North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
On Mon, 18 Jun 2007, Suresh Ramasubramanian wrote:
On 6/18/07, Sean Donelan <sean@xxxxxxxxxxx> wrote:Automation is a non-starter unless you have people to deal with the exceptions. If you don't deal with exceptions, eventually problems with any automated system will overwhelm you. You can only hid behind IVR recordings "You call is very important to us" for so long.
You need a both. The mistake engineers make is thinking technology is the solution. The mistake customer care makes is thinking a pleasent voice is the solution. The mistake law enforcement makes is thinking an
arrest is the solution. The mistake legislators make is thinking a law
is the solution. And so on.
We need a mix of all those things, including people, technology, laws and physical arrests. The problem is not a naturally occuring phenomena. The opponents are intelligent people who react to anything we do.
I've seen ISPs with very advanced automated systems that went unused becaused their customer care organizations couldn't cope with the scale of problem customers. I was building infected customer sandboxes a long time ago. Even if your automated systems handle 99% of the problem customers, that 1% can doom your plans if you don't understand it.
ISPs looking for automation may consider these vendors or several free/open source alternatives.
Simplicita: http://www.simplicita.com/ Bradbord: http://www.bradfordnetworks.com/ Motive: http://www.motive.com/ Cisco/Perfigo: http://www.cisco.com/en/US/products/ps6128/index.html F-Secure Network Control: http://www.f-secure.co.uk/enterprises/products/fsnc.html Trend Micro Intercloud: http://us.trendmicro.com/us/about/news/pr/article/20070123143622.html