This article can also be found in the Premium Editorial Download "Information Security magazine: How to stop data leakage."

Download it now to read this article plus other related content.

MSSPs argue that the carriers don't have the in-house expertise to develop technologies like theirs. Keith Laslop, vice president of business development for MSSP Prolexic Technologies, which offers a Clean Pipe managed service, says the carriers have to rely on partnerships with providers like Arbor Networks, McAfee and others that have established DDoS protection tools on the market.

    Requires Free Membership to View


Alerts customers to potential outbreaks before they happen

Cleanses traffic on their networks before it reaches enterprise border

Blocks unwanted traffic

Mitigates DDoS attacks

Eliminates customer premises equipment (CPE)

Eliminates licenses, or redeploys detection and prevention CPE to other areas of infrastructure

Frees up bandwidth

Uses familiar service models


Limits carrier configurations or policy options because equipment is shared by multiple customers

Restricts customer control over security devices

Relies on portals for updates on device status and analysis

Complicates coordination of cloud services among multiple carriers in same organization

Sources: AT&T, MCI, Perimeter Internetworking, Gartner Inc.

"The difference is in expertise," Laslop says. "It's just not the same." He also argues that carriers cannot adequately satisfy the security needs of medium or larger companies getting bandwidth services from multiple carriers.

"[DDoS] services, for example, are next to impossible to do themselves unless you are the largest of the large with 20 gigabits of bandwidth. You have no chance of stopping an attack yourself," Laslop says, adding that a trend is developing where many DDoS attacks originate from competitors and arrive without warning. "A lot of companies want to be proactive and want protection either because they're being threatened, or someone in their [market] has been threatened."

A company like Prolexic can charge about $5,000 per month for its anti-DDoS services, as opposed to almost double that price per month from a big carrier, according to a Gartner study. While some may think that a steep figure, providing DDoS protection internally could run in the hundreds of thousands of dollars annually, factoring in the purchase of additional hardware, bandwidth and staffing expertise, Gartner says.

MCI, via its acquisition of NetSec, veered away from AT&T's approach to cloud services. NetSec's Finium platform integrates input from a user device with intelligence gathered from MCI's IP network to prioritize threats and manage them according to policy.

"We combine our cloud services with what's happening inside," says MCI vice president of security Sara Santarelli.

"In pure cloud services, you're not matching up what's happening inside with the cloud perspective. How do you protect the inside threat as well as the outside?"

MCI has been offering DDoS mitigation and detection services since June, and it also offers an e-mail content service and a WAN defense service, both available since May.

This was first published in January 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: