This article can also be found in the Premium Editorial Download "Information Security magazine: How to stop data leakage."
Download it now to read this article plus other related content.
Telecommunications providers are in position to offer the following security services from the Internet cloud:
This chokes off large-scale DDoS attacks, as well as those targeting specific organizations, before they reach the enterprise edge.
Firewall, IPS management
A natural service because attacks can be stopped before reaching a gateway. Carriers can cheaply price these services because virtual firewalls are shared from a single device.
Antivirus, antispam filtering
Monitoring and blocking unwanted e-mail in the cloud reduces infrastructure investments for the enterprise. Gartner says one-fifth of the e-mail filtering market already comes from in-the-cloud services.
IDS management in the cloud eliminates the need for sensors on the enterprise network edge.
This cuts off unwanted inbound content and prevents the outbound loss of intellectual property.
With the do-it-yourself configuration, left, an enterprise has the option of either retaining the human and financial resources to manage network traffic (Option 1), or outsourcing it to a traditional MSSP (Option 2). Opting for in-the-cloud security services from a telecommunications carrier or a network services provider, right, frees a company of expensive hardware purchases and license renewals. Moving the DMZ to the Internet cloud enables a carrier (Option 1) or NSP (Option 2) to cleanse traffic inline, re-route it to your network and keep denial-of-service, spam and phishing attacks to a minimum.
SOURCES: AT&T, MCI, Perimeter Internetworking, Gartner Inc.
Mark Ramsey, global manager of data security and compliance for Pitney Bowes, had the scoop on the August Zotob worm outbreak days before most of his peers. Zotob exploited a buffer overflow in Windows Plug and Play and spread from network to network. It opened a back door and enabled remote access to infected machines. It appeared less than a week after Microsoft released security bulletin MS05-039.
But Pitney Bowes' network survived unharmed. Why? Its bandwidth provider, AT&T, put out the word that spikes in activity on port 445 were signaling an impending outbreak of malicious code. Ramsey was able to act on this intelligence and order patching and other remediation steps. Eighty-five percent of Pitney Bowes' network was patched days before Zotob struck. AT&T, meanwhile, choked off the bad traffic.
"AT&T has the unique perspective that it can see everything at the bits and bytes level, collate that information and see things like this coming quickly," Ramsey says. "It's great as a security manager getting that kind of heads-up. We're not blindsided."
Carriers are banking on enterprises recognizing that bandwidth providers have the edge in their ease of access to network traffic, and that there is an economy of scale in outsourcing network security services to the cloud.
"The big Tier-1 types definitely have the advantage because they see everything at the backbone," says Gartner vice president John Pescatore.
The trickle-down to security managers rests in the fact that carriers have to meet bandwidth SLAs with their customers. Carriers must invest in avant-garde technologies to defend and clean their pipes, and to absorb DDoS attacks and malware outbreaks while still hitting these service levels. Also, in order to squeeze a few bucks out of their investments and stave off tumbling revenue and profit margins, carriers can offer cloud security services cheaper than an MSSP, putting a chokehold on that segment of the competition.
Savvis, for example, operates 10,000 firewalls in its backbone, says Hancock who recently left Savvis for SecureInfo. "It's not something the customer sees or needs to tweak if we push that into the cloud for them," he says. "We have to do it anyway. You don't have to buy it."
This was first published in January 2006