Securing a Cloud Environment With a Telco Cloud Provider

Tuesday, July 25, 2017

Nowadays, nobody can deny the remarkable benefits of cloud computing, both infrastructure as a service (IaaS) and software as a service (SaaS). Cloud computing drives cost savings, agility to support customer demands and innovation; definitively it is a fundamental factor in the corporate digital transformation. Otherwise, cloud computing also involves some level of complexity in dealing with IT security, since organizations delegate certain responsibilities to third parties in storing and controlling sensitive data. During this article, we aim to identify the cloud security handicaps and propose a security model according a Telco Cloud Provider perspective to make easier and safe the cloud voyage.

Telefónica and Subex sign a global framework agreement to provide a disruptive FMaaS solution

Saturday, July 22, 2017

Madrid— June 18, 2017—  Subex Limited, a leading telecom analytics solution provider, has been selected by ElevenPaths, Telefónica’s Cybersecurity Unit to offer a Fraud Management-as-a- Service (FMaaS) solution. Telefónica is one of the world’s largest telecommunications companies, with a global presence in 21 countries and an average of 125.000 professionals and 350 million accesses.

The agreement between Telefónica and Subex will result in the new ’Telefónica FMaaS Powered by Subex’ to protect against a comprehensive set of digital risks and threats, along with a library of fraud detection processes. The solution addresses Subscription Fraud, Internal Fraud, Premium Rate Service Fraud (PRS Fraud), and International Revenue Share Fraud (IRSF), amongst others. Additionally, ROC Fraud Management technology deployed by Subex will deliver the ability to deploy client-specific detection processes, techniques and strategies, based on particular business needs at each site.

ElevenPaths is a Fortinet's Alliance Technology Partner

Monday, July 17, 2017

Solutions Integration with Vamps and Metashield

Fortinet is a Strategic Partner of ElevenPaths, Telefónica Cyber Security unit, with more than 15 years working together, and on June 2016, we strengthened that strategic alliance by adding Fortinet’s Security Fabric architecture to deliver solutions integrated with some of Telefonica’s key managed security services.

ElevenPaths participates in AMBER (“enhAnced Mobile BiomEtRics”) project

Sunday, July 9, 2017

ElevenPaths participates in the AMBER ("enhAnced Mobile BiomEtRics") project since 1st January 2017 as an Industrial Partner. AMBER is a Marie Skłodowska-Curie Innovative Training Network under Grant Agreement No. 675087, addressing a range of current issues facing biometric solutions on mobile devices. This project will run until 31st December 2020 and it will lead the training and development of next-gen researches in the biometrics area. Helping them to accommodate their research activities both with academic goals but also with industrial and professional market’s requirements.  

New tool: PySCTChecker

Monday, July 3, 2017

This is a "Quick and dirty" Python script for checking if a domain properly implements Certificate Transparency. If so, it is possible to observe how Certificate Transparency is implemented on the server side.

When a server implements Certificate Transparency, it must offer at least one SCT (a proof of inclusion of the server TLS Certificate into a Transparency Log). A SCT can be offered by three different ways:

  • Embedded in the certificate
  • As a TLS extension
  • Via OCSP Stapling

Using PySCTChecker is possible to identify the delivery options that the server uses and the logs where certificate has been sent to. Also, it is possible to check if the offered SCTs are valid and legitimately signed by logs.

This script needs just a list of domains as input. For each domain, it will check if the server implements Certificate Transparency. If the server offers any SCT, the script will show extra information about it, such for example the logs where the TLS certificate has been sent and which method the server uses to deliver the SCT.


python PySCTChecker/ [domain1 domain2 ...] 

Output example:

This is a quick and dirty implementation since it uses OpenSSL for some features, but we hope it helps understand how certificate transparency works.

You can download and check source code from here.

This tool reinforces our set of tools related with Certificate Transparency developed from ElevenPaths:

Innovación y laboratorio