1.1 Competitive Analysis

1.1 Competitive Analysis This document provides an overview of the competitive landscape for managed D/DDoS and Day Zero attack mitigation solutions whose goal is to protect network availability and enterprise ebusiness resiliency.

1.1.1 Managed Services

AT&T is the first carrier to offer a managed proactive network-based address DDoS mitigation service. By integrating the predictive and early warning capabilities of Internet Protect with the DDoS option, AT&T is delivering true DDoS attack prevention and mitigation services.

Service DDoS Mitigation Service/Comments AT&T response/positioning Provider IXC/Backbone Providers Sprint Recently announced intent to provide AT&T’s world largest global IP network based DDoS mitigation Service backbone, coupled with Internet Protect security solutions including No additional service details available at DDoS mitigation provide: this time  an unsurpased view to Internet/global IP network occurrences and insights from traffic pattern analysis (Flood tool?).  DDoS mitigation services are a natural extension of AT&T’s portfolio of business continuity, security, hosting and transport solutions. Customers benefit from clean pipes -and business continuity assurance  Extensive Security NOC resources  Global coverage for customers with international presence MCI No DDoS prevention/mitigation offer AT&T DDoS mitigation is a network based solution which MCI customers are credited with one proactively provides attack day of service if MCI fails to react mitigation. within 15 min of a customer DoS attack notification. The cost of downtime for large ebusiness can be upwards of MCI is investigating a network based $33K/minute during peak business DDoS mitigation offer and may offer on hours. Proactive mitigation while an ICB basis to select accounts. maintaining valid traffic flows is a key differentiator for enterprises who value business continuity.

Speed of detection and automated mitigation of suspect traffic (1-5 secs) delivered by AT&T DDoS service is critical to maintaining e- business availability. The fast activation is critical to maintaining access link availability and avoiding server crashes (which have a lengthy restoration/reboot cycle). ILEC/Local Providers BellSouth, No DDoS prevention/mitigation offer Although these providers provide Qwest, SBC, last mile bandwidth they do not Verizon have large IP backbone networks nor do they provide expansive security services to match AT&T security and business continuity portfolio.

Alternative Transport Providers InterNAP, No DDoS prevention/mitigation offer. AT&T has the largest IP backbone others in the work and is the upstream Under its new SLA, Internap will network provider to enterprise respond and begin diagnostic testing to customers and in the best position to address a DOS attack within 10 minutes provide DDoS mitigation services. of a customer's request. The business model for InterNAP and other similar providers is a resale or transit service. They are unlikely entrants to the DDoS mitigation service and rely on partners (like ISS) to deliver security services. Content Delivery Networks Akamai, others No DDoS prevention/mitigation offer. AT&T DDoS mitigation solutions reduces the need for complex and Akamai ebusiness continuity content costly replication and distribution of replication of website content applications / servers to withstand applications requires customer to attacks. purchase additional bandwidth and server resources The monthly recurring cost of bandwidth/server resources for a DNS and Transactional /Backoffice CDN solution to withstand the resources to identify inventory traffic peak from a DDoS attack availability etc cannot be replicated. can be upto 7 times that of the cost to implement a DDoS mitigation Akamai and their customer base are not solution. immune to DDoS attacks as demonstrated by a 6/15 attack whose impact was noted on Keynotes monitoring of top 40 website performance.

1.1.2 Alternative Security Technology

Alternative security technology exists which may provide anomaly or intrusion detection capabilities however these solutions do not offer capabilities to mitigate broad DDoS and Day-Zero attacks based on identification and “cleaning” of traffic within the network.

Security Vendor Comment/Technology Positioning Technology Anomoly Arbor, Mazu Although some anomaly detection Detection solutions are potentially complementary to AT&T DDoS solutions, they do not offer the level of mitigation capabilities – preventing malicious traffic from saturating customer network bandwidth. Stateful IDS Symantec (Recourse), ISS, These approaches require scaling Solutions Netscreen, Tipping Point network and host-based resources to absorb the massive volumes of traffic generated by a DDoS and Day-Zero attack. Although these solutions may work for some attacks, the scalability and economics of such approaches make them impractical for an environment in which attacks are becoming more frequent and complex

Load Radware, Netscaler Intrusion Detection offerings focused balancers and on improved methods to detect attacks “brute force” and notify IT professionals in order to approaches remediate. Increasingly, these solutions are taking a more active role in mitigating known and unknown attacks by allowing users to block, filter, or rate limiting to protect network resources. Where they leave off is their capabilities to mitigate broad DDoS and Day-Zero attacks based on identification and “cleaning” of traffic rather than simply denying it.

Freeware Shareware software solutions AT&T DDoS mitigation solutions deliver scalability and gigabit performance within the network to prevent DDoS attacks saturation of the network access bandwidth that could not be matched in a free or shareware solution.