Hi All,
For those who visited Astricon 2010, you may know that I'm also
involved in the Humbug Project. As some of your raised
some valid points, I felt that this is a good opportunity to shed some
light on issues like privacy and what is the Humbug Cloud.
First off, let's talk about the cloud. When people these days talk
about cloud based services, they automatically think of platforms
such as AWS (Amazon EC2/S3/RDS/SDB etc), RackSpace Cloud, Google Apps
and so on. Due to the various privacy restrictions a
service like Humbug should inflict upon itself, we ended up building our
own Virtualization cloud. This is not a private cloud inside
a large cloud infrastructure (AKA: IAAS), these are our own servers and
hosting facility. We have our own storage servers, VMWARE
servers, network connectivity - all hosted in a secured environment. Our
network is fully redundant, utilizing High-Availability
firewalls, multi-homed internet connectivity, load balanced web services
and clustered databases. In other words, we've built a
solid ground service environment, we are not relying on some obscure
cloud infrastructure provided by some hosting provider.
Now, let's talk about privacy. Some would argue that the fact that
the collector sends out the CDR's to our system for analysis
is a privacy issue - however - that is completely untrue. Companies
aren't aware, however, they had compromised their privacy
well too many times, even before thinking about using Humbug. For
example, let's take the modern start-up company, or the
modern business outfit, they would most probably utilize some (or all)
of the following tools:
1. A hosted PBX service
2. A hosted CRM service (SalesForce, SohoOS, etc)
3. A hosted Mail service (Hosted Exchange, Hosted Zimbra, Gmail, Gmail
Business, etc)
4. A hosted File sharing service (Dropbox, S3, etc)
In other words, the company's data is handled by multiple entities,
which you may or may not trust. For example, I totally trust
Google to read my gmail account and try and ascertain what I'm doing. At
the same time, Google also gathers my web analytics
information and provides me with AdWords. Google is the prime entity
that can correlate information from all sides and find out
so much information about my business. You end up saying: "Don't use
Google", but if you don't, Google can't find you - so you
are in a lose lose scenario. In other words, have your CDRs analyzed on
our system, then having them stored internally in an
encrypted format is truly the least of your worries.
Now, we also have a community edition of Humbug available - which was
released in November. There is slight differences
between the community edition and the SaaS edition, specifically these
related to fraud analysis and detection. There are various
patents related to how fraud can be detected, thus, these can't be
released to the Open Source just like that (ala g729).
While you may look at Humbug and see a project/service, Humbug is
actually a community (not implemented yet). Thing of
Humbug as a community of PBX owners, working in a collaborative
environment in order to analyze, detect and prevent
telephony fraud around the world. The strength of Humbug is in it's
size. Sure, if you install your own platform you will be able
to detect fraud and analyze your own traffic, however, why not join
forces with the other people already using the SaaS and gain
the overall knowledge of the entire system. The collaborative knowledge
and experience of the entire network is something you
will never find in any other medium, no matter how big is your system.
Humbug takes a very simple, community oriented,
concept of operation: "United we stand, divided we fall".
Cheers,
Nir S
On 1/6/2011 9:39 AM, Boaz Bechar wrote:
Hi Gerald, All,
Many thanks for the reactions, and interest.
When we refer to the system being cloud-based we mean that the
analytical engine and processing is handled on our servers rather than
on the customers, the same way other hosted services are typically
provided (web analytics, hosted pbxs, etc). We feel there are many
advantages to this, especially in our case where we aim to provide
fraud detection on the PBX level.
I just want to clarify that the Humbug cloud service itself does not
connect to your AMI directly, rather we provide a downloadable agent
(the "humbug-collector") which resides on the customers PBX, and
connects to the manager locally (with a password unknown to Humbug) in
read-only mode. The Humbug-collector is provided as open source, and
essentially sends events that you want handled, fully encrypted to
Humbug via API. Its possible to send events in other formats (i.e from
the dialplan or AGI, etc) but we feel this is the best way to
implement for most Asterisk users.
We understand well that carriers employ analytics and fraud detection
on their traffic, and perhaps even have entire revenue-assurance teams
to handle cases. On the other side of the scale we see millions of
PBXs deployed, of all breeds and vendors, which essentially have no
real access to this technology both from an implementation and ROI
standpoint - leaving the unsuspecting user having to explain the
$100,000 in international phone calls
(http://www.computerworld.com/s/article/9194041/Security_Manager_s_Journal_Slammed_with_a_100_000_phone_bill).
With an estimated $80 billion lost annually to telecom fraud, and
nearly 20% classified as "PBX/voicemail fraud", (CFCA 2009 global
fraud loss survey) we feel the solution is not a matter of perfecting
algorithms in existing systems, but rather of implementation, in which
the analysis is on done carrier-independent, by a dedicated service in
the cloud. And while we havent formally released the alerting system
as part of the analytics suite yet, we feel that the traffic
visibility which analytics provides is an important first line of
defense.
I hope I clarified our intentions with the cloud service.
Kind Regards,
Boaz
Gerald Bove wrote:
Can I have a little more information on how this works in the cloud?
I was just checking out the site, and was very interested. I assumed
it was just an app I ran either on the asterisk server, or on a
separate server, but if this is "cloud" based, that kind of kills it.
Sending this type of information to a third party (a non-verified
third part at that) is a big privacy concern. At the very least
opening AMI or whatever this uses to pull the stats seems scary enough.
I think your find that no real carrier will take this product
seriously if that's how it works.
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Chris
Bagnall
Sent: Wednesday, January 05, 2011 7:11 AM
To: 'Commercial and Business-Oriented Asterisk Discussion'
Subject: [BULK] Re: [asterisk-biz] Humbug Analytics - Falcon Release
Importance: Low
Some months ago we posted an open invitation to our beta of Humbug
Analytics, and I thought I would share some of our progress since,
as this may
be relevant to many of you.
I'm sure I can't be the only one who's thinking "this looks very
nice, why can't they release it as an app?" What's the obsession with
"cloud" everything these days?
Kind regards,
Chris
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
