McAfee.com's Denial-Of-Service Prevention Efforts Could Fall Short

[InfoSec News <isn () c4i org>]

http://www.zdnet.com/intweek/stories/news/0,4164,2807746,00.html

By Brian Ploskina 
Interactive Week
August 27, 2001 

If there is anyone that should know about denial-of-service attacks,
it would be Network Associates Inc.. The security technology company
was hit by one in late January, bringing parts of its site to a
screeching halt.

Whether it's out of irony or vindication, NAI's antivirus unit
McAfee.com has launched a preliminary assault on DoS attacks that it
hopes will illustrate its leadership as a security powerhouse.
McAfee's detractors aren't so sure it can fulfill that promise.

"In the end, something might come out of this, but in the short term,
I'm a little skeptical," said Parag Pruthi, CEO of security firm
Niksun. "This only works for them in the short term for publicity."

McAfee's approach to fighting DoS attacks was to partner last week
with several industry leaders in DoS prevention: Arbor Networks, Asta
Networks and Mazu Networks. The competition between those three, as
well as Captus Networks and Pruthi's Niksun, has been fierce so far
because the market is new and no one has taken a clear lead yet.

McAfee representatives hope that through collaboration and research
McAfee's customers will be able to download some kind of software that
defends them against DoS attacks.

"Our thought process behind this was that while we have great
researchers, we looked to see if there were other resources we could
tap to gain more knowledge into this fight on denial-of-service
attacks," said Vincent Gullotto, senior director of McAfee's research
unit.

It's this notion of collaboration, research and feel-good politics
that Pruthi is pessimistic about. He feels a research system dependent
on three companies that compete with each other will produce very few
results.

"You can't share your intellectual property with someone else," Pruthi
said. "You're walking on pins and needles all the time, and it becomes
a rather difficult situation for the members involved."

Pruthi would know. Early last year, Niksun joined the Alliance for
Internet Security, a research group whose members consist of security
companies and whose mission is to fight distributed network attacks
such as DoS. The AIS is run by ICSA Labs, an independent organization
that is now a division of TruSecure.

The alliance was formed in the wake of well-publicized DoS attacks
such as the ones on eBay and Yahoo!. Since then, Pruthi said, nothing
has really been accomplished.

"We raised awareness and people understood the problems, but did the
collaborations happen in a way I would expect them to happen? No,"
Pruthi said. "I was disappointed because real results were never made
available to customers."

Pruthi said that if this was the end result of an independent
organization, he holds little faith in McAfee's new partners and their
abilities to collaborate effectively.

But no one is making any bold statements about how this new coalition
will work, said Ted Julian, Arbor's chief strategist and co-founder.
He said that there is a strong intent for all companies involved to
work together, but how closely has yet to be defined.

Julian admitted that research collaboration could be an issue, but no
one has defined how closely these companies need to work together. "We
are early in the stage of this thing, and it was appropriate that none
of us made bold claims," he said.

However, McAfee claimed that this collaboration would produce a "new
solution that will not only identify when networks are under attack,
but also whether systems are unknowingly participating in attacks
against other sites."

As for those claims by McAfee, Julian said: "I think it was clear who
was in the driver's seat on this release."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.