AT&T urges intrusion prevention

For the next few years, the best protection against insecure software will come from intrusion-prevention technology, Edward Amoroso, chief security officer at AT&T, said this week at the Gartner Information Technology Security Summit.

Speaking June 7 at the Gartner event in Washington, D.C., Amoroso said intrusion prevention has proved far more effective in protecting AT&T's corporate network than the best efforts of system administrators.

"This is our last great hope, at least for the next few years," he said.

Instead of relying on a form of network protection, people have made heroic efforts at applying security patches to protect their insecure systems. "We've become super-patchers," Amoroso said, referring to the constant cycle of patching and testing that he said overwhelms system administrators.

Intrusion prevention works by blocking worms and other sources of denial-of-service attacks that network engineers can see coming. By the end of the summer, AT&T, for example, expects to be collecting more than 1 terabyte of net flows per hour from the public Internet — a total of 28 terabytes a day.

Net flows refer to unique source-destination pairs, about which information is contained in Internet packet headers. AT&T is using this information to help its customers respond to denial-of-service attacks, Amoroso said.

"There's a million things you can do in advance of a worm actually hitting if you see the darn thing coming," Amoroso said. For example, when AT&T engineers see a worm attack about to happen, he said, they can perform tricks with the Border Gateway Protocol to block ports that a worm has targeted.

Amoroso said AT&T has announced it will provide that capability to government agencies and businesses through service-level agreements that offer protection against denial-of-service attacks and other malicious software intrusions.

AT&T stumbled onto this capability, Amoroso said. But in the field of intrusion detection, he added, "it's one of the most fundamental advances I've seen."

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected