We’ve referenced this already, but deploying a next generation, managed, firewall ought to be the first step for any MNO looking to deploy a messaging revenue optimisation strategy. 

While first generation firewalls were aimed at halting the flow of spam messages reaching end users, the complexity and processes being used today to scam people are so much more sophisticated, it’s rendered those initial firewalls practically useless.

In a 2019 MEF report, they commissioned a survey of 22 MNOs, and identified 13 different types of fraudulent SMS activity, with the individual attack strategies per type updating and iterating almost everyday: 

To keep ahead of this ever evolving threat, and to ensure the monetization strategies we touched on above are achievable, MNO’s need to deploy a next generation firewall.

However, not every firewall is built the same! The key message here is that your firewall is only as good as the team that is managing it. The reason for this is around the increasing complexity and scale of fraudulent activity being sent across MNO’s airwaves. Next Generation Firewalls can protect against these – but only if their parameters and search criteria are updated on a daily basis, and updated with relevant data incorporating a globalised view of unwanted messaging types. This requires a connected network and specialist experts.

Only once you can effectively identify every message passing over the network, can you start actively managing and categorising each item.

When it comes to deploying this firewall, there are a few questions we always get asked by MNO’s during discussions with them. We figured it would be helpful to include the most regularly asked here, in line with the ebooks intended purpose of supporting ecosystem growth:

1. Should we deploy an in-house solution, or use a partner?

So, the purpose of this ebook is to take MNOs through what we believe is a best practice guide to generating as much income as possible from SMS, based on our unique Messaging Revenue Optimisation strategy.

With that in mind, and despite being an independent firewall provider, we do still believe, genuinely, that using a provider for this service is the best choice. 

Why? Well, it can be summarised as operational efficiency coupled with scalable effectiveness. Certainly some big global MNO’s do operate their own in-house firewall teams, and successfully too.

Yet the reason this can work for them is their size. To manage a next generation firewall optimally, you need significant human and financial resources to chuck at it.  

Given the acceleration of messaging threats being created, and the subsequent need for continuous management, updating and R&D on how to ringfence network entry points with sophisticated, low impact, firewalls, there is significant value in partnerships here. 

The cost involved in developing an in-house firewall and constantly evolving it, and tracking latest threats and evasion approaches, is expensive. There is obvious cost efficiency in working with a partner with deep knowledge, wide data-sets and specialist experience to deliver this. That partner should also be able to help the individual MNOs navigate the regulatory requirements they need to be aware of in any specific country or region. 

At the end of the day, it’s just more cost-effective and operationally effective – if a firewall needs 25 people working on it daily to update it and develop it, then if you contract the service in from specialists, those same 25 people will be working for multiple MNOs, so individual MNOs aren’t paying the full cost.

2. In some countries, regulations can hamper the growth of A2P and messaging revenue – how can we tackle this?

There are some areas of the world where stopping individual messages is either not allowed, or for operational reasons, is not something MNO’s can tolerate.

In those areas there are still solutions that can help – all with compliance to local regulations.  By applying the right combination of filters, keywords and content analysis, MNO’s can still keep track of what is being shared in SMS messages, and they can apply warnings to highlight traffic that seems to be either fraudulent, or that is in violation of SIM card policies. 

Further, at least with HAUD’s NForce firewall, while MNO’s might not be allowed to block the individual SMS messages – they can work to block the SIM cards, or IMEI devices, sending that traffic. 

3. What is the better option: revenue share model or opex model for partner firewall?

In general, we believe the revenue share model is the best one – simply because it pushes the firewall provider to continuously build the best systems possible as they are incentivised to support growth in the sector through innovation. It is also less costly, and less of a capex drag, to bring in partner technology. 

There are, though, a number of partnership routes open to MNOs looking to bring in expert ring fencing specialists, with typically the return on investment growing as the vendor supports the MNO with SMS monetization, rather than just pure protection. That’s partly down to the cost efficiencies of working in a more connected way with MNOs – the more you understand their operating model and IT systems, the more insight you can deliver around areas like revenue defence and new business models.

4. Lastly, what is the best experience for MNO protection – to have the firewall deployed in the cloud / point of international interconnection or in the MNO premises directly?

While a cloud implementation is possible, in many cases it would be advisable to implement an on premise implementation. This is because for proper protection and traffic categorisation all traffic sources incoming to the MNO, need to be monitored and controlled including domestic on-net, domestic off-net and direct connections (SMPP). 

In many cases it is also not feasible or possible, to route such traffic outside of the MNO network. In many countries, regulation dictates that traffic is not allowed to be sent outside of the country to be processed, monitored or sent.

Once operational and fully resourced, the MNO is now perfectly poised to start locking down their network and assessing and analysing their traffic.

The impact of that on revenue will be considerable, and here’s why: To start with, a next generation firewall should be able to not just detect illegitimate traffic and block it, but should also be able to spot SIM boxes in operation by identifying the SIM cards that are sending that traffic and communicating offending MSISDNs to the operator. 

Latest generation firewalls, like HAUD’s SmartNForce also have the functionality to block the SIM cards – with the operators consent – themselves both on-net and off-net.

A great firewall solution should also work in unison with other defence capabilities the MNO might have or need. For example, the Smart NForce firewall solution integrates with the MNO’s core network elements to provide protection on all the entry points onto the network, including international and domestic interconnect, international and domestic links and signalling. 

You also need your firewall to be able to offer up analytics and diagnostics in real time, enabling you as the operator to quickly and easily see what traffic is moving across your network, and where you can take steps to optimise things. For example, by categorising the traffic partners are pushing onto the network, the MNO can be assured they are properly monetising the access they give – either in terms of volume or content of message.

Which brings us nicely onto the next phase of Messaging Revenue Optimisation: Revenue Creation

In the next chapter we look at how Messaging Revenue Optimisation and start creating new revenue for you.

Read More