The detection capability of the Avaya SBC solution uses numerous dynamic and adaptive algorithms to detect any anomalies in the learned caller behavior that are based upon user-definable Time-of-Day (ToD) and Day-of-Week (DoW) criteria. These algorithms are flexible enough to accommodate special circumstances such as weekends, holidays, and other user-specified time periods. Avaya SBC solution can also learn and apply dynamic trust scores, starting from an unknown score and either increasing or decreasing to different levels depending upon the behavior pattern of the caller, which could be Trusted, Known, Unknown, Suspected, or Spammer. The dynamic trust score is also dependant upon called party feedback, including (Black List and White List, further enhancing the time-critical ability to detect anomalous behavior.

The detection capability is also able to collect and correlate multiple events and activities from different nodes and endpoints in the network to accurately detect attacks. These attacks might otherwise have escaped unnoticed if reported only by a single point in the network. The detection capability can inspect the sequence and content of messages to detect protocol anomalies and any instances of endpoint scanning. Finally, the detection capability of the Avaya SBC solution can validate the source of a suspected malicious call or attack by implementing a unique detection technique that is based upon learned caller fingerprints.

Avaya SBC security products can continuously learn call patterns and endpoint fingerprints. These products can also constantly analyze raw event data based on specific user-definable criteria and take automatic action. Therefore, Avaya SBC security products can evolve and adapt automatically to effectively counter any new or existing threat.