AT&T Labs is developing a new kind of traffic analysis tool — dubbed Internet Protect — that is designed to provide corporate customers with earlier indications of network attacks.
Although Internet Protect is being kept under wraps, AT&T confirmed it was conducting an early test of this tool with several large corporations. With Internet Protect, AT&T has set up a special Web portal to provide a steady stream of information about anything out of the ordinary its network operators see, particularly on the Internet.
“Worms don’t always fire off and work perfectly,” chief information security officer at AT&T, Ed Amoroso, said. “We see all the test attempts. We see the fizzled versions of stuff in advance. We’re trying to change the nature of our relationship with customers so when we see ... indicators of something that fizzled, we tell everybody.”
AT&T officials would not say when Internet Protect would be commercially available or whether it would be offered under the Internet Protect brand. But they did say it would be complementary to intrusion-detection systems.
“We’re trying to take this internal technology and extend it to CIOs in the enterprise ... It’s a technology that’s very promising,” Amoroso said.
Internet Protect is part of a larger initiative across AT&T Labs to improve the security and reliability of AT&T’s increasingly IP-based network infrastructure.
“Network attacks are clearly on the rise,” AT&T chief technology and information officer and president of AT&T Labs, Hossein Eslambolchi, said. “We have seen more attacks in the last six months than we’ve seen in the last 10 years.”
Eslambolchi said security was one of six strategic areas of research for AT&T Labs.
“We are looking at innovations” related to network-based security, Eslambolchi said. “We need better ways of doing forensic analysis of viruses and worms.”
As an example, Eslambolchi pointed to the MS-SQL Slammer worm, which was reported on the Internet in January.
AT&T saw anomalies in its network three to four weeks before that worm hit and was able to take certain precautions.
“When the worm actually happened, AT&T’s network did not take a hit,” Eslambolchi said.
Amoroso said the rise in network attacks that AT&T was seeing could be attributed to the growing number of vulnerabilities in commercial operating systems and applications that could be exploited easily by writing worms.
With Internet Protect, AT&T will use internally developed traffic analysis tools to look for anomalies such as traffic spikes, traffic drop-offs and unusual protocols in use.