CoSine's Fear Factor
Version 3.2 of CoSine's software, announced here at the Supercomm 2002 trade show, adds a feature called DoSShield. Denial-of-service attacks occur when hackers target and flood a network element like a router or Web server or access link with a stream of packets. The element becomes overloaded and packets are then dropped. In the case of a router or Web server, the devices often have to be rebooted.
The product also offers Layers 2 and 3 Multiprotocol Label Switching (MPLS) virtual private networks (VPNs), IPSec VPNs, and managed firewall services. CoSine hopes that adding more types of security service will help spur sales of its IPSX service processing switch, which until now has only offered managed VPNs and firewalls.
By providing a secure Internet Protocol (IP) services box, CoSine is aiming to help service providers to batten down the security of their data service offerings. But with the IP services market developing slowly, the key question is whether enterprise business customers are ready to relinquish security management to their data service providers. Traditionally, these services have been kept in house.
Some service providers like Sprint Corp. (NYSE: FON), which uses CoSine’s product, are just starting to roll out managed IP VPN services (see CoSine Supports Sprint VPN and Service Providers Jump on VPNs).
While most of the hype around denial-of-service attacks has centered around prominent outages at e-commerce sites like Amazon.com, Yahoo!, eBay, and eTrade, the problem has also hit enterprises. Quantifying the size of the problem is difficult, because these victims are usually less likely to talk openly about such vulnerabilities. According to a 2002 United States Federal Bureau of Investigation Computer Crime and Security survey, 40 percent of enterprises last year detected such attacks, with an average loss of $287,000 per enterprise. In a 2001 study at the University of San Diego, 12,800 denial-of-service attacks against 5,000 enterprise targets were detected within a three-week period.
While edge routers guard against attacks on routers, they don’t address attacks on access links or Web servers. Customer premises firewalls provide some protection by guarding Web servers, but they are unable to detect or prevent router and access link attacks.
"Denial-of-service defense should be in the cloud,” says Richard Stiennon, research director for network security at Gartner/Dataquest."It’s important for service providers to make sure the pipes they are selling customers are clean and not flooded with erroneous traffic.”
CoSine's DoSShield protects for attacks against access routers, access links, and end stations or Web servers, according to the company. Specifically, it leverages rate-limiting techniques used by routers and stateful inspection of packets used by firewalls to protect against all three types of attack.
CoSine isn’t the only company honing in on this problem. MazuNetworks, Arbor Networks, and Cactus Networks each have software solutions running on appliances that deal with denial-of-service attacks on all three network elements, too. But they lack the routing capability that the IPSX has.
“I wouldn’t say that CoSine is necessarily unique,” says Stiennon. “But it is offering an integrated platform, which supports both routing and DoS protection.”
Most experts do not expect service providers to buy CoSine’s IPSX specifically for denial-of-service prevention. Instead, this feature is viewed as an important add-on feature that could help CoSine sell gear over its competitors like Nortel Networks Corp. (NYSE/Toronto: NT) and Network Equipment Technologies Inc. (net.com) (NYSE: NWK).
— Marguerite Reardon, Senior Editor, Light Reading
http://www.lightreading.com For more information on Supercomm 2002, please visit: Supercomm Special