breaches were the result of social engineering tactics


of call centres only rely on agents to detect fraud

Call Flooding

Unexpected bursts of call traffic are referred to as call flooding. This could be legitimate or malicious, but either way, it can disrupt your communications and result in financial costs and/or service outages.

Inbound floods that are malicious are known as Telephony Denial of Service (TDoS) attacks. Simply put, they are attempts to interfere with your phone service. Attackers may be looking to cause financial harm or even extortion against your organisation. Demanding ransom to stop or prevent denial-of-service attacks has grown in popularity and success. But, you need to be extra cautious, as some insurers have stopped protecting against these attacks.

While certain industries, such as insurance, have always been vulnerable to TDoS attacks, all businesses should be aware of the danger. Copycat incidents are common after highly publicised ransomware successes, and no organisation is completely safe from these threats.

Furthermore, many organisations are unprepared for any type of call flood. While it is in your service provider's best interest to prevent these types of events, they make no promises. A large-scale flood or TDoS attack can easily disrupt your business and not affect your service provider, whose infrastructure is designed to handle much higher volumes of call traffic.

Telecommunications fraud

The CFCA 2019 Fraud Loss Survey estimated global telecommunications fraud loss at $ B in 2019 alone.

There are numerous ways for bad actors to profit from communications systems that have poor security. Call pumping is a common type of fraud in which phoney call traffic inflates your communications bill to benefit a dishonest premium rate operator or service provider. Call traffic is generated from a compromised organisation to a destination that charges per connection or per-minute fees. These costs may be 'low-and-slow' to avoid detection and accumulate significant sums over time.

Customer Experience

Your contact centre is an important point of contact for your customers. A positive customer experience is essential for business success. Your agents should be well-trained to understand your customers, but technology can also assist in improving these metrics. These objectives are closely related to the security of your overall communications. Filtering out unwanted calling, harassing callers, and scams, for example, will reduce call hold times for legitimate customers, improving their overall experience (QoE). Caller identity authentication can also reduce the need for knowledge-based authentication, resulting in shorter call hold times and a better customer experience.

Advanced persistent threats

Advanced persistent threats are cyberattacks aimed at gaining long-term access to an organisation's infrastructure and data. They require a high level of expertise and substantial financial backing. Bad actors will need to avoid detection by common security tools in order to remain undetected. Advanced persistent threats enable cybercriminals to send undetected calls to anyone, anywhere in the world. Traditional cybersecurity tools do not monitor for this threat, and attacks that exploit this security flaw can continue to do so indefinitely.

Communications Security Best Practices

With so many threats to your real-time communications services and systems, it's best to establish a set of security best practises. Here are our top communication recommendations:


Our first recommendation is to examine all call traffic entering and exiting your organisation. It is necessary to examine the source, destination, SIP header information, and payload types. Any tool used for this purpose should provide continuous monitoring as well as a 360-degree view of the traffic. Advanced tools will allow users to drill down into on-call data in order to manually assess the underlying data underlying risk analysis and automated policies.


After each call has been inspected, you should add a layer of authentication. All calls, including the origin and destination, must be authenticated using PSTN data. For each number, behavioural analytics track data such as carrier risk, phone type risk, length of ownership, and call frequency. Policing unauthenticated calls will result in more efficient operations, a better customer experience, and a lower risk of fraud.


Take advantage of intelligent technology. To combat cyber threats, powerful detection capabilities leverage the power of the cloud and advanced analytics. This aids in the detection of suspicious activity such as unusual traffic patterns. Unprotected communications services can be used in a variety of harmful ways, and the best way to detect that threat is to thoroughly examine it.


Finally, leverage that power through automated enforcement. An integrated solution with automated network enforcement leverages a session border controller (SBC), such as Oracle Enterprise Session Border Controller, which provides additional network security controls. It enables customisable enforcement, such as call blocking and redirection based on your risk tolerance. Because an SBC is in the call path of all calls entering and leaving your enterprise, you have control over both inbound and outbound policing.


Oracle Communications Security Shield (OCSS)

Oracle Communications Security Shield Cloud can aid in the implementation of these best practices. Oracle Communications Security Shield Cloud will run a dynamic risk assessment and threat detection on every call while providing visibility into your entire communications network via a dashboard. To detect abnormal traffic and threats, we use Oracle Cloud Artificial Intelligence (AI) and Oracle Machine Learning (ML), so we are learning your unique network as well as its traffic patterns. It continuously leverages this information in real-time with automated policy enforcement to throttle or deny unauthorised network use.


Oracle Communications Security Shield Cloud provides a real-time view of call traffic passing through your network's edge. It depicts critical metrics like threatening calls, risks, related policies, and enforcement actions. The user-friendly, comprehensive dashboard displays a variety of widgets that can be customised to display call data, threats (types and sources), reputation scores, policies, and actions.

Risk insights enable you to conduct in-depth analysis in the investigation of detected attacks, scams, or fraudulent activity. It is based on a set of attributes and criteria extracted from the call and associated phone numbers to give you a better understanding of the risk factors affecting your network or contact centre. Understanding these risk characteristics will put you in a better position to protect against future high-risk calls and fraud losses.





LinkedIn - Templates  (17)








LinkedIn - Templates  (12)-3



Security Shield conducts a dynamic risk assessment and assigns a reputation score to each call using multiple analytic algorithms and sources. The reputation score is then applied to policies based on your call environment and the organisation's risk tolerance.

To assess the risk of each incoming and outgoing call, multiple vectors are examined:

  • Behavioural threat analytics: detects unusual traffic behaviour, such as suspicious phone number ranges and patterns.
  • Threat signature detection detects known malicious traffic patterns like robocalling and denial of service attacks.
  • Methods for detecting anomalies rely on multivariate statistical analysis to detect and prevent suspicious traffic patterns.
  • Phone number intelligence identifies risky source and destination phone numbers by analysing PSTN data.

Rules and Integration

The policy-based enforcement capability of Oracle Communications Security Shield Cloud allows enterprises to set up rules for handling individual calls. Dynamic risk score thresholds, specific types of calls (such as robocalls), and centrally managed access control lists with specific call attributes such as source or destination can all be used to generate rules. This ensures that each call is handled according to the enterprise's risk tolerance guidelines. These policies are handled by a centralised enforcement point, such as an Oracle Enterprise Session Border Controller.

Options for call handling based on rules include: 

  • Redirecting calls to a specific destination such as an Interactive Voice Response or designated investigator agent
  • Generating and delivering notifications to the receiving call agent
  • Terminating active calls
  • Rate limiting calls to a specific call per second limit
  • Blocking calls during call setup







LinkedIn - Templates  (13)-1



LinkedIn - Templates  (14)-1


Powered by Oracle Cloud

Security Shield is built in-house on Oracle's next-generation cloud. Oracle Cloud is designed to meet the most stringent security, availability, and performance requirements of the world's most demanding organisations. Security Shield benefits from Oracle Cloud's Autonomous Database capabilities and end-to-end security features, in addition to built-in machine learning and artificial intelligence for analytics. All of this is available in an integrated software stack to provide a consistent user experience across all cloud services and applications.


A trusted partner with a security mindset

The security landscape is constantly changing as technology evolves. Oracle invests heavily in the technology required to maintain its position as the market leader in real-time communications security.

Oracle Communications Security Shield Cloud can help reduce communication costs, secure your communication channels, and increase productivity in your enterprise operations.

If you want expert advice on Oracle Communications Security Shield Cloud or other Oracle Cloud Security Solutions, DSP can be a trusted partner to help secure and accelerate your real-time communications.

You might also be interested in...

Keep Your Data Secure Throughout the Cloud Lifecycle

Businesses can no longer ignore the advantages of the cloud as it provides lower infrastructure spending costs, greater business agility, and flexible scalability. 

Azure Machine Learning - deployment anytime, anywhere

Azure Machine Learning can help your data team rapidly build and train models and operationalise them at scale with ML Ops. It also lets your data team innovate on an open and flexible platform...


Want to explore how Oracle can benefit your organisation? 

Get in touch with our specialists today and start your Oracle journey with industry experts.