[ISN] AT&T developing early warning tool

From: InfoSec News (isn@private)
Date: Tue Sep 30 2003 - 03:19:27 PDT

  • Next message: InfoSec News: "[ISN] Campuses in running for security program"

    By Carolyn Duffy Marsan
    Network World
    AT&T Labs is developing a new kind of traffic analysis tool - dubbed
    Internet Protect - that is designed to provide corporate customers
    with earlier indications of network attacks.
    Although Internet Protect is being kept under wraps, AT&T confirmed
    that it is conducting an early test of this tool with several large
    corporations. With Internet Protect, AT&T has set up a special Web
    portal to provide a steady stream of information about anything out of
    the ordinary that AT&T's network operators see, particularly on the
    "Worms don't always fire off and work perfectly. We see all the test
    attempts. We see the fizzled versions of stuff in advance,'' says Ed
    Amoroso, chief information security officer at AT&T. "We're trying to
    change the nature of our relationship with customers so when we see .  
    . . indicators of something that fizzled, we tell everybody.''
    AT&T officials would not say when Internet Protect will be
    commercially available or whether it would be offered under the
    Internet Protect brand. But they did say it would be complementary to
    intrusion-detection systems.
    "We're trying to take this internal technology and extend it to CIOs
    in the enterprise . . . . It's a technology that's very promising,"  
    Amoroso says.
    Internet Protect is part of a larger initiative across AT&T Labs to
    improve the security and reliability of AT&T's increasingly IP-based
    network infrastructure.
    "Network attacks are clearly on the rise,'' says Hossein Eslambolchi,
    AT&T CTO, CIO and president of AT&T Labs in a recent conference call
    with the media. "We have seen more attacks in the last six months than
    we've seen in the last 10 years.''
    Eslambolchi says security is one of six strategic areas of research
    for AT&T Labs.
    "We are looking at innovations'' related to network-based security,
    Eslambolchi says. "We need a lot better ways to do forensic analysis
    of viruses and worms.''
    As an example, Eslambolchi points to the MS-SQL Slammer worm, which
    was reported on the Internet in January. AT&T saw anomalies in its
    network three to four weeks before that worm hit and was able to take
    certain precautions. "When the worm actually happened, AT&T's network
    did not take a hit,'' Eslambolchi said.
    Amoroso says the rise in network attacks AT&T is seeing can be
    attributed to the growing number of vulnerabilities in commercial
    operating systems and applications that can be exploited easily by
    writing worms.
    "Network security has become a process of hunting down the latest and
    greatest information on vulnerabilities and trying to patch like crazy
    to beat the worms,'' Amoroso says.
    With Internet Protect, AT&T will use internally developed traffic
    analysis tools to look for anomalies such as traffic spikes, traffic
    drop-offs and unusual protocols in use.
    "We do [traffic analysis] better than anybody,'' Amoroso says. "By
    traffic analysis, I mean pulling information from the network such as
    statistics and routing information. . . . It turns out that building
    security tools around traffic analysis is as good a theme as any.''
    Amoroso uses the analogy of highways and truck bombs to explain
    Internet Protect.
    "As highway people, we say [focus on] delivering all the traffic. . .  
    . But that's a bittersweet victory if what we're delivering is the
    equivalent of truck bombs,'' he says. "Maybe there's something we
    could do on the highway to filter out the truck bombs."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 30 2003 - 07:02:19 PDT