I ran across an interesting article on Yahoo! News; "AT&T: Network perimeter security should be virtual" that discussed a speech given at the IDC Security Forum in New York by Edward Amoroso, chief security officer for AT&T's services division.
The gist of the article was that ISPs or bandwidth providers for a customer would be better equipped to recognize an imminent threat and be able to respond quickly to mitigate/eliminate this threat:
It sounds like a good idea to me, especially as I work for an SMB with a small IT staff where we have trouble enough performing day-to-day maintenance and upgrade activity. We already utilize several products for Anti-Virus, Anti-Spyware and Messaging Hygiene. Add the effort of maintaining network security or perimeter security and my plate is overflowing. I would be willing see what offerings our providers may have. How about you? Would you trust your carrier to maintain your perimeter security?"How do you stop DDoS at the edge? The physics just don't make sense. When these attacks happen, the customers' routers will already be dead," said Amoroso. "We think the idea that the pipe should be dumb is strange; with spam accounting for 90 percent of all traffic on the e-mail pipe, we're delivering nothing but more attacks, malware, and junk. If people want us to keep doing that we can, but why would they want us to keep doing that when we can see it, scoop it, study it, and stop it?"
Comment Preview