AT&T preps service to manage threats

AT&T is readying a threat-management service for its largest customers that is designed to aggregate security information from dozens of devices and platforms under one umbrella.

Called Aurora, the system is linked to the carrier's IP network and promises to let customers more quickly react to threats because information is presented in a more coherent fashion, AT&T says.

AT&T developed Aurora more than two years ago to process the huge amount of security data that its own global network produces. Now the carrier is preparing to make the system available to customers, with beta tests having been initiated at two sites last week.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

AT&T is readying a threat-management service for its largest customers that is designed to aggregate security information from dozens of devices and platforms under one umbrella.

Called Aurora, the system is linked to the carrier's IP network and promises to let customers more quickly react to threats because information is presented in a more coherent fashion, AT&T says.

AT&T developed Aurora more than two years ago to process the huge amount of security data that its own global network produces. Now the carrier is preparing to make the system available to customers, with beta tests having been initiated at two sites last week.

"Aurora is essentially a huge database that collects firewall and IPS logs, net flows from our routers, information from our honeypots and all sorts of different networks in and around AT&T," says Ed Amoroso, the company's chief information security officer.

While this is not the first threat-management system, it is believed to be the first from a global service provider. Other threat-management system vendors include ArchSight, e-Security, netForensics and Symantec. While some, such as Symantec, have many partners to provide customers with network security information from around the globe, AT&T is the first to own its own network, says George Hamilton, senior research analyst at The Yankee Group. In general these vendors provide products that customers buy, deploy and support themselves, and are not part of a managed service offering.

"What's significant about this [service] is that a major telecommunications provider is coming out with a managed security services offering, in a way that only a major telecom provider can," says Scott Crawford, senior analyst at Enterprise Management Associates. "It has been difficult to provide insight to a distributed backbone and bring all of that together under one umbrella. AT&T is outfitted to handle that type of flood of data."

Aurora "processes over 18 terabytes of data a day," says Bill O'Hern, director of information security at AT&T. "That's 1.6 petabytes of network traffic - huge volumes." The difference between Aurora and other security platforms is its ability to handle that much data and digest it into something meaningful to network administrators, he says.

AT&T might soon have direct carrier competition in this arena from MCI , which acquired managed security service provider NetSec earlier this year . While MCI hasn't coupled threat-management services from NetSec with its global IP network, analysts agree that MCI has the tools to do so. Crawford says other carriers with a view into global IP backbones will likely offer similar threat-management system services.

However, AT&T might still have a leg up with the largest customers because it developed its system specifically to handle the vast amount of data it processes daily over multiple networks.

"Several years back we went out to the market to see what was commercially available to solve this enterprise threat-management need," O'Hern says. "We found a lot of commercially available packages but nothing that scaled to our requirements. We went back into the labs and designed a threat-management solution that included [Security Information Management] and net forensic features."