Goal of new security service: More involvement from ISPs, carriers

New security analytics service purports to arm service providers with the information they need to keep their network traffic clean.

There's a war underway throughout our networks, with carriers and ISPs in the thick of it. But for fear of network disruptions or increased cost of service, many ISPs and carriers have shied away from securing the traffic that flows through their wires.

Network security and analytics firm Kindsight hopes to get ISPs more engaged on that front. Today, the company -- a subsidiary of Alcatel-Lucent rolls out its Kindsight Security Analytics platform, designed to help service providers analyze network traffic for malware and aggregate network security statistics. According to Kevin McNamee, security architect and director of Kindsight Security Labs, the platform provides insight into subscriber infections so Internet service providers and mobile operators can identify and mitigate malicious activity.

It's no surprise that malware on ISP and mobile networks is growing. What does raise an eyebrow is how many end users are infected at any given time and how high that percentage spikes during new outbreaks.

McNamee says, as measured by Kindsight Security Labs, approximately nine to 14 percent of home networks are infected on a typical day. The number of infected home users can spike to 30 percent during outbreaks. Mobile malware is also escalating, having increased 400 percent over a three-month period in late 2011.

"It's become increasingly difficult for home users, enterprises and ISPs to keep up with the threat," says McNamee. "Malware is getting better at shutting down anti-malware defenses during infection, and end users don't always have it running. What's needed is analysis of the network traffic to understand the extent and specific types of malware among subscribers so appropriate action can be taken."

Kindsight aims to catch malware such as spambots, banking Trojans and spyware based on the activity they create on the network. Kindsight works by deploying sensors that tap on the carrier network, including peering points, that analyze traffic using its own custom-developed sensors, as well as those it acquires from other security vendors. For botnets and mobile (as well as other forms of) malware, Kindsight also attempts to identify the command-and-control protocol used by these applications to "phone home" their reports on stolen data.

Analysts believe there is more carriers could do to keep their pipes cleaner. "It makes great sense for service providers to be performing monitoring," says Pete Lindstrom, research director at Spire Security. "For instance, looking for botnet command-and-control is clearly one area that is problematic, and which they have an ideal view for rapid identification.

George V. Hulme writes about security and technology from his home in Minneapolis. You can also find him tweeting about those topics on Twitter @georgevhulme.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies