Senior analyst, The Yankee Group

Arbor Networks Inc. says it is attempting to make it easier for service providers to share information about Internet threats through a new program called the Fingerprint Sharing Initiative. There’s nothing like this that effectively lets far-flung network operators have direct, real-time information sharing.Jim Slaby>Text

The program, being introduced this week, uses Arbor’s PeakFlow SP platform, which is used by service providers to sniff out distributed denial-of-service (DDOS) attacks, worms and other security threats on their own networks.

The latest version of PeakFlow SP includes a Fingerprint Sharing option that lets carriers share attack fingerprints with any PeakFlow SP customer that is using the option while an attack is underway.

“There’s nothing like this that effectively lets far-flung network operators have direct, real-time information sharing,” says Jim Slaby, a senior analyst at The Yankee Group.

Mazu Networks, Lancope and Q1 Labs offer Arbor-like products for enterprise networks, but Arbor has cornered the carrier market, he says.

Officials at MCI, one of the service providers participating in the Fingerprint Sharing Initiative, say the program is one instrument in a toolbox used to thwart attacks.

While sharing information about DDoS and worm attacks is not new at MCI or among the ISP community, Arbor’s initiative is an advance because it provides for real-time information exchange, says Chris Morrow, senior network consulting engineer at MCI.

Also, current methods did not provide the same level of traffic trending, Morrow says.

Arbor creates a registration database of participating service providers. Once a company registers, it can communicate directly with PeakFlow SP devices on peers’ networks.

PeakFlow SP products watch and analyze traffic patterns to determine the type of packets that are causing problems, as well as the source network.

While the Fingerprint Sharing Initiative requires that ISPs have a PeakFlow SP device, Arbor says it is in the process of standardizing the procedure so that even carriers that aren’t its customers can take advantage of the technology.

Arbor plans to submit a draft proposal through the IETF’s Extended Incident Handling Working Group, with hopes for its initiative to become a standard in six to 12 months.