NEW YORK -- The day the "Slammer" worm began its worldwide rampage through computer networks, AT&T Corp.'s (T) chief information security officer, Ed Amoroso, got blasted by a customer.
On a January 2003 conference call with clients facing outages and a mess to clean up, Amoroso bragged that his network was untouched. Moreover, he proclaimed, his staff had seen the worm coming. For several weeks, they had watched the birth and development of the nascent program, which attacked servers running flawed Microsoft Corp. (MSFT) SQL database software.
An irritated customer cursed and said: If you're so smart, why didn't you tell me. "That was the moment when I realized the power of the network," Amoroso says. "Nothing is easier for us to pick up.... If it's growing exponentially, it's always a worm and we see it with frightening accuracy."
Like its peers, the telecommunications giant has traditionally been seen as a simple provider of pipes through which Internet traffic flows. But a surge in damaging network-based attacks is pushing corporate customers to ask more of their infrastructure providers. AT&T says it has built tools - originally for its own use - that not only allow it to provide early warning of attacks, but to stop them before they ever reach customers.
"This is intelligent networking," Amoroso says. "We go into the plumbing of the network and we turn a valve here turn a valve there." In the space where customers' data traffic crosses en route to its destination - what's called the network "cloud" - AT&T directs bad traffic into a "scrubbing station" and delivers it clean.
AT&T thinks its security service, which it calls Internet Protect, will provide an edge in its competition for corporate customers - now its focus market - both growing its business and cementing customer loyalty.
"If this goes the way we think it's going to go, then pretty soon every one of our customers is going to demand we do (their) security," Amoroso says. "It's going to be stock price affecting."
AT&T launched Internet Protect in March as an attack-alert service. In June, it rolled out its first defense offering, for stopping denial-of-service attacks, or traffic floods designed to overwhelm and shut down network or computer services. And on Monday, it announced protection from network-based worms and viruses.
According to a 2004 survey of companies and government agencies by the Computer Security Institute and the Federal Bureau of Investigation, viruses and denial-of-service attacks are the two most expensive types of computer crime, costing 269 organizations $55.1 million and $26.1 million in a year, respectively.
Will Carriers Own Network Security?
But AT&T is really thinking big long-term. It believes other carriers will move into the security arena too, ultimately making network-security functions part of their data-services offerings. This could supplement or even replace existing security systems businesses employ on their own networks.
"The telecom will take care of it," Amoroso says. "You'll worry about running your business, not fighting a cyber war."
Gartner Inc. analyst John Pescatore agrees. "It's a big opportunity for the telecom guys, and AT&T is the only one moving ahead at any speed."
AT&T and other carriers have an advantage in network security because their enormous networks provide unmatched views of Internet traffic trends. And ownership of the pipes offers a golden opportunity to nip attacks in the bud.
AT&T's attack alerts are consistently 12 hours to a day ahead of other security intelligence services Pitney Bowes Inc. (PBI) uses, says Mark Ramsey, manager of data security at the Stamford, Conn., mail and document management systems provider. "They know everything that's going on," he said.