Global Internet 'Early Warning System' on the Way

By Jacqueline Emigh | Mar 4, 2003 | Print this Page
http://www.enterprisenetworkingplanet.com/netos/article.php/1963231/Global-Internet-Early-Warning-System-on-the-Way.htm

About three weeks from now, Matrix NetSystems and a still unnamed partner will launch a global Internet "early warning system" aimed at alerting customers to cyberattacks in plenty of time to fend off damage. Meanwhile, the new Internet management service provider has just inked a deal with netVmg, developer of a solution for routing traffic across ISP links according to specified enterprise policies.

"Big companies have abandoned solutions like leased lines in favor of the Internet, which is ubiquitous and far less expensive. The Internet does a good job of connecting people, for the most part," acknowledges Tom Ohlsson, Matrix's VP of business development and marketing.

Unlike previous transport mechanisms like frame relay and ATM, though, the Internet lacks user-definable surveillance thresholds, notes Ohlsson. Matrix's emerging Internet-based management infrastructure also assists with worm invasions, equipment failures outside the firewall, and other issues that crop up when organizations treat the Internet as their enterprise network.

So far, industry analysts generally like what they see at Matrix. "Matrix has an expertise in Internet security that goes back about 12 years," maintains Frank Barbetta, an analyst at Probe Research. Originally known as MIDS, Matrix began as a consulting firm, only branching into services over the past year. With its new service offerings, however, Matrix is aiming big; target customers include the Fortune 50, federal government agencies, global ISPs, and "top five" systems integrators.

"Enterprises and ISPs do need better information about the Internet," affirms Barbetta. "The Internet is a random entity, but people are trying to rely on it for business applications. The Internet has some characteristics that are 'normal' for a network, and others that are unique unto itself. It's very prone to malicious code, for example."

Matrix will pinpoint the partner for its new "early warning system" in conjunction with a third-round funding announcement later this month. Ohlsson likes to compare the new notification system to the "DEW Line," a radar system set up by the US government during the Cold War to alert the nation to impending nuclear attacks.

Page 2: Matrix's Warning System Inspired by GEWIS


Matrix's Warning System Inspired by GEWIS

The idea for Matrix's warning system was inspired by the federal government's current initiative for a Global Early Warning Internet Service, also known by the acronym GEWIS (pronounced like "gee whiz").

Matrix's yet to be announced partner will provide threat assessment, whereas Matrix will concentrate on Internet monitoring and measurement. "[The partner] said to us, 'Hey, you've got the chocolate for our peanut butter,'" Ohlsson recalls.

For monitoring purposes, Matrix has already deployed beacons at its own network operations centers (NOCs) as well as at other hosting and carrier sites throughout the Internet. "We ping hundreds of thousands of services and construct models of what we find."

Matrix presents these findings in chart format at a Web portal. Customers can view packet loss statistics at critical Internet nodes in North America, for instance, or reachability results for various carriers and ISP gateways. Companies can also monitor remote client PCs or specific Web sites. In addition, human experts are available at Matrix to help analyze problems.

During the "Slammer worm" crisis in late January, reachability for one large ISP varied dramatically from one section of the US to another, according to Matrix's charts. Reachability stayed at 99.9 percent or better in the West and Northeast; but dipped to 99 percent in the MidWest, while plummeting to just over 90 percent in the Plains states.

In the upcoming early warning system, Matrix's beacons will act as honeypots. "Actually, the term 'decoy servers' is more politically correct. The idea is that, if somebody launches an attack, they'll leave behind their digital signatures. This will give an indication of where in the world the attack is coming from," clarifies Ohlsson.

Details are still being ironed out, but Ohlsson compares Matrix's deal with the "threat assessment" partner to an OEM agreement. "They'll use our product, and they'll pay us a royalty fee."

"The early warning system is a 'nice to have.' Matrix can do it, because its NOCs are 24/7. Matrix has also been talking about things like automatically closing down ports to prevent denial of service attacks," observes Zeus Kerravala, VP at the Yankee Group for Applications Infrastructure and E-Networks & Broadband Access Planning Services.

Page 3: The Future Looks Bright for Matrix...for the Most Part


The Future Looks Bright for Matrix...for the Most Part

Meanwhile, Matrix is at work on a variety of other future Internet management services as well. The new deal with netVmg, just inked in February, is quite different from the joint venture for the warning system. According to Ohlsson, "At this point, the relationship with netVmg is still more like a reciprocal agency agreement. We're sharing our leads with netVmg, and they're sharing their leads with us."

More pacts are in the planning stages, too. "I'm happily surprised by what Matrix has got going for the near term with the joint-venture partnerships they're pursuing," states Dan Keldsen, an analyst at DelphiGroup. "Some very interesting potential is cooking."

Moreover, Matrix has already nailed down 16 paying customers, with 12 more now in the pipeline, according to Ohlsson. The early adopters include NASA, SAP, Verisign, and several New York financial brokers.

For the most part, Matrix's services will not come cheap. Customers will pay anywhere from $20,000 to $250,000 per year, with most falling into the $50,000 to $70,000 bracket.

A few offerings, however, are available from Matrix free of charge. These include an ISP rating service -- which provides some but not all of the results given to paying customers -- and an e-mail report on major Internet security events.

Matrix could face some obstacles ahead. "Company budgets and the will to address potential security problems -- these are still ponderables," says Yankee's Kerravala.

Analysts also cite a number of other vendors hovering around the same market space, ranging from KeyNote Systems to Quantiva. "Matrix seems to be coming at measurement from more of an operations/troubleshooting point of view -- as compared to the 'ensuring customer satisfaction' or 'quality user experience' perspective that a Keynote Systems might have," advises Delphi's Keldsen. "Is one better than the other? It depends on who the buyers/users of the information are, what they want to do with it, etc."

Keldsen is impressed, too, with Matrix's comprehensive approach to Internet security management. "There are still a lot of point solutions out there. I've been trying, anyway, to get vendors to look at rolling together disparate pieces of information."

By and large, though, analysts anticipate success for Matrix. "If anybody can do this, it's Matrix. The company's competitors are smaller than Matrix. Matrix has expended a lot of resources on building up an infrastructure -- and they're already 'there' with the necessary knowledge," states Kerravala.


» See All Articles by Columnist Jacqueline Emigh