As enterprises scramble for security specialists to help lock down their networks, managed security services providers are developing increasingly sophisticated tools that take the burden off IT staffs entirely.
A front-runner in the effort with its Internet Protect service is AT&T Corp. This week, the company will bolster the managed service with added capabilities that mitigate worm and virus attacks long before they are widely seen. The new features will be added to AT&Ts network-based firewall, which is the core of the Internet Protect offering and relies on data gathered at thousands of points across the companys IP backbone network. Until now, Internet Protect customers were only alerted of new attacks.
"Were making the network itself security-aware," said Stan Quintana, vice president of managed security services at AT&T, in Bedminster, N.J. "Security has to be addressed in multiple ways. In a lot of cases, we can see exploits and the beginning of worms weeks before they get big."
In the Internet Protect model, the company places firewalls at strategic points in its IP backbone and then uses them as Internet gateways for its MSSP (managed security services provider) customers. All traffic going into and out of its customers networks flows through these firewalls, which eliminates the need for customers to deploy firewalls at all their locations.
AT&T uses those points, as well as collectors at hundreds of other points across its network, to collect data on traffic patterns, port scans and suspicious traffic. Company analysts pore through the data—which amounts to about 1.4 petabytes per day—using AT&Ts proprietary heuristic engine, looking for indications of emerging attacks, worms or viruses.
The intelligence the analysts glean from this process is used to create firewall rules and ACLs (access control lists) to filter traffic to customers.
AT&T has also added a denial-of-service defense system for its managed services customers. This service identifies attack traffic and, instead of simply dropping it, as many solutions do, sends it to a system that scrubs out malicious packets and forwards legitimate ones.
The new services come at a time of change in the MSSP space. CIOs, who had been reluctant to turn over network security to outside providers, are now seeking trusted third parties to help stave off the growing wave of threats.
"Things have changed. You have to have experts doing this," said Becky Autrey, CIO of the U.S. Olympic Committee, in Colorado Springs, Colo., which uses AT&Ts Internet Protect service. "Theyve caught attacks and protected against them before we even knew about it."
AT&T introduced Internet Protect in March and has more than 60 large enterprise customers.
While leading the technological curve, AT&T is not alone in the market. VeriSign Inc. also is introducing new managed services, including a partnership with IBM to create an extended managed authentication service.
Officials of the Mountain View, Calif., company said last week they will integrate their Unified Authentication service with IBM Tivolis Identity Manager, which will enable customers to deploy, manage and revoke VeriSign tokens, one-time passwords and digital certificates.
User authentication is among the more sensitive network functions, and enterprises have been particularly reluctant to outsource it. But the advent of secure, portable tokens and the increased need for strong authentication have made a managed authentication service more viable, according to experts.