The Barbed Wire Goes On The Outside

Any company with a web presence (is there any other kind anymore?) spends a great deal of time and money looking after their network security. Edward Amoroso, chief security officer for AT&T's services division, thinks we're doing it all wrong. In a speech at the IDC Security Forum yesterday, he outlined his vision for dealing with the ever-growing deluge of bad people bombarding us all with things ranging from spam to denial-of-service-attacks: Make security virtual and assign it to the telcoms and ISPs that deliver your service, and get on with your business.

Based on the bandwidth-providers' existing abilities to see spikes in traffic that are tell-tale signs of botnet, spam, or other malware activity -- long before enterprises can see evidence of the attacks on their own -- Amoroso contends that companies will soon concede the process of fighting the threats and turn to companies such as AT&T for help.

"We think that security at the perimeter should be virtual, which is a somewhat controversial concept, because a lot of time, effort, and career capital has already been spent securing the perimeter," Amoroso said. "But we think a lot of existing technologies there are running out of legs, and simply running firewalls at the gateway is no longer a valuable proposition."

Carriers are currently prevented from marketing services to customers based on observed trends on users network connections. But Amoroso thinks the telcos and other ISPs should fold the security right into their service, without separate, additional pricing for it.

Tags:  bar, id, AR