Product Brief
With AT&T Managed Security Services, you get the benefit of world-class security services without having to maintain the service on your own. We design, build and manage our service to be reliable – providing standardization, scalability and availability from site to site while you retain control. This means we provide operations and day-to-day work and you provide the policy and overall decision making on how we apply your security policy. AT&T provides both network-based and premises-based security solutions. Our network-based approach enables us to efficiently manage network security issues, redundancy, load balancing and recovery. As the infrastructure is protected with various security features on AT&T premises, we are able to maintain this level of service all day, every day of the year. However, AT&T also offers premises-based solutions, giving you the flexibility to house security infrastructure
within your own premises.
Proactive Network Security
Most security services react to attacks after they have occurred and attempt to minimize and contain damage. AT&T employs a preventative approach to help identify attacks and manage intrusions proactively by:
? A ssessing vulnerabilities
? P roactively scanning for potential attacks ? H elping to protect against
unauthorized access
? Q uickly responding to and reporting suspicious activities
Key to this preventative approach is the ability to not only collect data, but also to analyze, interpret and communicate it on
a near real-time basis to help respond to
the incident. As the scope of cyber attacks becomes more complex and creates more pervasive damage, prevention rather than containment becomes more attractive to the bottom-line.
AT&T Managed Security Services Portfolio The core focus of AT&T is to keep networks and applications running – and to help assure that viruses, worms and other attacks do not impact the network or affect operations. AT&T has invested in developing and applying tools to achieve world-class reliability, security features and business continuity for businesses. Each security service in AT&T’s portfolio provides a different and enhanced layer of protection. AT&T Internet Protect? and Its Family
of Services
AT&T Internet Protect? is a security
alerting and notification service that offers
information regarding identified potential
attacks, including viruses, worms and denial
of service attacks that are in the early
formulation stages. This managed service
culls information from the extensive AT&T
IP backbone which is one of the largest in
the world. It performs examination of over
19 petabytes of daily network data to help
identify malicious activity from the Internet
which you can use to help predict and
prevent malicious traffic from infecting your
network. Using the Web-based Information
Security Portal, pagers and e-mail, AT&T
notifies you of identified critical malicious
activity and recommends immediate action.
AT&T Internet Protect? also delivers security
information such as top vulnerabilities,
recent patch releases and other security
“need to-know” facts. In addition to features
just mentioned, AT&T customers benefit
from additional service options within AT&T
Internet Protect? such as My Internet Protect,
DDoS Defense and Private Intranet Protect.
My Internet Protect
This service is a security alerting and
notification service for threats entering
in to your network. This service option is
designed to profile and then help detect
misuse anomalies that are related to
potential security threats and notifies if these
threats are targeted for your private network
IP addresses. My Internet Protect also
provides you with the ability to analyze and
benchmark Internet traffic targeted for your
private network.
DDoS Defense
DDoS Defense consists of detection and
mitigation service components that examine
your Netflow data. When the detector
identifies a DDoS attack, an alarm is sent
to both an AT&T operations center and to
you with notification of the detected attack.
Concurrently, AT&T will also contact you
directly. AT&T systems are designed to reroute
traffic directed at the identified IP Addresses
that are under attack to a network scrubbing
facility within the AT&T IP Backbone, where
attack traffic will be dropped while allowing
valid traffic to pass to your access router.
Traffic destined to your other IP Addresses
that are not under attack, continues to flow
directly to your network.
Private Intranet Protect
The traffic on your Virtual Private Network
(VPN) is analyzed for known threats that
originate both internal and external to your
network. These include traffic mis-use,
non-conformance to your network security
policies, network traffic anomalies that
are indicators of possible threats, phishing
attacks and other identifiable known threats.
AT&T Firewall Security
AT&T Managed Firewall services help protect
organizations infrastructures with various
network security functions. These fully-
managed solutions are configured to match
your specific requirements with flexibility to
select the right level of protection. Network-
Based and Premises-Based firewall services
are available. Day-to-day management and
maintenance, expert support and proactive
24x7x365 security monitoring are provided.
Security Security
Managed Security Diagram
By placing firewall functionality into the
AT&T network infrastructure, AT&T Network-Based Firewall service inspects inbound and outbound traffic and is designed to take action according to your predefined security policies. You can also select your company’s required bandwidth allocation for Internet access globally through the firewall. The service is available world-wide with firewall configurations world-wide with firewall configurations ranging from simple outbound only security policy to extensive bi-directional policy with optional features, such as URL filtering, malware scanning, intrusion detection and prevention as well as support to protect multiple, independent network segments. Reports summarizing events and policy
self-management capabilities are available through the AT&T BusinessDirect? portal.
The AT&T Premises-Based Firewall service utilizes industry-leading firewall platforms from Cisco, Checkpoint, Fortinet and Juniper. They protect your network perimeter from the hazards resulting from connecting
the Internet with your private network.
AT&T Premises-Based solutions scale from small, home office environments to large globally distributed organization networks. The standard powerful firewall capability
is complimented with the ability to add optional features including high availability, support for complex security policy, VPN, DMZ/extranet support and the Unified Threat Management (UTM) capabilities of Intrusion Protection Service, Anti-Virus filtering, Anti-Spam protection and content filtering.
AT&T Intrusion Detection
Using around-the-clock network surveillance, AT&T Intrusion Detection Service is designed to monitor unauthorized attempts to access your business networks. Similar to a security camera on a physical property, this service monitors network traffic by employing intrusion detection sensing components at various points at the perimeter and within the network. The sensing components monitor data packet header and payload information to help detect known malicious activity by comparing the traffic to a continually-updated database of over 1,000 existing attack signatures. When a pattern of misuse is detected, the system is designed to respond quickly and automatically according to your predefined policies. AT&T Intrusion Prevention Service
AT&T Intrusion Prevention Service provides
you with the tools to help you implement
your internal network defense. It is designed
to test for and isolate detected internal
threats by using heuristic-based protection
known as “zero day” threats. The service can
help detect, contain and neutralize known
threats from hackers, viruses and worms that
can attack any IP enabled endpoint on your
network including servers, laptops, desktops,
VOIP systems, PDA’s, network based printers,
cash registers and IP based cameras.
AT&T Web Security Service
AT&T Web Security service helps create
a protected and productive Internet
environment for your organization. The
service is designed to keep malware off your
organizations network and allow you to control
the use of the Web by employing Web Filtering,
Web Malware Scanning and Anywhere+
Control features. As a fully managed service,
AT&T Web Security Service requires no
additional hardware, upfront equipment costs
or ongoing system maintenance.
AT&T Secure E-mail Gateway
AT&T Secure E-mail Gateway service is a
network-based solution that blocks spam,
viruses, and other inbound email malware
threats before they reach your network. Just
as important as blocking inbound attacks,
Secure E-mail Gateway also gives you the
features you need to support outbound email
filtering to help protect your organization
against loss of sensitive information and
potential legal liability. This service can also
provide unlimited message archiving. And, in
the event of unexpected e-mail downtime
or disaster, it helps address your business
continuity needs.
AT&T Endpoint Security
AT&T Endpoint Security service is a fully
managed solution to help protect both end
users and company’s internal systems from
external hazards posed by doing business
on the Internet. The service is designed to
enforce compliance with customer-defined
policies for firewall, anti-virus and software
compliance at remote end points. The service
also provides centralized management
tools for control of remote end points and a
path for customer to gain control over the
applications operating on these end points.
The service consists of central policy servers
and AT&T Global Network software clients.
The software clients receive security policy
information from the servers located at
AT&T Internet Data Center. The software
clients interact with the policy server to
receive policy updates and to perform policy
enforcement. Your security policies will be
populated into a central policy server by your
administrator, and then distributed to your
users from the AT&T managed policy server.
The service also includes a number of reports
such as user activity, connection history and
event logs as well as provides enforcement
of anti-virus updates and software patches.
AT&T Encryption Services
AT&T Encryption Services is a service that
simplifies e-mail and data encryption by
automating the management and use of
digital credentials. Y ou can quickly and efficiently
digitally sign and encrypt messages or files
using existing desktop, mobile and web
interfaces. Multiple methods of message
delivery and receipt help ensure that encrypted
data reaches the intended audience.
Whether it is employees exchanging
confidential information with associates
or the delivery of confidential statements
to customers, AT&T Encryption Services
provides a comprehensive suite of encryption
solutions to help protect data in motion
and at rest.
AT&T Token Authentication Service
Organizations need to know who is gaining
access to network applications to help
avoid unauthorized disclosure of sensitive
information. This risk of exposing proprietary
and sensitive information is magnified as
the number of remote users accessing the
network increases. AT&T Token Authentication
service is a network access protection method
that uses an enhanced security feature, called
two-factor authentication, which requires a
user to provide two unique factors to gain
access to a private network: something they
know (a password or PIN) and something
they possess (an authenticator). This method
makes it more difficult for a hacker to gain
access to authentication credentials since the
authenticator’s token code changes randomly
every sixty seconds and must be combined
with a secret PIN selected by the user
accessing the network.
AT&T Security Analysis and
Consulting Solutions
AT&T Security Event and Threat
Analysis Service
AT&T Security Event and Threat Analysis service is a virtual Security Operation Center that utilizes expertise AT&T has developed in security analysis and operations to correlate information from multiple devices and device types, on premises and embedded in the
AT&T network. Based on information gathered, AT&T provides notification of prioritized events based on their risk to the company and the ability to mitigate them. Critical event notifications are made person-to-person and less critical event notifications are made via e-mail and through a customized security portal where you can also see your current security profile/preferences. A custom Executive Threat Report is distributed weekly through the portal.
AT&T Security Device Management
AT&T Security Device Management is an integral part of the AT&T Security Analysis and Consulting Solutions that provides monitoring and management of security hardware and software you own located
on your premises. AT&T Security Device Management service lets you take advantage of the AT&T Security Network Operations Centers (S/NOC) expertise to monitor and manage your security hardware, manage your security infrastructure, or migrate to
a custom security architecture designed to meet your specific requirements.
AT&T Security Consulting
AT&T provides a unique and world-class portfolio of compliance and related security services. Our experience, expertise and commitment to open standards have established us as a strategic and trusted advisor. AT&T Security Consulting provides solutions that allow you to operate your security operations more efficiently. We work as a trusted team to provide knowledge based services. Our consultants have industry and security expertise that can be utilized to complete short and long term engagements. Experts are focused in six areas: Security Strategy, PCI Solutions, Governance Risk and Compliance Solutions, Secure Infrastructure Solutions, Threat and Vulnerability Management and Application Security.
AT&T Security Consulting services provides
a proactive, comprehensive approach to security and compliance across all your organizations operations. Our security consultants have accreditation in the latest security certifications and expertise
across all aspects of security and provide
solid methodologies for validating and
streamlining regulatory compliance.
Trust Y our Security to AT&T
AT&T has a long legacy of developing security
services which answer the need to address
a defense in depth architecture, from the
information level to the network level.
You can count on AT&T as being a trusted
provider with true global reach that has a
comprehensive range of security, availability
and recovery services that can provide your
business with integrated business continuity
solutions and help support your complex
networking requirements.
Security By Design
AT&T is committed to enhancing the
security services and features by continuing
to develop security innovations and
management techniques to create additional
security services for enterprises. In the
following paragraphs, we describe what
techniques AT&T has been using to add
security features both within its networks and
within the services it provides.
Processes
All AT&T Services follow AT&T Service
Realization Process that includes a focus
on security considerations in every step
of service development and network
deployment. For each new service or
feature that is being developed, the AT&T
Security Team works closely with product
management, systems architects, engineers,
developers and testers to add security
features into the service.
Domain Separation
A network that is comprised of one or more
systems and one or more networks, all with
a common function, constitutes a domain.
Each domain must have a set of rules for
communication within the domain and
another set of rules in order to communicate
outside the domain. This separation is
achieved by using the principles of domain
separation for systems and networks within
a company. Domain separation allows
communications between two domains to
occur in a controlled manner, through only
a few communication points and under
scrutiny based on type of traffic, source,
destination and volume of traffic. These few
communication points are usually called
security gateways, or choke points and
the rules applied at each are called choke
filtering. Domain separation helps
ensure that communications between
domains are allowed only as authorized,
going through designated gateways, which
are designed to help detect suspicious
activity and block it if necessary. If one
domain is compromised in a security incident,
domain separation helps protect the other
domains from compromise and helps contain
the incident.
AT&T employs the principle of domain
separation within its corporate intranet
as well as on its various service networks
and between the operational networks
and network management infrastructures.
Network management domains are separated
AT&T Security Services Advantage
Proven Execution
?D eployment of updates based upon
security and industry events
?P roof of Service through Service
Level Agreements
?V isible performance
through reporting
?S upported by AT&T’s “TRUSTED”
infrastructure
Financial Effectiveness
?M inimized capital and
asset expenditures
?O perational efficiencies through
AT&T skilled professionals
?I nnovation by AT&T Labs
Highly Reliable Network
?N etwork availability guarantees of
up to 99.999%
?M PLS-based services available to
182 countries over 3,822 nodes
?38 State-of-the-art Internet
Data Centers
?A T&T monitors over 19 PB IP traffic
on core network each business day
for suspicious activity
Global Resources
?1,500+ security experts and
support professionals
?6 Network Operations Centers
?8 Global Customer Support Centers
from the operational networks themselves. The AT&T Points of Presence (Central Offices) are built with multiple security zones. Each zone has different requirements for security needs and is segmented to help prevent the traffic from leaking between zones. Various complementary mechanisms are deployed to maintain segmentation.
“Hardening” Infrastructure Elements Network infrastructure security includes both host-based and network-based security elements. The foundation of infrastructure security is a server. “Hardening” of the server means locking down (restricting use of) open server communication ports. All servers are “hardened” based on vendor, industry and internal recommendations and industry best practices. Host-based agents (i.e., software used to monitor activity on a server or PC) monitor the servers looking for unauthorized changes in software and configurations. In addition to hardening the network elements, AT&T deploys a number of measures to help protect against denial of service attacks within the AT&T network, and at the service (application) level. AT&T has deployed state-of-the-art security mechanisms to help protect its Global IP Network and IP Services against Denial of Service (DoS) and other network-based attacks while monitoring
IP traffic for new identified attacks such as new worms and viruses. All of these systems are in place and are monitored 24x7 by experienced security personnel. Services on the AT&T Global Network
The AT&T Global Network has evolved to a
single, global, Multi-Protocol Label Switching
(MPLS) enabled backbone over an intelligent
optical core network. MPLS, a leading edge
technology that is driving convergence in the
network, is the key technological component
underpinning this network evolution which
provides flexibility and quality of service
beyond those found on a private network.
MPLS adds reliability and performance
capabilities, enabling applications to scale
as business needs change. AT&T is regarded
as one of the MPLS industry leaders based
on its early and continuing work with this
technology, and continues to pioneer its use
by offering a suite of virtual private networks
(VPNs) that enable MPLS. AT&T services such
as Network-Based Firewall and Network-
Based Remote Access are designed to take
advantage of the MPLS technology. The
combined force of MPLS in conjunction
with the AT&T multilayered security approach
helps ensure that your organization can
utilize a network that is flexible and scalable
for future applications.
Separate Services Over IP Infrastructure
Voice over IP (VoIP) poses particular security
challenges to carriers due to the protocol
design itself. With VoIP both the signaling as
well as the actual voice messages are carried
in-band across the network, thus making
signaling vulnerable to the same security
risks as other Internet traffic. Recognizing
these challenges, AT&T has designed a
separate “Services over IP“ architecture to
carry application traffic such as VoIP. AT&T
Services over IP infrastructure integrates
with the AT&T public MPLS IP network and
has been designed with multiple layers of
defense, consistent with the AT&T “Defense
in Depth” principles. The design principle
is consistent with the general architecture
used in protecting organization assets
from the Internet, and includes multiple
security domains, each with its own security
requirements. To further enhance the
security of these communications, AT&T has
defined boundaries regarding what device
can communicate with what device, thus
providing additional control.
An additional challenge with VoIP is that
a separate Session Initiation Protocol (SIP)
establishes the communication channel while
the call data (voice) is initiated. Specifically,
SIP servers are responsible for creating,
modifying and terminating sessions with
one or more participants, however most of
them do not include firewall functionality
as part of their basic configuration. In order
to help security of our services over IP
infrastructure, AT&T has designed so called
border elements, or intermediary gateways.
The border element acts as an intermediary
between domains providing an additional
layer of security for AT&T SIP based service.
For more information, call 877-954-7771, e-mail us at mss@https://www.wendangku.net/doc/6916510846.html, or visit us at https://www.wendangku.net/doc/6916510846.html,/security.
11/11/10 AB-1133-05
? 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.