AT&T adding tool to help thwart attacks

AT&T last week announced its newest Internet Protect security service, which is designed to help business customers mitigate worm and virus attacks on their networks.

The service, which has not been named, integrates worm and virus mitigation capabilities into AT&T's network-based firewall service, says Stan Quintana, vice president of managed security services at the carrier. The technology deployed throughout AT&T's global IP network aids in identifying worms and viruses while diminishing or eliminating the destructive effects these attacks can have on customer networks, he says.

"We are enabling our network-based firewall service to filter out worms and viruses based on specific rule sets," Quintana says. "We're doing real-time mitigation."

The policies or rules will be changed and updated based on information AT&T gathers from its global network. If a worm is detected in Singapore, for example, AT&T will update the policy on all of its network firewalls to filter traffic associated with that worm so it never hits customer networks.

AT&T is using a combination of technology to support its worm and virus mitigation service, including gear from Arbor Networks and proprietary technology from AT&T Labs.

This is AT&T's second security service with the goal of thwarting attacks. The carrier introduced in March its Internet Protect DoS Defense service. This was one of the first proactive denial-of-service (DoS) offerings that notifies users they might be under attack and immediately takes steps to fight back.

MCI and Sprint are offering anti-DoS services. MCI announced it will offer a DoS protection service in May. Sprint announced its anti-DoS service last month. Neither carrier is specifically offering a proactive worm and virus mitigation service.

AT&T's worm and virus mitigation service, which is slated for availability early in 2005, promises to alert users before damaging traffic hits customer networks, while also taking steps to diminish the effects of such attacks.

Although the service is not yet available, AT&T has tested it with a handful of users, including Pitney Bowes and the United States Olympic Committee (USOC).

Pitney Bowes, a $4.6 billion company that offers integrated mail and document management products and services, started evaluating AT&T's worm and virus mitigation service about nine months ago.

"One of the first things we liked about the service is the early visibility it gave us into the global Internet," says Trevor Odell, manager of security administration at the Stamford, Conn., company.

In addition to AT&T's service, Pitney Bowes has four other security products deployed in its network that detect potential worm attacks or viruses. "Every single time, [AT&T] has beaten out our other security products by being the first to notify us of a potential problem," Odell says.

This is important to Pitney Bowes, which in late October had its first zero-day attack, Odell says. A zero-day attack refers to the time between a software vulnerability being revealed by a vendor and an attack taking place. "It used to be we'd have four to six months," Odell says. "Now we're lucky if we have 24 hours."