Carrier Provider AT&T Rides Network Security Wave of Future

NEW YORK -- The day the "Slammer" worm began its worldwide rampage through computer networks, AT&T Corp.'s (T) chief information security officer, Ed Amoroso, got blasted by a customer.

On a January 2003 conference call with clients facing outages and a mess to clean up, Amoroso bragged that his network was untouched. Moreover, he proclaimed, his staff had seen the worm coming. For several weeks, they had watched the birth and development of the nascent program, which attacked servers running flawed Microsoft Corp. (MSFT) SQL database software.

An irritated customer cursed and said: If you're so smart, why didn't you tell me. "That was the moment when I realized the power of the network," Amoroso says. "Nothing is easier for us to pick up.... If it's growing exponentially, it's always a worm and we see it with frightening accuracy."

Like its peers, the telecommunications giant has traditionally been seen as a simple provider of pipes through which Internet traffic flows. But a surge in damaging network-based attacks is pushing corporate customers to ask more of their infrastructure providers. AT&T says it has built tools - originally for its own use - that not only allow it to provide early warning of attacks, but to stop them before they ever reach customers.

"This is intelligent networking," Amoroso says. "We go into the plumbing of the network and we turn a valve here turn a valve there." In the space where customers' data traffic crosses en route to its destination - what's called the network "cloud" - AT&T directs bad traffic into a "scrubbing station" and delivers it clean.

AT&T thinks its security service, which it calls Internet Protect, will provide an edge in its competition for corporate customers - now its focus market - both growing its business and cementing customer loyalty.

"If this goes the way we think it's going to go, then pretty soon every one of our customers is going to demand we do (their) security," Amoroso says. "It's going to be stock price affecting."

AT&T launched Internet Protect in March as an attack-alert service. In June, it rolled out its first defense offering, for stopping denial-of-service attacks, or traffic floods designed to overwhelm and shut down network or computer services. And on Monday, it announced protection from network-based worms and viruses.

According to a 2004 survey of companies and government agencies by the Computer Security Institute and the Federal Bureau of Investigation, viruses and denial-of-service attacks are the two most expensive types of computer crime, costing 269 organizations $55.1 million and $26.1 million in a year, respectively.

Will Carriers Own Network Security?
But AT&T is really thinking big long-term. It believes other carriers will move into the security arena too, ultimately making network-security functions part of their data-services offerings. This could supplement or even replace existing security systems businesses employ on their own networks.

"The telecom will take care of it," Amoroso says. "You'll worry about running your business, not fighting a cyber war."

Gartner Inc. analyst John Pescatore agrees. "It's a big opportunity for the telecom guys, and AT&T is the only one moving ahead at any speed."

AT&T and other carriers have an advantage in network security because their enormous networks provide unmatched views of Internet traffic trends. And ownership of the pipes offers a golden opportunity to nip attacks in the bud.

AT&T's attack alerts are consistently 12 hours to a day ahead of other security intelligence services Pitney Bowes Inc. (PBI) uses, says Mark Ramsey, manager of data security at the Stamford, Conn., mail and document management systems provider. "They know everything that's going on," he said.

Amoroso calls AT&T's in-the-cloud security services a strategic opportunity, not to be mistaken with the managed-security-services business it gained as part of an acquisition about a decade ago. That unit manages security technologies, such as firewalls and intrusion-detection systems, that watch the borders of some 2,000 customer networks.

"The edge is not the optimal place to do (network) security. You get overwhelmed too easily and you miss a lot," Amoroso argues. It's better - and cheaper - he says, to filter attack traffic before it reaches the customer's network.

He thinks that, with carriers filtering attacks from outside, such as denial-of-service, spam, virus and network worm attacks - which Pescatore says now account for a staggering 30% of all Internet traffic - corporations might ultimately be willing to give up their own efforts to stop them.

"It's an unbelievable opportunity to save money," Amoroso says, because the service provider will put this same technology in place and charge enterprises much less money. He says one day AT&T might even give it away free.

If that sounds like a threat to many of today's successful network security companies, Amoroso would agree.

"We think, in the network, we're going to fundamentally change the game. It's going to take time but not much," he says.

Although Amoroso thinks the service is for everyone, Pescatore thinks telecom companies will have the best success with small- and medium-sized businesses, and maybe consumers down the road. But he thinks IT services firms and specialized security-services providers will still find customers in large corporations.

"A lot of people are willing to say: If it's cheaper and it's ready, I don't need to see the lights blinking," Pescatore says. "The market's ready for it."