Top Menu


Real time VoIP threat protection

WATCHER uses real time checks on the Signalling of your VoIP traffic to prevent Toll Fraud, D/T-DoS & SPIT attacks, much faster than any solution using CDR analysis.

WATCHER continuously analyzes SIP messaging via on-site probes on our customer’s & service providers’ networks, comparing them against our master SIP fingerprints database to ensure no messaging which indicate toll fraud, T-DOS & SPIT attacks are present in your system.

We use the power of the collective to make everyone stronger. By continuously communicating with Velona’s ‘Big Data’ server we can ensure the Voice systems under Velona’s protection all remain up to date with present threat data; all relevant data forms part of the intelligence used to recognise attacks (continuous improvement cycle).


Monitors for any ‘out-of-the-ordinary’ or strange calling patterns
Finds threat patterns or single malformed messages
Identifies SIP Port Scanning, Extension Discovery, Password Attacks, Registration Hijacking, Telephony Denial of Service (T-DoS) or Distributed Denial of Service (DDoS) Attacks
Identify zero day threats
Identifies attackers, geo-locations & tools used

Stops Toll Fraud, Nuisance Calling, Phone Reboots, SIP Parser Stressing/Fuzzing
Real time alert to NOC, SOC or on-call personnel
Integration with CRM, HR, and Presence systems
Continuously updated with all data from all networks (Threat patterns & Blacklists continuously maintained)
All end-user Client data protected
High scalability for concurrent call support

CALL +353 21 242 8400 TODAY

Call us today or email us at to learn how we can secure your business against VoIP Fraud and other malicious attacks.

Key Benefits

  • WATCHER’s central analytics engine monitors all our clients and instantly informs everyone of new threats
  • Cloud-based service for easy, scalable, resilient service delivery
  • Integrates with your NOC or SOC
  • Focuses only on the threat data signatures – your own client data is discarded
  • No CAPEX or Admin costs
  • Cloud SaaS delivery means all updates are automatically picked up, with no impact on your performance or productivity

WATCHER can integrate with on-site SBC via RADIUS to implement the required authorisation on both outgoing as well as incoming calling, thereby preventing toll fraud, T-DOS & SPIT attacks. Confidentiality is fully designed in, as we focus only on the threat data signatures – with your own client data discarded.


RFC 3261
RFC 3428 Instant Messaging for SIP
RFC 4475 SIP Torture Messaging

RFC 4566 SDP
RFC 3856 Presence for SIP
SIP for IMS 3GPP TS 24.229

Available from the Cloud via Software as a Service (SaaS), or for installation entirely inside an end-customer’s private IP network, WATCHER can be run on any form of SIP based VoIP network, from the smallest Enterprise using just a single SIP trunk or a handful of IP Phones, to the very largest VoIP centric networks.


Toll Fraud and T-DoS attacks are increasing

Toll fraud now costs approx. $60.8 Billion US dollars (USD)* p.a. while ‘Telephony Denial of Service (T-DoS) attack as an out-sourced service’ is now obtainable from as little as $50.00 USD per hour. SIP (Session Initiated Protocol) is the dominant VOIP signalling protocol, with approx. 80% of the entire market. One percent of all Internet Fraud originates from SIP, with 88% of attacks happening outside of office hours.

Voice over IP (VoIP) has unique attributes when compared with other forms of traffic that run over IP networks. Accordingly, it must be treated differently to ensure next-generation network communications security – Gartner

Even with a highly fortified Network you still need SIP “pin-holes” open to service your customers. VOIP servers or End Points can be turned into a Toll Fraud server leaving you with a massive bill, or your own equipment (such as an E-SBC) can be turned into a D-DOS attacker, with DoS attacks blocking your ability to perform critical business functions, and hugely damaging your brand.

* Source of Toll Fraud cost: FINNA 2015

Why is this problem growing?

VOLTE (Voice Over LTE) is arriving and the arrival of IoT (Internet of Things) has meant a far larger available set of ingress points for hackers. VOIP has passed critical mass, and since 2015 there are now more VoIP lines in the United States than the traditional (PSTN) lines. Hacking is a growing concern, and Toll fraud is growing at 30% per annum, with DoS attacks on Telco’s increasing yearly. Brokers now offer DoS attacks for 50.00 USD/hour. Network Equipment Manufacturers (NEMs) offer dedicated Voice Firewalls, in form of Session Border Controllers (SBCs) for both the Core and Enterprise but they struggle to deliver the level of protection required.

Who can benefit from WATCHER?

Partnering with Velona gives you the freedom to focus on all aspects of your business, without ever again having to worry about your VoIP Security capability.


Any business can benefit from deploying WATCHER on their Edge, as part of their Security strategy, particularly businesses who have their own PBX / PBX type functionality, or have more than one Communications supplier. This includes anyone with IP PBXs that use SIP, PBXs with ISDN to SIP gateways where the SIP side of the gateway faces the network and not the PBX, or other parts of the enterprise customers’ communications infrastructure that uses SIP e.g. Enterprise SBC, Presence Servers, etc.

Communications Service Providers (CSPs)

Service providers can use WATCHER to reduce their risk of incurring a Toll Fraud or T-DOS or SPIT attacks, on any part of their Telecommunications network, be it the Edge or the Core. It can be used on UC networks, IMS or non-IMS based SIP networks, including SIP Trunking or IP Centrex services, communications infrastructure that uses SIP e.g. IMS core nodes, Softswitches, SBCs, Presence Servers, etc.

WATCHER is hugely effective in helping Conferencing and Contact Centre companies eliminate their exposure to VoIP Toll Fraud and T-DoS attacks.

Network Equipment Manufacturers (NEMs)

Any manufacturer of SIP based hardware and/or software may use WATCHER as a bolt-on to their products to assure their customers of their Security is of the highest priority, with just some typical (IMS and/or non-IMS) examples being, Enterprise Session Border Controllers (E-SBCs), ISDN to SIP gateways, IMS cores (and associated nodes e.g. MRFs), IMS Application Servers (AS), SBCs, Presence and IM servers, Softswitches and media gateway controllers / media gateways, IP Phones.

MSSPs, Security Consultancies & Security Solutions providers

Security Consultancies & Security Solutions providers can white-label WATCHER’s capability as part of Security solutions (could form the SIP component of a wider Cyber Security solutions suite) for an enterprise or service provider.

The advantages of partnering with Velona

We continuously update our capability to remain ahead of threats.


Continuously updated
Optimum scalability and accessibility
Always available


Build by SIP experts to remove 99% of the knowledge complexity requirement of SIP/VoIP
Acknowledges you do need SIP “pin-holes” open to service your customers
Checks vulnerability to these “through the eye of a needle” type attacks
VoIP Application layer focus – goes beyond focus on known risks


Simply add WATCHER to an existing offering
No Billing Integration requirements
No Provisioning impacts
Flexible licensing options