[ISN] McAfee.com's Denial-Of-Service Prevention Efforts Could Fall Short

From: InfoSec News (isnat_private)
Date: Tue Aug 28 2001 - 02:56:04 PDT

  • Next message: InfoSec News: "[ISN] Guard the Secrets, Then Catch the Spies"

    By Brian Ploskina 
    Interactive Week
    August 27, 2001 
    If there is anyone that should know about denial-of-service attacks,
    it would be Network Associates Inc.. The security technology company
    was hit by one in late January, bringing parts of its site to a
    screeching halt.
    Whether it's out of irony or vindication, NAI's antivirus unit
    McAfee.com has launched a preliminary assault on DoS attacks that it
    hopes will illustrate its leadership as a security powerhouse.
    McAfee's detractors aren't so sure it can fulfill that promise.
    "In the end, something might come out of this, but in the short term,
    I'm a little skeptical," said Parag Pruthi, CEO of security firm
    Niksun. "This only works for them in the short term for publicity."
    McAfee's approach to fighting DoS attacks was to partner last week
    with several industry leaders in DoS prevention: Arbor Networks, Asta
    Networks and Mazu Networks. The competition between those three, as
    well as Captus Networks and Pruthi's Niksun, has been fierce so far
    because the market is new and no one has taken a clear lead yet.
    McAfee representatives hope that through collaboration and research
    McAfee's customers will be able to download some kind of software that
    defends them against DoS attacks.
    "Our thought process behind this was that while we have great
    researchers, we looked to see if there were other resources we could
    tap to gain more knowledge into this fight on denial-of-service
    attacks," said Vincent Gullotto, senior director of McAfee's research
    It's this notion of collaboration, research and feel-good politics
    that Pruthi is pessimistic about. He feels a research system dependent
    on three companies that compete with each other will produce very few
    "You can't share your intellectual property with someone else," Pruthi
    said. "You're walking on pins and needles all the time, and it becomes
    a rather difficult situation for the members involved."
    Pruthi would know. Early last year, Niksun joined the Alliance for
    Internet Security, a research group whose members consist of security
    companies and whose mission is to fight distributed network attacks
    such as DoS. The AIS is run by ICSA Labs, an independent organization
    that is now a division of TruSecure.
    The alliance was formed in the wake of well-publicized DoS attacks
    such as the ones on eBay and Yahoo!. Since then, Pruthi said, nothing
    has really been accomplished.
    "We raised awareness and people understood the problems, but did the
    collaborations happen in a way I would expect them to happen? No,"
    Pruthi said. "I was disappointed because real results were never made
    available to customers."
    Pruthi said that if this was the end result of an independent
    organization, he holds little faith in McAfee's new partners and their
    abilities to collaborate effectively.
    But no one is making any bold statements about how this new coalition
    will work, said Ted Julian, Arbor's chief strategist and co-founder.
    He said that there is a strong intent for all companies involved to
    work together, but how closely has yet to be defined.
    Julian admitted that research collaboration could be an issue, but no
    one has defined how closely these companies need to work together. "We
    are early in the stage of this thing, and it was appropriate that none
    of us made bold claims," he said.
    However, McAfee claimed that this collaboration would produce a "new
    solution that will not only identify when networks are under attack,
    but also whether systems are unknowingly participating in attacks
    against other sites."
    As for those claims by McAfee, Julian said: "I think it was clear who
    was in the driver's seat on this release."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Aug 28 2001 - 08:39:38 PDT