& cplSiteName &

AT&T Adds Virtual Layer of Security

Carol Wilson
12/3/2014
0%
100%

NEW YORK-- Mobile Network Security Strategies -- AT&T is changing the way it protects its enterprise networks, taking advantage of virtualization to add a layer of security "shrink-wrap" around network assets, applications and data stores, Chief Security Officer Ed Amoroso said here today.

These micro-domains don't replace AT&T Inc. (NYSE: T)'s security perimeter, he noted later in an interview with Light Reading, but they protect assets from breaches of that perimeter, which are all too common in the highly connected, collaborative and mobile enterprise of today.

AT&T Chief Security Officer Ed Amoroso
AT&T CSO Ed Amoroso outlines his company's new approach to securing its enterprise network.
AT&T CSO Ed Amoroso outlines his company's new approach to securing its enterprise network.

"The promise that virtual brings, with the proper licensing model, is that you can do this quickly and easily at provisioning time," Amoroso said in his keynote. Virtualized security -- software-based firewalls and intrusion protection systems, for example -- can be turned up at the same time virtual assets are spun up so that applications, hypervisors or any network asset can become its own micro domain, where security is concerned, and be connected to a network of security command and control modules.


Light Reading's mobile security channel takes an in-depth look at this critical element of mobile networks.


Ironically, this design mimics the way botnets are built -- and in the process, is intended to have their resilience, Amoroso said. He pointed to a major effort in 2013 by global carriers to take down a major operation, the ZeroAccess Botnet, by attacking its command and control systems. This unprecedented effort did take that network down, but only for a month, after which it bounced right back.

"So why not take a page out of the botnet architecture book and transform these big perimeters into a big distributed system?" he said. "We can distribute things into a big coordinated cooperating resilient structure that is harder for our adversaries to beat up."

AT&T has started doing this, adding this micro domain approach to its security effort as assets are virtualized, something it is "doing as fast as we can today," for the other benefits of virtualization, Amoroso said.

One advantage to this approach is that when one of these micro-domains is breached -- and the AT&T exec admits that happens -- the damage is limited to the assets within that single domain. Using the perimeter "sandbag" approach to protecting a network gives access to the full range of corporate assets in any breach.

Virtualization is what makes this approach possible, Amoroso noted, because it reduces the cost of providing security at the micro-domain level and allows greater flexibility in turning up and turning down software-based security systems as assets change. Providing widely distributed hardware-based security would be cost-prohibitive, he said.

The business models of security companies need to evolve to support this approach, he added. Companies that are accustomed to selling single products at a fixed cost need to build more flexibility into their pricing plans to enable this virtualized approach to succeed.

— Carol Wilson, Editor-at-Large, Light Reading

(2)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
sam masud
50%
50%
sam masud,
User Rank: Light Sabre
12/4/2014 | 4:12:10 PM
Re: VMs
I think ATT is putting a marketing gloss on this. Fact is, those virtual assets do not live in a bubble since by their very defintion includes the word "network" as in NFV. And as long as these virtual assets are interacting with something else, that leaves a back door open. But I could be wrong...
danielcawrey
0%
100%
danielcawrey,
User Rank: Light Sabre
12/3/2014 | 7:59:19 PM
VMs
Virtualization is one great way to compartmentalize systems in order to limit the possibility of outright cyberattack. I think that VMs and distributed systems are the way to make IT security better, although the acutal implamentation of such may be quite a way off. 
Featured Video
Upcoming Live Events
September 17-19, 2019, Dallas, Texas
October 1-2, 2019, New Orleans, Louisiana
October 10, 2019, New York, New York
October 22, 2019, Los Angeles, CA
November 5, 2019, London, England
November 7, 2019, London, UK
December 3, 2019, New York, New York
December 3-5, 2019, Vienna, Austria
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events