Heksagon Voice Firewall Solution
Deliver per-call, near-instant detection and blocking of fraudulent calls, tightly integrated with real-time routing and switch automation. Stop fraud calls before they complete, while providing intelligence and compliance tools for ongoing revenue assurance.
The Only Voice Firewall Suite You Need
Fraudsters increasingly mimic legitimate traffic by modifying call parameters. As one of the first voice firewall providers, Heksagon has the experience and the know-how to strategically defend your business.
Our Voice Firewall portfolio, including Flash Call Management, International Traceback, and Call Validation, offers a comprehensive fraud management solution for telecoms around the globe. Mix and match industry-leading voice firewall solutions and modules for end-to-end protection or integrate them independently to target specific, high-risk fraud vectors.
Flash Call Prevention
Detect and manage flash-call authentication traffic to prevent A2P SMS revenue loss. Leverage flexible options for blocking or monetization.
Call Validation
Ensure caller authenticity with regional and end-to-end validation methods, including STIR/SHAKEN and GSMA-compliant frameworks.
International Traceback
Identify and trace the origin of fraudulent international calls to support cross-border fraud resolution and regulator and compliance demands.
Heksagon Voice Firewall Benefits
Adaptive Real-Time Protection
Detect and block suspicious calls the moment they appear. Adapt instantly to new fraud patterns to protect your network and users at all times.
Proactive Revenue Preservation
Stop revenue leakage before it happens. Prevent fraudulent and unauthorized traffic to secure interconnect income and protect your bottom line.
Accurate, Low-Noise Detection
Minimize false positives with intelligent behavior analysis. Let your teams focus on real threats while genuine customer calls go through uninterrupted.
Seamless, Secure QoS
Deliver rock-solid firewall protection without affecting quality of service or user experience. Ensure customer trust with 24/7 proactive defense.
Heksagon was one of the first vendors globally to launch Real-Time Voice Firewall product with the pilot project implementation in 2012.
30+
MNOs Directly Connected
600M+
Subscribers Protected Daily
2B+
Voice Calls Processed Daily
9M+
Fraudulent Calls Blocked Monthly
0.01%
False Positive Rate
Heksagon Voice Firewall Features
- Heksagon Voice Firewall (VFW) is a carrier-grade solution designed to actively prevent unauthorized and fraudulent voice traffic at the network core. Unlike traditional post-event detection systems, VFW operates in real time, analyzing every call during the setup phase and applying dynamic, scenario-based rules to block or degrade suspicious traffic before it connects.
- The system leverages protocol-level integration with SIP, INAP, and CAMEL over SIGTRAN, ensuring compatibility with both VoIP and TDM environments, as well as IMS-based services such as VoLTE, VoWiFi, and VoNR. Its real-time rule engine combines static and dynamic detection logic with advanced analytics, enabling operators to respond instantly to evolving fraud patterns like SIMBOX bypass, CLI spoofing, IRSF, flash calls, and voice DDoS attacks.
- Heksagon VFW supports active verification methods, including HLR lookups, IVR challenges, and callback checks, maintaining ultra-low latency to preserve call quality. The platform’s state server and sliding-window analytics allow continuous monitoring of aggregated traffic behavior, enabling proactive detection of anomalies and high-risk patterns.
- Built for scalability and resilience, VFW can operate in active enforcement mode or passive monitoring mode. Also, it integrates seamlessly with OSS/BSS systems via open APIs and supports national and international call validation frameworks (e.g., STIR/SHAKEN, GSMA guidelines). Its modular architecture ensures high availability, redundancy, and easy adaptation to your specific requirements.
Real-Time Call Control
Instantly block, reroute, or degrade suspicious calls during setup, preventing revenue loss from occurring.
Advanced Detection Engine
Dynamic rule definitions, number pattern matching, and allow/suspect/deny lists with real-time updates for proactive fraud detection.
Protocol-Level Integration
Full support for SIP, INAP, CAMEL over SIGTRAN, and IMS (VoLTE, VoWiFi, VoNR), plus optional DIAMETER and RADIUS integration for seamless core network integration.
Active Verification Checks
HLR lookups, IVR challenges, voice CAPTCHA, callback checks, and state server queries to confirm caller legitimacy and prevent spoofing.
Machine Learning & Analytics
Real-time profiling, reporting, dashboards, and sliding time window analysis to help identify anomalies and evolving fraud patterns.
Flexible Deployment Modes
Operates in active real-time mode or offline/passive monitoring mode, adapting to your network strategy.
Comprehensive Action Set
Call blocking, partial blocking, CLI masking, call redirection, temporary IVR connect, and quality degradation for controlled response.
A2P SMS Correlation
Cross-check flash-call traffic with A2P SMS data to facilitate monetization and enable more effective fraud prevention.
Integration-Ready
Open APIs for IT/OSS integration, external number list imports, and interoperability with national call validation schemes.
How Does Heksagon Voice Firewall Work?
- Heksagon Voice Firewall operates as an active, real-time fraud prevention layer within the operator’s core network. It intercepts signaling traffic during the call setup phase (before the call is established) using protocol-level integration with SIP, INAP, and CAMEL over SIGTRAN.
- The system applies scenario-based detection logic through a high-performance Rule Processing Engine, which evaluates call parameters against dynamic rules, number lists, and analytical profiles. If a call matches a fraud scenario, the firewall executes predefined actions such as blocking, rerouting, or degrading call quality in real time.
- To enhance accuracy, VFW leverages Active Check mechanisms (HLR lookups, IVR challenges, callback validation) and real-time analytics powered by in-memory processing for ultra-low latency. All decisions and events are logged into a relational database for reporting, dashboards, and compliance audits.
- The architecture supports integration with external systems (OSS/BSS, mediation, call validation services) via open APIs and ensures interoperability with national and international frameworks like STIR/SHAKEN and GSMA guidelines.
What Threats Does Heksagon Voice Firewall Prevent?
Telecom fraud is constantly evolving, exploiting vulnerabilities in signaling protocols and interconnect agreements. By analyzing call setup parameters and applying dynamic, scenario-based rules to block or mitigate fraudulent activity before it impacts your network or revenue, Heksagon Voice Firewall (VFW) addresses these threats in real time:
| Fraud Scheme | Description |
| SIM Box & Bypass Fraud | Detects unauthorized traffic insertion by verifying number integrity, checking numeration consistency, and applying regional or end-to-end call validation. |
| Flash Calls | Identifies and manages flash-call authentication traffic to prevent A2P SMS revenue loss, with options for blocking or monetization. |
| Robocalls & Spam Calls | Blocks high-volume spam and spoofed calls using real-time validation, call signature checks (STIR/SHAKEN), and subscriber alerts. |
| International Revenue Share Fraud (IRSF) | Stops artificial traffic inflation or Wangiri and PBX hacking schemes through real-time profile evaluation and threshold-based blocking. |
| CLI Spoofing | Detects falsified caller IDs using number consistency checks, regional validation, and active verification methods. |
| Voice DDoS Attacks | Mitigates call floods targeting subscribers by applying whitelist-based filtering and blocking excess traffic during attacks. |
| Other Threats | Heksagon Voice Firewall can effectively manage other types of threats including roaming fraud, inbound roaming fraud, call volume inflation, PBX/IMS phone hacking, etc. |
Real-Life Results
"We successfully applied Heksagon VFW to identify and block fraudulent calls targeting our customers. Heksagon VFW solution provided us with an effective tool that allowed to react to any new threats discovered in voice services. Using VFW, we were able to easily integrate our network with other operators in national call verification scheme."
Sergey Fedoseev Fraud Management Department, Kcell, Kazakhstan
"We use Heksagon VFW as a key component in our fraud prevention environment. It allows us to analyze and prevent all key fraud scenarios in real-time."
Milan Popovic Fraud Management, Yettel
Heksagon Voice Firewall Documentation
-
Voice Firewall Product Overview
Learn more about our Voice Firewall Solution and how it can help you solve your fraud detection and prevention challenges.
Frequently Asked Questions
What is Heksagon Voice Firewall and how does it prevent telecom fraud?
Heksagon Voice Firewall (VFW) is a real-time fraud prevention system that intercepts signaling traffic during call setup. It applies scenario-based rules and analytics to block, reroute, or degrade suspicious calls before they connect.
Which fraud scenarios can Heksagon Voice Firewall detect and block in real time?
Heksagon VFW addresses SIM box and bypass fraud, CLI spoofing, IRSF, flash calls, robocalls, spam calls, Wangiri schemes, PBX hacking, and voice DDoS attacks using dynamic rules and active verification methods.
How does Heksagon Voice Firewall integrate with SIP, SS7, and IMS networks?
It supports SIP proxy, SIP redirect with mirroring, CAMEL/INAP over SIGTRAN, and ISC SIP integration for IMS (VoLTE, VoWiFi, VoNR). Integration ensures call control during setup for both VoIP and TDM environments.
Can Heksagon Voice Firewall support call validation and STIR/SHAKEN compliance?
Yes. It integrates with national and regional call validation schemes, supports STIR/SHAKEN for caller ID authentication, and provides APIs for interoperability with external verification services.
What deployment options are available for Heksagon Voice Firewall?
VFW can operate in active mode for real-time call control or passive mode for monitoring and analytics without impacting call flow.
How does Heksagon Voice Firewall use real-time analytics and machine learning for fraud detection?
It employs sliding time-window analysis, traffic profiling, and ML-based anomaly detection to identify abnormal patterns and dynamically update fraud scenarios for proactive prevention.
Let's Get in Touch!
Interested in our award-winning Real-Time Voice Firewall Solution? Fill out the form and our solution experts will contact you in two business days!