In a previous post we talked about some of the difficulties organizations often face when deploying Session Initiation Protocol (SIP) trunking. SIP trunking connects a PBX to the Internet using VoIP technology rather than a conventional telephone trunk. While SIP trunking has become an essential part of the modern IP phone system, it poses security and compatibility challenges that can be tricky to navigate.

Enter the session border controller (SBC).

An SBC is a piece of hardware or software that governs how phone calls, or “sessions,” are initiated, conducted and terminated on an IP phone system. It works much like a router does on a data network, sitting between the customer and the carrier network and allowing only authorized sessions to pass through the border. It also provides Quality of Service (QoS) functions, ensuring that calls go through properly and emergency calls get top priority.

An SBC can help boost security by using its QoS rules to identify incoming threats such as a digital denial of service (DDoS) attack. It also offers deep packet inspection, policy enforcement and other security functionality, providing more control than an application-layer firewall.

In a recent survey by Webtorials, respondents said that “Security for SIP Sessions” is the most important role of an SBC. That’s because DDoS attacks, toll fraud and other cybersecurity threats become very real risks when you connect your phone system to an IP network. Multiprotocol label switching (MPLS) and virtual private networks (VPNs) reduce the risk but an SBC is still an important addition to a Voice over IP (VoIP) system. This is especially true with today’s distributed and hybrid solutions, which may combine on-premises and cloud-based systems to support geographically dispersed users.

SBCs can also improve interoperability between disparate VoIP systems and legacy analog and digital PBXs. This is important for organizations that take an incremental approach to VoIP migration, enabling legacy and IP systems to coexist during the transition. The SBC intercepts calls from the telecom provider and routes them to the appropriate system in a way that is seamless from the end-user’s perspective.

Generally, SBCs are deployed on both the customer and carrier side of the connection to improve security. SBCs on the customer side are known as enterprise SBCs (eSBCs), and they are increasingly being packaged as part of unified communications (UC) and contact center solutions. In 2014, eSBC revenue rose to $271 million, a 6 percent gain over 2013, according to Diane Myers, principal analyst for VoIP, UC and IMS at Infonetics Research.

The technology research company foresees the growth of the eSBC market being driven by the increasing use of SIP trunking services, the need to interconnect disparate systems, and the challenge of supporting remote workers and integrating cloud UC services. eSBC sales are also boosted by a lower average cost-per-session compared to traditional VoIP-TDM gateways.

Do you need an SBC? The answer depends upon the types of systems you need to connect and the level of security your organization requires. IPC’s engineers have deep experience in IP phone systems and UC solutions, and can help you determine if an SBC makes sense for your environment.