Sunday, June 19, 2011

DPI: NSA Scans AT&T, Verizon and CenturyLink Traffic Going to Defense Firms

 reports to the Washington Post that "The National Security Agency is working with Internet service providers to deploy a new generation of tools to scan e-mail and other digital traffic with the goal of thwarting cyberattacks against defense firms by foreign adversaries, senior defense and industry officials say .. The program uses NSA-developed “signatures,” or fingerprints of malicious code, and sequences of suspicious network behavior to filter the Internet traffic flowing to major defense contractors. That allows the Internet providers to disable the threats before an attack can penetrate a contractor’s servers. The trial is testing two particular sets of signatures and behavior patterns that the NSA has detected as threats. The Internet carriers are AT&T, Verizon and CenturyLink. Together they are seeking to filter the traffic of 15 defense contractors".

See "NSA allies with Internet carriers to thwart cyber attacks against defense firms" - here.

While this is a case of "national security", security threats to enterprise customers are real and growing (see Cisco's report below). Nevertheless, security represents an opportunity for ISPs to sell a value-added service.

One aspect, offered by DPI/traffic management vendors is DDoS prevention functions, offered as an add-on to traffic management (see examples from Allot, Arbor, Procera and Sandvine), by detecting traffic anomalies and blocking the relevant packets, thus protecting networks and business or residential subscribers from being attacked.

A recent "Global Threat Report 1Q11" from Cisco (here) finds that "Malicious webmail represented 7% of all Web-delivered malware in March 2011, a 391% increase from January 2011 .. Enterprise users experienced an average of 274 Web malware encounters per month in 1Q11, a 103% increase compared to 2010. Unique Web malware encountered also increased (46%) in 1Q11, from 72,294 unique Web malware in January 2011 to 105,536 in March".

See also "ALU Bell Labs: Network Behavior Analysis Helps to Detect Malware Infection" - here and "Recent Cyber Monday DDoS Attacks "revealed a sophisticated and motivated attacker” - here.

Source: Cisco

No comments:

Post a Comment