AT&T urges intrusion prevention

For the next few years, the best protection against insecure software will come from intrusion-prevention technology, Edward Amoroso, chief security officer at AT&T, said this week at the Gartner Information Technology Security Summit.

Speaking June 7 at the Gartner event in Washington, D.C., Amoroso said intrusion prevention has proved far more effective in protecting AT&T's corporate network than the best efforts of system administrators.

"This is our last great hope, at least for the next few years," he said.

Instead of relying on a form of network protection, people have made heroic efforts at applying security patches to protect their insecure systems. "We've become super-patchers," Amoroso said, referring to the constant cycle of patching and testing that he said overwhelms system administrators.

Intrusion prevention works by blocking worms and other sources of denial-of-service attacks that network engineers can see coming. By the end of the summer, AT&T, for example, expects to be collecting more than 1 terabyte of net flows per hour from the public Internet — a total of 28 terabytes a day.

Net flows refer to unique source-destination pairs, about which information is contained in Internet packet headers. AT&T is using this information to help its customers respond to denial-of-service attacks, Amoroso said.

"There's a million things you can do in advance of a worm actually hitting if you see the darn thing coming," Amoroso said. For example, when AT&T engineers see a worm attack about to happen, he said, they can perform tricks with the Border Gateway Protocol to block ports that a worm has targeted.

Amoroso said AT&T has announced it will provide that capability to government agencies and businesses through service-level agreements that offer protection against denial-of-service attacks and other malicious software intrusions.

AT&T stumbled onto this capability, Amoroso said. But in the field of intrusion detection, he added, "it's one of the most fundamental advances I've seen."

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/Shutterstock.com)

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected