AT&T Labs is developing a new kind of traffic analysis tool - dubbed Internet Protect - that is designed to provide corporate customers with earlier indications of network attacks.

Although Internet Protect is being kept under wraps, AT&T confirmed that it is conducting an early test of this tool with several large corporations. With Internet Protect, AT&T has set up a special Web portal to provide a steady stream of information about anything out of the ordinary that AT&T's network operators see, particularly on the Internet.

"Worms don't always fire off and work perfectly. We see all the test attempts. We see the fizzled versions of stuff in advance,'' says Ed Amoroso, chief information security officer at AT&T. "We're trying to change the nature of our relationship with customers so when we see . . . indicators of something that fizzled, we tell everybody.''

AT&T officials would not say when Internet Protect will be commercially available or whether it would be offered under the Internet Protect brand. But they did say it would be complementary to intrusion-detection systems.

"We're trying to take this internal technology and extend it to CIOs in the enterprise . . . . It's a technology that's very promising," Amoroso says.

Internet Protect is part of a larger initiative across AT&T Labs to improve the security and reliability of AT&T's increasingly IP-based network infrastructure.

"Network attacks are clearly on the rise,'' says Hossein Eslambolchi, AT&T CTO, CIO and president of AT&T Labs in a recent conference call with the media. "We have seen more attacks in the last six months than we've seen in the last 10 years.''

Eslambolchi says security is one of six strategic areas of research for AT&T Labs.

"We are looking at innovations'' related to network-based security, Eslambolchi says. "We need a lot better ways to do forensic analysis of viruses and worms.''

As an example, Eslambolchi points to the MS-SQL Slammer worm, which was reported on the Internet in January. AT&T saw anomalies in its network three to four weeks before that worm hit and was able to take certain precautions. "When the worm actually happened, AT&T's network did not take a hit,'' Eslambolchi said.

Amoroso says the rise in network attacks AT&T is seeing can be attributed to the growing number of vulnerabilities in commercial operating systems and applications that can be exploited easily by writing worms.