MCI this week is expected to officially launch its WAN Defense distributed denial-of-service detection and mitigation service aimed at helping keep networks safe from attacks that can bring services to a grinding halt.
MCI is using Arbor Networks' PeakFlow SP network behavior anomaly-detection products to pick up on distributed DoS attacks and Cisco's Guard XT device to mitigate these attacks.
MCI has deployed three Arbor devices throughout its network in the U.S. that create a baseline for irregular traffic on MCI's IP network and flag suspicious traffic, says Chris Sharp, vice president of security architecture at MCI. Those flags are then sent to MCI's security operations center (SOC), and the tainted traffic is sent to one of the carrier's mitigation centers, where the packets are scrubbed.
Sharp says that MCI also notifies the ISP where the distributed DoS attack traffic is originating, or the carrier immediately blocks that traffic if it originates from its own network.
MCI has been working on the service for months and expected to offer it in April, but the carrier said it took extra time to integrate some of NetSec's security features with the service. MCI acquired managed security service provider NetSec in January for $105 million.
The carrier is using NetSec's Finium risk assessment and forensic analysis platform with its WAN Defense service so MCI can better react to distributed DoS attacks, Sharp says. Finium is similar to AT&T's Aurora threat management system, which AT&T is currently testing with two of its customers.
MCI says it plans on integrating Finium with other MCI security services that it expects to announce in the next six months, Sharp says. He didn't say which services would be integrated.
Dallas-based Affiliated Computer Services (ACS) has been using MCI's WAN Defense service for three months, says Don Liedtke, senior vice president of emerging markets at the business process outsourcer and IT outsourcing company.
ACS, which is a Fortune 500 business and competes with companies such as EDS, is using WAN Defense for its corporate WAN, as well as for its customers that use MCI IP connectivity, Liedtke says.
"[Distributed] DoS is a problem from time-to-time. We have not had a lot of problems, but they are a nuisance," Liedtke says. "We wanted a preventative measure in place; who knows what's around the corner."
Liedtke says ACS also looked at anti-distributed DoS offerings from AT&T and Sprint, and is likely to deploy multiple services to support all of its outsourcing customers, including Brother International, Delta Airlines and the state of Montana.
WAN Defense is available for $200 up to $69,000 per month. The carrier also includes a handful of service-level agreements with the offering.