AT&T urges intrusion prevention

For the next few years, the best protection against insecure software will come from intrusion-prevention technology, Edward Amoroso, chief security officer at AT&T, said this week at the Gartner Information Technology Security Summit.

Speaking June 7 at the Gartner event in Washington, D.C., Amoroso said intrusion prevention has proved far more effective in protecting AT&T's corporate network than the best efforts of system administrators.

"This is our last great hope, at least for the next few years," he said.

Instead of relying on a form of network protection, people have made heroic efforts at applying security patches to protect their insecure systems. "We've become super-patchers," Amoroso said, referring to the constant cycle of patching and testing that he said overwhelms system administrators.

Intrusion prevention works by blocking worms and other sources of denial-of-service attacks that network engineers can see coming. By the end of the summer, AT&T, for example, expects to be collecting more than 1 terabyte of net flows per hour from the public Internet — a total of 28 terabytes a day.

Net flows refer to unique source-destination pairs, about which information is contained in Internet packet headers. AT&T is using this information to help its customers respond to denial-of-service attacks, Amoroso said.

"There's a million things you can do in advance of a worm actually hitting if you see the darn thing coming," Amoroso said. For example, when AT&T engineers see a worm attack about to happen, he said, they can perform tricks with the Border Gateway Protocol to block ports that a worm has targeted.

Amoroso said AT&T has announced it will provide that capability to government agencies and businesses through service-level agreements that offer protection against denial-of-service attacks and other malicious software intrusions.

AT&T stumbled onto this capability, Amoroso said. But in the field of intrusion detection, he added, "it's one of the most fundamental advances I've seen."

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.