This weekend Ed’s interview with the San Jose Mercury-News articulated a very sensible answer to the poor state of network security:
The reason computer security is in such a sorry state is because we have distributed the responsibility. Instead of you and me and every single person you know having to be a security administrator, responsible for your PC and nobody there to help you, we think over the next few years, gradually people will, out of sheer exhaustion, look to somebody to do it for them, and it is probably not going to be the government. It is more likely to be your carrier.
Ed Amoroso, CSO AT&T –June 2008
While AT&T has been selling managed security as a service for over ten years, I didn’t get the impression from the interview that adoption was spreading like wildfire. If service providers could clean the pipes just how much of an impact could they have on spam and viruses and bots?
Ed’s answer to the Merc may reveal why some may be less than enthusiastic about his solution:
Managed security services meant that computer boxes would be placed in your data center right at the edge of the network. The point is, if we are managing that edge and we are also your carrier, you are paying me to push the truck bombs over to you and you are paying me again to stop them. What we’ve been telling our customers is, we can stop the truck bombs from coming in the first place, and maybe they can get rid of that firewall.
It saves the customer money, and it’s more efficient. The carrier is better set up to keep everything always current. The real solution here is that service providers need to be cleaning the pipes and doing so in conjunction with their customers.
We’ve talked about the challenges facing firewalls and UTMs. We’ve also talked about the emerging strategic importance of the application layer as evidenced by the recent Palo Alto Networks win at Interop. Because Amoroso would certain qualify as one of the most influential thought leaders in intrusion detection and perimeter security, his suggestion of a centralized approach to deep packet inspection and enforcement shouldn’t be taken lightly.
If AT&T is successful in cannibalizing the older firewall/IPS technology it could give enterprises the opportunity to focus more on the application layer. The application layer would become even more strategic as it would be tied to specific applications and specialized countermeasures; that would be an ideal, proactive role for network security pros now caught filtering false alarms, tuning signatures and looking for exploits among anomalies.
I talked about this a few months back when highlighting critical data center security requirements. The ability to understand all data center protocols, let good traffic pass without scanning, apply appropriate countermeasures, etc could enhance availability and protection over and above the state of kluge we have today. I think Ed is on to something yet again.
The question is similar to the one raised earlier about the elusive dream of secure software. Enterprises each strive to have slightly better security than their peers. The situation reminds me of the joke about two guys running from a grizzly bear in Alaska. One stops to put on his shoes while the other tells him that there is no way he’ll be able to outrun the bear. The guy tying his shoes responds: “I’ll only have to outrun you.”
Disclosure: I’m the VP Marketing for Blue Lane Technologies, a winner of the 2007 InfoWorld Technology of the Year for security, Best of Interop 2007 in security and the AO 100 Top Private Company award for 2006 and 2007. Blue Lane is also a 2007 Best of VMworld Finalist in data protection. I’ve been a marketing executive at Juniper Networks, Redline Networks, IntruVert Networks and ShoreTel. I’ve been an Always On blogger/columnist since 2004. My recently launched personal blog is: www.archimedius.net . These are all my opinions, and do not represent the opinions of employers, spouses, kids, etc.