AT&T urges intrusion prevention
- By Florence Olsen
- Jun 08, 2004
For the next few years, the best protection against insecure software will come from intrusion-prevention technology, Edward Amoroso, chief security officer at AT&T, said this week at the Gartner Information Technology Security Summit.
Speaking June 7 at the Gartner event in Washington, D.C., Amoroso said intrusion prevention has proved far more effective in protecting AT&T's corporate network than the best efforts of system administrators.
"This is our last great hope, at least for the next few years," he said.
Instead of relying on a form of network protection, people have made heroic efforts at applying security patches to protect their insecure systems. "We've become super-patchers," Amoroso said, referring to the constant cycle of patching and testing that he said overwhelms system administrators.
Intrusion prevention works by blocking worms and other sources of denial-of-service attacks that network engineers can see coming. By the end of the summer, AT&T, for example, expects to be collecting more than 1 terabyte of net flows per hour from the public Internet — a total of 28 terabytes a day.
Net flows refer to unique source-destination pairs, about which information is contained in Internet packet headers. AT&T is using this information to help its customers respond to denial-of-service attacks, Amoroso said.
"There's a million things you can do in advance of a worm actually hitting if you see the darn thing coming," Amoroso said. For example, when AT&T engineers see a worm attack about to happen, he said, they can perform tricks with the Border Gateway Protocol to block ports that a worm has targeted.
Amoroso said AT&T has announced it will provide that capability to government agencies and businesses through service-level agreements that offer protection against denial-of-service attacks and other malicious software intrusions.
AT&T stumbled onto this capability, Amoroso said. But in the field of intrusion detection, he added, "it's one of the most fundamental advances I've seen."