AT&T: Security Needs to Out-Innovate Hackers

NEW YORK -- Mobile Network Security Strategies: New Threats, New Opportunities -- Network security specialists need to be less reactive and more innovative in addressing threats, Gus de los Reyes, executive director of technical security for AT&T Inc. (NYSE: T) Security Research Center said here today.

De los Reyes also outlined AT&T's approach to security, which is to build a smarter network that incorporates security at its edges. The operator believes this approach will eliminate threats and prevent further network congestion.

He admitted that, to date, the real innovators in the security arena are the hackers, who are constantly finding new ways to attack networks. Increasingly, these attacks are strategic -- aimed at long-term capture of intellectual property or other specific monetary goals -- and well-funded.

"We have to try to turn the model around and not constantly react," de los Reyes said. "We have to somehow get ... the innovation into the security space, not the hacker space."

One model for that approach would be the world of cryptography, de los Reyes explained, where new schemes are constantly being devised and then made public, so their vulnerabilities can be determined and the schemes improved.

AT&T's approach to addressing what de los Reyes admits are growing threats, is to build security nodes within its network that examine all traffic, identifying and eliminating malware, viruses and other bad actors, and then passing on only what is perceived to be "good" traffic.

There is a commercial opportunity to provide that service for enterprise users, which increasingly find that their own firewall/security efforts are overwhelmed by the volume and complexity of threats against their networks and the differing services they support for employees, including mobility.

To protect its own networks, AT&T has developed a network security services platform that addresses its converged wireline and wireless network and is developing a network-based security private gateway that sits between the Internet and the cloud, and any type of access network (wired, cellular, Wi-Fi), to protect customer devices.

"We have been concentrating on how to use the network as a security device, to leverage [the] power of the network," stated de los Reyes. "We want to do that as close to the edges of the network as possible."

The network is a better place to provide security since all traffic traverses the network, and it has the resources -- in terms of compute power and 24-7 operations -- to best provide complete security, he noted. Client-based solutions can cooperate with the network, but alone are inadequate.

"At the [converged] network level, we can correlate traffic to find broader problems and prevent them from hitting the mobile network where resources are more scarce," said de los Reyes.

For more
Further coverage from Light Reading's Mobile Network Security Strategies event:

— Carol Wilson, Chief Editor, Events, Light Reading

paolo.franzoi 12/5/2012 | 5:16:55 PM
re: AT&T: Security Needs to Out-Innovate Hackers


1 - Much security is given away by ISPs.  Hard to spend a lot on product development on products that are basically commodities before they land.

2 - If security was easy, then banks would never be robbed.  If someone has enough money, they will get through.

3 - The biggest single issue is the people involved not the technology.  I can not tell you how many times we see users clicking through links that we told them were not safe.

How to remedy this AT&T:

Charge money for the service and pay your vendors

Realize that security can only be as good as the thing it is designed to protect

Change the human being (kidding) ongoing and regular user education


Just remember there is more money in being a hacker than a security specialist.



Iluzun 12/5/2012 | 5:16:53 PM
re: AT&T: Security Needs to Out-Innovate Hackers

Just an fyi...

Don't know what T is doing, but security is being rethought under 'convergence'.



Sign In