Earlier Warning System

Security and high-availability software vendor Arbor Networks Inc. has beefed up Peakflow DoS, its software for thwarting denial-of-service attacks. But experts say successfully eliminating denial-of-service threats requires such software be installed not only in-house but throughout the Internet infrastructure.

Enhancements in Peakflow 2.1 let the software aggregate information coming into the network via the widely used Cisco Systems PIX firewall, in order to learn baseline network traffic. Once the software has established those parameters, it can identify anomalies and filter out traffic that could be part of an attack. Previously, the software was able only to filter information primarily from routers that could indicate approaching attacks, says Ted Julian, chief strategist and co-founder of Arbor. The company also added improved management capabilities to Peakflow 2.1, including sending different alerts to the network administrators best suited to react.

Dave Dittrich, a senior security engineer at the University of Washington, welcomes the improvements. Dittrich is exploring several options for fighting denial-of-service attacks, and Peakflow "looks to be the leader" so far, he says. But while Dittrich is convinced that tools such as Peakflow will help with the early detection of the attacks, these tools need to run at both the edge of the company's network and within the networks of Internet service providers to be truly effective. "That's where the bandwidth is big enough to filter large attacks," he says.

Pete Lindstrom, director of security strategies at Hurwitz Group, agrees. "If you're talking about attacks smoking up all of the available bandwidth to a company, you need solutions at the service-provider level as well," he says.

Arbor says the software has been installed at some of the world's largest companies, as well as service-provider networks. The software is available now, with prices starting at $130,000.