* What's in the cloud?
Over the past few years, most carriers have offered the option of moving various functions from the customer premise to the network. In particular, services such as applications and network-based firewalls have been of particular interest as candidates for network-based services. There’s one area, though, that we think is particularly ripe for such attention and which has had only limited exposure: intrusion detection systems and, more specifically, protection from distributed denial-of-service attacks.
The reasons this should be in the network are simple. At the TCP/IP layer, distributed DoS attacks can cripple servers by consuming processing power. Equally important, though, the most fragile part of the end-to-end network is the access link, which has the least bandwidth to spare. Consequently, it’s important to keep the access link utilization as efficient as possible.
To date, most IDS systems have been deployed at the customer premise as a part of the overall network security infrastructure. The problem with this approach is that the rogue traffic is still traversing the access link, thereby degrading the overall network performance. Squelching a distributed DoS attack within the network would keep the traffic from ever touching the access link.
At last week’s MPLScon conference, Steve learned of at least two network service providers that offer this as a part of their service offering. However, we’re not mentioning them by name until we have a chance to hear from other service providers to determine exactly how widespread the existence of this capability is. Nevertheless, as you move to the next generation of your network, this function alone could be a significant reason to consider moving to more network-based managed security services.
And, by the way, the exact same arguments could be made for using a network-based spam filter. While premise-based solutions have the advantage of giving you more complete control, the network-based solution could do wonders for preventing your access lines from being bogged down with the ever-growing proliferation of spam.
In spite of these reasons, we still sense resistance within the enterprise to moving to network-based services of this type. Let us know your thoughts on this, and we’ll share the results in an upcoming newsletter.




