That’s a very broad question for a free support forum; I recommend reading the CUBE config guide to learn the product in detail or hiring a contractor that is already familiar with it. In my opinion, yes CUBE provides a lot of security capabilities by default - if you configure it properly.
One example of a security feature enabled by default is the ip address trust list that ignores SIP traffic from any IPv4 source address not mentioned in the config. Cisco has also published toll fraud prevention recommendations. As for hiding topology hiding, flow-through is the default operating mode but address hiding is off by default and should be enabled. Cisco also publishes sample configs but I’ll caution you that these are “we made it work” and not “perfect” configs.