AT&T's Ed Amoroso: Network Security as a Service

This weekend, Ed Amoroso of AT&T’s (T) interview with the San Jose Mercury-News articulated a very sensible answer to the poor state of network security:

The reason computer security is in such a sorry state is because we have distributed the responsibility. Instead of you and me and every single person you know having to be a security administrator, responsible for your PC and nobody there to help you, we think over the next few years, gradually people will, out of sheer exhaustion, look to somebody to do it for them, and it is probably not going to be the government. It is more likely to be your carrier.

While AT&T has been selling managed security as a service for over ten years, I didn’t get the impression from the interview that adoption was spreading like wildfire.  If service providers could clean the pipes, just how much of an impact could they have on spam and viruses and bots?

 

Ed’s answer to the Merc may reveal why some may be less than enthusiastic about his solution:

Managed security services meant that computer boxes would be placed in your data center right at the edge of the network. The point is, if we are managing that edge and we are also your carrier, you are paying me to push the truck bombs over to you and you are paying me again to stop them. What we’ve been telling our customers is, we can stop the truck bombs from coming in the first place, and maybe they can get rid of that firewall.

It saves the customer money, and it’s more efficient. The carrier is better set up to keep everything always current. The real solution here is that service providers need to be cleaning the pipes and doing so in conjunction with their customers.

We’ve talked about the challenges facing firewalls and UTMs.  We’ve also talked about the emerging strategic importance of the application layer as evidenced by the recent Palo Alto Networks win at Interop.  Because Amoroso would certainly qualify as one of the most influential thought leaders in intrusion detection and perimeter security, his suggestion of a centralized approach to deep packet inspection and enforcement shouldn’t be taken lightly.

 

If AT&T is successful in cannibalizing the older firewall/IPS technology it could give enterprises the opportunity to focus more on the application layer.  The application layer would become even more strategic as it would be tied to specific applications and specialized countermeasures; that would be an ideal, proactive role for network security pros now caught filtering false alarms, tuning signatures and looking for exploits among anomalies.

 

I talked about this a few months back when highlighting critical data center security requirements.   The ability to understand all data center protocols, let good traffic pass without scanning, apply appropriate countermeasures, etc could enhance availability and protection over and above the state of kluge we have today.  I think Ed is onto something yet again.

 

The question is similar to the one raised earlier about the elusive dream of secure software.  Enterprises each strive to have slightly better security than their peers.  The situation reminds me of the joke about two guys running from a grizzly bear in Alaska.  One stops to put on his shoes while the other tells him that there is no way he’ll be able to outrun the bear.  The guy tying his shoes responds: “I’ll only have to outrun you.”

Disclosure: None