computerwoche.de

Archiv

INTEROP - AT&T to cut third-party security for own software

06.05.2005
Von Matt Hamblen

AT&T Corp. plans to drop all of its security-related software licenses with other vendors by early next year -- a move it expects will save it tens of millions of dollars a year, CIO Hossein Eslambolchi said at this week"s Interop conference in Las Vegas. Looking ahead, AT&T will rely on custom-built software to protect the global backbone network used by its customers.

"We"ll put our own software directly into the network," said Eslambolchi, who also is AT&T"s chief technology officer. The outside technology targeted for elimination includes firewalls, intrusion-detection systems, tools for protecting against denial-of-service attacks and even e-mail spam filtering products.

"My primary objective ... is to eliminate all of the licenses I pay for," said Eslambolchi. "All that cost will be out of the way for dozens of licenses."

AT&T runs the largest IP network globally, with about 2.3 petabytes of traffic passing through it every day, according to Eslambolchi. He said he"s pursuing the software elimination program because of his confidence in various security algorithms written by AT&T developers. The company is already using some of the algorithms, including a service called Internet Protect that samples up to 30TB data daily and compares it against a database of information about viruses, attacks and other anomalies.

"Once we know the port with an anomaly, we shut it down (in) real time," Eslambolchi said. "Nobody can examine data in the network as good as I can." He estimated that AT&T"s reliability in catching security issues in its IP network is about 99.999 percent. "Not perfect, but very good," he said.

Eslambolchi said AT&T has 350 engineers working internally to develop the security software that will be used in its network and sold as separate services to AT&T customers.

Asked whether AT&T"s network, which is important to many businesses, needs to be inspected and examined by outside auditors or the government, Eslambolchi said there is no need to do so. "We have a cloaked network," he said.

Referring to Cisco"s new Adaptive Security Appliance, he said such edge security is not sufficient. "I don"t believe in putting all the intelligence on a Cisco-like device with integrated security," he said. "Hardening perimeter security is inversely proportional to an agile business model."