Email a colleague    

March 2017

Cloud Player Evolve IP: Using a Layered Defense to Control Fraud & Security Threats

Cloud Player Evolve IP: Using a Layered Defense to Control Fraud & Security Threats

As an entrepreneur, do you choose a pizza restaurant or a telecom/IP services business for your startup?

What?!  Twenty years ago, who would have considered telecom/IP a serious choice for a mom-and-pop business?  Yet IP hosting firm Telinta recently told me they are putting telecom/IP entrepreneurs in business for only $400 a month.  At such a low entry point, it’s easy to imagine the number of US VoIP firms exploding into the thousands in a few years.  And yet, the bad track record of young restaurants suggests the failure rate of these telecom/IP businesses will be high.

Given those statistics, what makes a player rise above the pack?  Which ones will find a repeatable and profitable business model?  And which telecom/IP entrepreneurs will: 1) choose winning services; 2) select the right market nich(es) to target; and 3) tame the fierce beasts of inefficiency, fraud, and security?

Well, I’ll bet even money that Wayne, PA-based Evolve IP is one telecom/IP player who survives and thrives in the years ahead.  One good reason is the company is far more than a VoIP player: as you’ll soon learn, it offers its business customers a broad set of IP services.

And, it doesn’t hurt that the company is getting noticed!  In a recent Forbes survey of top tech firms, Evolve IP was rated as the #3 “Cool Vendor” in the cloud infrastructure category, being bested by two other firms you may have heard of (Microsoft and Google were rated #1 and #2).

So I was delighted to interview Evolve IP’s Peter Eisengrein, Executive VP, Network Engineering, who provides an insightful overview of his firm’s business model and their tactics for keeping fraud losses to a minimum.

Dan Baker, Editor, Top Operator: Peter, I’ll bet your sales team was delighted with that Forbes survey.  Congratulations.

Peter Eisengrein: Well, as you can imagine, Dan, anytime you are mentioned in the same list as those well-known brands, it puts a big smile on your face.

I think a big part of that recognition comes from our unique business model.  If you look at any one of our product verticals, there are probably hundreds of operators, for instance, lots of VoIP players and lots of cloud compute players.  But only a handful of operators offer desktop virtualization.  The folks at EMC/ VMware say we are leading the charge on hosted desktop right now.  So while there are players in each of our service buckets, we really don’t see anybody doing all of it.

Evolve IP Business Services

Can you first explain how Evolve IP got started down the path of being a multi-service cloud provider?

Dan, when we first launched Evolve IP in 2007, we didn’t want to sell just one thing.

Our team was made up of people in the business 20+ years, at CLECs mostly.  So, we were looking for a something with a little more breadth.  It’s what we now call “cloud play”.  At that time, the term cloud didn’t exist, but we started with VoIP, then moved from there into virtualization, primarily at the server level.  Next, we moved into desktop, followed by security and networking.  We do a little bit of application work, a little bit of everything.

Having this broad offering really is a strategic advantage—our customers truly appreciate having one provider who can give them all the things they need.

It’s a beautiful business model, but being in a very competitive business, taming your costs is key.  And that’s where fraud management comes in.  So I’m curious how Evolve IP fights fraud.

Dan, we firmly believe in layered, defense-in-depth security.  Tomorrow, if we discovered the coolest fraud management system (FMS) possible, we wouldn’t throw everything else out the door.  Instead, we’d add the solution as a new security layer.  If something occurs, you let everything alert you rather than relying on a single system.

Today our environment combines multiple elements, including the Equinox Protector FMS.  We also leverage BroadSoft’s tools and have developed our own intellectual property (IP) as well.

What’s the difference between the BroadSoft tool and Protector?

BroadSoft’s fraud tool is fairly basic and works on straight-up thresholds that notify when a first level is exceeded.  And if a second threshold is breached, it blocks the user.

Protector implements threshold monitoring by profiling the individual user, determining normal usage for that user.  In other words, if a user typically calls Mexico 20 times on a Thursday, Equinox profiles that.  In short, Protector monitors usage at a far more granular level.

How important is it to stop the fraud or block the call before it goes into the billing stream?

The trend in recent years shows fraudsters have moved toward shorter duration calls; thus, having that record so close to real-time is slightly less important than it used to be.  However, there will still be outliers setting up calls to last as long as possible.  And if you aren’t alerted before the record closes, your costs could be significant.

That’s why it’s important for us to see these calls as they are being set up and we’ve been working with the Equinox team to help develop that functionality.

What’s your fraud management program look like in terms of staff?

Well, aside from the frontline support people who are experienced in a little bit of everything, I’ve got five dedicated voice engineers and a couple of developers who write the IP we do outside of BroadSoft.  Of course, when it comes to digging into: “Was this really fraud?”, even our frontline support folks are trained to deal with that.

Interesting, from an engineering standpoint, can you get by with less people?  Are you more efficient overall than, say, a CLEC operation?

Yes and no.  We certainly don’t want to be too lean, because to meet our aggressive growth we’ll need extra manpower.  We have a team of voice engineers who deal with platform-level stuff, and run at about 1 engineer for every 20,000 lines.  We think that’s pretty good.”

Our development shop is very good at automating to avoid a lot of manual keying.  Our provisioning, for example, is highly automated today, whereas in the early days of 2008 we did everything by hand.  A key Evolve IP goal is to get customers using our portal to buy services, so we’ve automated a lot of that.

Compared to a CLEC, yes, we’re better than average on scale.  I know from working in a CLEC shop that you need many people familiar with each switch family you own.  That CLEC had Alcatel, 5EESS, and DMS switches.  We also had old optical switches, cross-connect systems, MUXs, and then all the accompanying wiring.  As you can imagine, that required a large engineering staff just for voice.

Evolve IP has a good number of other engineers, too, including data network engineers, who are experts in routing, switching, firewalls, and the like; and cloud compute engineers, who are virtualization specialists.

So, to answer your question, Dan, we’ve definitely scaled from inception to now.

What sort of customers are you serving primarily?  What’s your sweet spot?

We serve a fair number of call centers, and are very much focused on compliance driven industries such as healthcare, finance and even veterinary.  Our customers come from pretty much all types of business; however small businesses, firms with fewer than 25 employees aren’t a great fit for us.  We are aimed more at the professional services, engineering firms, law firms — anyplace with a rich office environment and multiple locations. 

On average, customers originally sign up with two of our services.  Then after three years, they generally have about 3.7 services.

What do you think the future of the LECs looks like?  Using IMS today, you can dress up a circuit network to make it look like a VoIP network with enhanced IP services.

Many LECs are selling some of these services already.  Down the street from us, Verizon and Comcast are strong BroadSoft shops as well, so they will certainly move in that direction.

However, the large carriers seem better equipped for the smaller businesses.  We rarely run against them in a competitive bid.

The large carriers are looking for something highly repeatable.  Your market requires some customization or serving the particular needs of business clients.

That’s the challenge, right?  Larger carriers are not willing to allocate resources to building a solution.  They want to be able to say: “OK, you need 5 phones; just open the box and plug them in.” That’s a perfectly acceptable model.  But I think we’re starting to see the huge operators move into content.

Wireless is not a big threat to us today because we do the integration.  Our goal is having your phone ring at your desk and on your cell phone whenever somebody calls your phone.  Will we ever be a cellular provider?  No.  Is the future in business cellular?  Probably not in the enterprise space, at least not any time soon.  For companies with sales forces, the mobile workers, sure, there’s room for that.

How do you typically integrate mobile?

We do it in one of two ways, either through a ring-in-multiple-places way or through mobile apps.  For instance, on a mobile app of mine, I can use it as a chat client, it does presence and also works as a soft client SIP, so I can make business calls that appear as if I’m calling from the office.

Do you look at fraud and security together these days?  How much crossover do you see?

There’s a lot, particularly in Denial of Service (DoS) attacks, because obviously, that can hit your phone system as easily as your website.  It’s a combination of either DoS or just a malicious attempt to brute force the registration of a phone.  We see quite a bit, and in some cases, we work closely with our data guys to have it blocked.

What about nuisance calls, robo calls, how important is that issue, and how are you addressing it?

It is minimal from our perspective.  We don’t get much of that, and when we do, it’s not a big issue to control.

From the fraudster’s perspective, we are somewhat protected because they don’t know if they are hitting a PBX, a phone, or what.  Judging by the brute force attacks we see, they clearly think they are connecting to a premises-based PBX, as they usually try to connect to a 4-digit extension or 3-digit extension.  They don’t know they are connecting to a provider’s network that uses a longer user ID.

It’s one primary reason we don’t see as much fraud as other service providers.  For example, carriers who do a lot of SIP trunking, have all these premises-based PBXs connected to them, so when somebody finds a hole in that PBX, they’re going to see more fraud than we do.

As far as fraud solution enhancements, what are you planning?

Currently, we’re leaning on Equinox to help us with advancing the existing SIP analytics in Protector.  Protector does a good job of looking at the calls, but we want them to expand that analysis to our SIP-based registration traffic—that’s where the vast amount of our attempted fraud starts.

To place a call on our network, you first must register, and the phone sends a register message.  If you attempt to place a call to us even from a valid user ID but have not registered to us, we block the call.  We want Protector to inspect that traffic.

Peter, thank you for this very fine briefing.  I’m sure many will enjoy reading about your unique cloud play business model, and it certainly seems you’ve made fraud control and security a high point in your business offering.

Thanks, Dan.  I’m quite proud and confident in our fraud control methods, especially in comparison to other shops our size.  I say that based on our experiences at fraud conferences—the people at legacy telco shops tell us they’re not yet blocking fraud at the SIP level as calls are being set up, and we’ve had that capability for a long time.

We also hear how people are being hit for tens or hundreds of thousands of dollars at a time.  It’s noteworthy that we’re looking at losses of less than $10 for last month.  That’s due to identifying this stuff pretty darn quickly AND across more than one platform.

It’s compelling evidence that our layered strategy is working.  Depth in your defense is the way to go!

Copyright 2017 Top Operator Journal


About the Expert

Peter Eisengrein

Peter Eisengrein

Peter Eisengrein is a founding partner and Executive Vice President of Network Engineering at Evolve IP, The Cloud Services Company™.  With over 20 years experience in telecommunications and networking, with an expertise in Voice over IP (VoIP), he is responsible for the overall architecture, engineering, and operations of the hosted Unified Communications (UCaaS) network.

Prior to joining Evolve IP, Peter served as Director of Engineering for ATX Communications, Inc., where he was responsible for the planning, design, budgeting, development, and support for the ATX network.  In this role, he oversaw the technical product development and design of the ATX network and designed and installed their Frame Relay, Internet, and Voice over IP (VoIP) platforms.

Outside of technology, Mr. Eisengrein is Founder and President of Artists of Morrisville, a non-profit arts organization.  He also has served on the board of directors for the Morrisville School District and the board of directors for Bucks County Intermediate Unit #22, and is an active volunteer with the Youth Orchestra of Bucks County (YOBC).

Mr.  Eisengrein holds a Bachelors degree from West Chester University and completed his graduate studies from Temple University.  He has 3 fantastic kids, a beautiful wife, an indefatigable dog, and an ill-tempered cat.

Recent Articles