AT&T: Perimeter network security should be virtual

AT&T says companies will save time and money by ceding the process of fighting threats such as botnets, spam, and DoS attacks to ISPs

Enterprise companies will soon begin offloading many of their network security responsibilities to telecommunications and Internet service providers and save vast amounts of time and money doing so, if AT&T has its way.

Speaking to the assembled crowd at the IDC Security Forum in New York on Wednesday, Edward Amoroso, chief security officer for AT&T's services division, predicted that enterprises will begin adopting more "virtual" security capabilities from their ISPs and bandwidth providers in the coming years as those companies are better positioned to do battle with botnets, spam, and denial-of-service (DoS) threats.

Based on the bandwidth-providers' existing abilities to see spikes in traffic that are tell-tale signs of botnet, spam, or other malware activity -- long before enterprises can see evidence of the attacks on their own -- Amoroso contends that companies will soon concede the process of fighting the threats and turn to companies such as AT&T for help.

"We think that security at the perimeter should be virtual, which is a somewhat controversial concept, because a lot of time, effort, and career capital has already been spent securing the perimeter," Amoroso said. "But we think a lot of existing technologies there are running out of legs, and simply running firewalls at the gateway is no longer a valuable proposition."

The United States government's Telecommunications act of 1996 prevents carriers from approaching customers and marketing services to them based on any trends they observe on the end users' network connections. However, the companies can already identify much of the spam and malware activity being carried out in the pipe, based on their massive infrastructure, and should be enlisted to help solve security issues, he said.

For threats such as distributed DoS that can easily be thwarted upstream, the CIO said, it makes little sense for companies to continue to invest in new technologies and staff when the carriers could easily detect and snuff out the campaigns ahead of time.

"How do you stop DDoS at the edge? The physics just don't make sense. When these attacks happen, the customers' routers will already be dead," said Amoroso. "We think the idea that the pipe should be dumb is strange; with spam accounting for 90 percent of all traffic on the e-mail pipe, we're delivering nothing but more attacks, malware, and junk. If people want us to keep doing that we can, but why would they want us to keep doing that when we can see it, scoop it, study it, and stop it?"

Lest someone should contend that AT&T and other carriers are merely licking their chops at the prospect of adding pricey new security services to their products, the expert said security services should eventually become a set of non-optional capabilities included with the purchase of ISP and telephony services.

Much as the carrier community focused on providing faster services in the 1980s and added tools to improve quality to their products in the 1990s, the CIO said that security services will become a de facto element of all the capabilities that the firms market.

While early adopters are already paying a premium to use the security capabilities offered by carriers today, eventually the price should be blended into the packages of capabilities that companies buy from providers such as AT&T, the expert predicted.

At the same time, AT&T and other carriers would have to sacrifice their existing businesses of selling firewall management and intrusion detection-type systems into enterprises, he said. But the move to push security tools to the bandwidth providers is one that has been made even more likely by the complexity of those technologies.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

InfoWorld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?