North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

  • From: Sean Donelan
  • Date: Mon Jun 18 12:02:44 2007


On Mon, 18 Jun 2007, Suresh Ramasubramanian wrote:
On 6/18/07, Sean Donelan <sean@xxxxxxxxxxx> wrote:
Automation is a non-starter unless you have people to deal with the
exceptions.  If you don't deal with exceptions, eventually problems with
any automated system will overwhelm you.  You can only hid behind IVR
recordings "You call is very important to us" for so long.

You're preaching to the choir there. That still doesnt underrate the importance of automating this. Throwing people at it simply doesnt scale.

You need a both. The mistake engineers make is thinking technology is the solution. The mistake customer care makes is thinking a pleasent voice is the solution. The mistake law enforcement makes is thinking an
arrest is the solution. The mistake legislators make is thinking a law
is the solution. And so on.


We need a mix of all those things, including people, technology, laws and physical arrests. The problem is not a naturally occuring phenomena. The opponents are intelligent people who react to anything we do.

I've seen ISPs with very advanced automated systems that went unused becaused their customer care organizations couldn't cope with the scale of problem customers. I was building infected customer sandboxes a long time ago. Even if your automated systems handle 99% of the problem customers, that 1% can doom your plans if you don't understand it.

ISPs looking for automation may consider these vendors or several free/open source alternatives.

Simplicita: http://www.simplicita.com/
Bradbord: http://www.bradfordnetworks.com/
Motive: http://www.motive.com/
Cisco/Perfigo: http://www.cisco.com/en/US/products/ps6128/index.html
F-Secure Network Control: http://www.f-secure.co.uk/enterprises/products/fsnc.html
Trend Micro Intercloud: http://us.trendmicro.com/us/about/news/pr/article/20070123143622.html