AT&T: Perimeter network security should be virtual

AT&T says companies will save time and money by ceding the process of fighting threats such as botnets, spam, and DoS attacks to ISPs

Enterprise companies will soon begin offloading many of their network security responsibilities to telecommunications and Internet service providers and save vast amounts of time and money doing so, if AT&T has its way.

Speaking to the assembled crowd at the IDC Security Forum in New York on Wednesday, Edward Amoroso, chief security officer for AT&T's services division, predicted that enterprises will begin adopting more "virtual" security capabilities from their ISPs and bandwidth providers in the coming years as those companies are better positioned to do battle with botnets, spam, and denial-of-service (DoS) threats.

Based on the bandwidth-providers' existing abilities to see spikes in traffic that are tell-tale signs of botnet, spam, or other malware activity -- long before enterprises can see evidence of the attacks on their own -- Amoroso contends that companies will soon concede the process of fighting the threats and turn to companies such as AT&T for help.

"We think that security at the perimeter should be virtual, which is a somewhat controversial concept, because a lot of time, effort, and career capital has already been spent securing the perimeter," Amoroso said. "But we think a lot of existing technologies there are running out of legs, and simply running firewalls at the gateway is no longer a valuable proposition."

The United States government's Telecommunications act of 1996 prevents carriers from approaching customers and marketing services to them based on any trends they observe on the end users' network connections. However, the companies can already identify much of the spam and malware activity being carried out in the pipe, based on their massive infrastructure, and should be enlisted to help solve security issues, he said.

For threats such as distributed DoS that can easily be thwarted upstream, the CIO said, it makes little sense for companies to continue to invest in new technologies and staff when the carriers could easily detect and snuff out the campaigns ahead of time.

"How do you stop DDoS at the edge? The physics just don't make sense. When these attacks happen, the customers' routers will already be dead," said Amoroso. "We think the idea that the pipe should be dumb is strange; with spam accounting for 90 percent of all traffic on the e-mail pipe, we're delivering nothing but more attacks, malware, and junk. If people want us to keep doing that we can, but why would they want us to keep doing that when we can see it, scoop it, study it, and stop it?"

Lest someone should contend that AT&T and other carriers are merely licking their chops at the prospect of adding pricey new security services to their products, the expert said security services should eventually become a set of non-optional capabilities included with the purchase of ISP and telephony services.

Much as the carrier community focused on providing faster services in the 1980s and added tools to improve quality to their products in the 1990s, the CIO said that security services will become a de facto element of all the capabilities that the firms market.

While early adopters are already paying a premium to use the security capabilities offered by carriers today, eventually the price should be blended into the packages of capabilities that companies buy from providers such as AT&T, the expert predicted.

At the same time, AT&T and other carriers would have to sacrifice their existing businesses of selling firewall management and intrusion detection-type systems into enterprises, he said. But the move to push security tools to the bandwidth providers is one that has been made even more likely by the complexity of those technologies.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

InfoWorld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?