NEW YORK-- Mobile Network Security Strategies -- AT&T is changing the way it protects its enterprise networks, taking advantage of virtualization to add a layer of security "shrink-wrap" around network assets, applications and data stores, Chief Security Officer Ed Amoroso said here today.
These micro-domains don't replace AT&T Inc. (NYSE: T)'s security perimeter, he noted later in an interview with Light Reading, but they protect assets from breaches of that perimeter, which are all too common in the highly connected, collaborative and mobile enterprise of today.
"The promise that virtual brings, with the proper licensing model, is that you can do this quickly and easily at provisioning time," Amoroso said in his keynote. Virtualized security -- software-based firewalls and intrusion protection systems, for example -- can be turned up at the same time virtual assets are spun up so that applications, hypervisors or any network asset can become its own micro domain, where security is concerned, and be connected to a network of security command and control modules.
Ironically, this design mimics the way botnets are built -- and in the process, is intended to have their resilience, Amoroso said. He pointed to a major effort in 2013 by global carriers to take down a major operation, the ZeroAccess Botnet, by attacking its command and control systems. This unprecedented effort did take that network down, but only for a month, after which it bounced right back.
"So why not take a page out of the botnet architecture book and transform these big perimeters into a big distributed system?" he said. "We can distribute things into a big coordinated cooperating resilient structure that is harder for our adversaries to beat up."
AT&T has started doing this, adding this micro domain approach to its security effort as assets are virtualized, something it is "doing as fast as we can today," for the other benefits of virtualization, Amoroso said.
One advantage to this approach is that when one of these micro-domains is breached -- and the AT&T exec admits that happens -- the damage is limited to the assets within that single domain. Using the perimeter "sandbag" approach to protecting a network gives access to the full range of corporate assets in any breach.
Virtualization is what makes this approach possible, Amoroso noted, because it reduces the cost of providing security at the micro-domain level and allows greater flexibility in turning up and turning down software-based security systems as assets change. Providing widely distributed hardware-based security would be cost-prohibitive, he said.
The business models of security companies need to evolve to support this approach, he added. Companies that are accustomed to selling single products at a fixed cost need to build more flexibility into their pricing plans to enable this virtualized approach to succeed.
— Carol Wilson, Editor-at-Large, Light Reading