MCI to offer service that blocks DoS and worm attacks

MCI is expected to launch a new security service this month that the company says will proactively thwart denial-of-service and worm attacks.

The service, called WAN Defense, detects and stops threatening traffic from hitting customer networks.

MCI is using Arbor Networks' PeakFlow SP network behavior anomaly-detection products to determine if there is an attack on a network. The carrier also is using Cisco's Mitigation device to "scrub packets, essentially taking all of the bad packets out of the flow," says Robert Rigby, director of security services for MCI.

"What's unique about this service is it offers customer-specific monitoring at the user port level . . . providing near instant detection of an attack," says Mark Sitko, vice president of security services product management at MCI.

Based on traffic trends across its IP backbone and directed toward customer networks, MCI will be able to determine if there are unusual traffic trends using the Arbor product, the company says. Depending on the activity, MCI could throttle back the traffic so it wouldn't overload ports, or it could stop it all together if the traffic was deemed dangerous.

"The big driver behind the need for these types of services is the migration of the majority of threats from hackers to a criminal level," says Jim Slaby, a senior analyst at The Yankee Group. "If you think about organizations such as the New York Stock Exchange, there is the potential to send ripples through the world economies if its network was successfully attacked and brought down."

"In 2004, the majority of the attacks on the Web went from being teenage hackers trying to impress their friends to criminals trying to profit from an attack," he says.

MCI shared some details about its new service but would not discuss pricing or general availability. The carrier says it will provide additional information at the end of the month when it officially launches the offering.

MCI is not the first to develop such a service. Sprint has an offering on the market, and AT&T is readying one as well.

In October, Sprint launched its IP Defender service. The offering uses the same tools being deployed by MCI to proactively thwart distributed DoS attacks.

Carriers such as AT&T are using their global network view to monitor events from all over the globe to support proactive services, says John O'Keefe, senior analyst of Internet services at Current Analysis. In November, AT&T announced its proactive anti-DoS and worm service. The offering is part of AT&T's managed Network Based Firewall service. The technology, which is based on the carrier's Internet Protect DDoS Defense offering, is being deployed throughout AT&T's global IP network. It aids in identifying worms, viruses and DoS attacks while diminishing or eliminating the destructive effects these attacks can have on customer networks.

The offering was slated for availability in the first quarter, but the carrier has yet to deliver. The company now says the service can be expected in June.