Global Internet 'Early Warning System' on the Way: Page 2
Matrix's Warning System Inspired by GEWIS
The idea for Matrix's warning system was inspired by the federal government's current initiative for a Global Early Warning Internet Service, also known by the acronym GEWIS (pronounced like "gee whiz").
Matrix's yet to be announced partner will provide threat assessment, whereas Matrix will concentrate on Internet monitoring and measurement. "[The partner] said to us, 'Hey, you've got the chocolate for our peanut butter,'" Ohlsson recalls.
For monitoring purposes, Matrix has already deployed beacons at its own network operations centers (NOCs) as well as at other hosting and carrier sites throughout the Internet. "We ping hundreds of thousands of services and construct models of what we find."
Matrix presents these findings in chart format at a Web portal. Customers can view packet loss statistics at critical Internet nodes in North America, for instance, or reachability results for various carriers and ISP gateways. Companies can also monitor remote client PCs or specific Web sites. In addition, human experts are available at Matrix to help analyze problems.
During the "Slammer worm" crisis in late January, reachability for one large ISP varied dramatically from one section of the US to another, according to Matrix's charts. Reachability stayed at 99.9 percent or better in the West and Northeast; but dipped to 99 percent in the MidWest, while plummeting to just over 90 percent in the Plains states.
In the upcoming early warning system, Matrix's beacons will act as honeypots. "Actually, the term 'decoy servers' is more politically correct. The idea is that, if somebody launches an attack, they'll leave behind their digital signatures. This will give an indication of where in the world the attack is coming from," clarifies Ohlsson.
Details are still being ironed out, but Ohlsson compares Matrix's deal with the "threat assessment" partner to an OEM agreement. "They'll use our product, and they'll pay us a royalty fee."
"The early warning system is a 'nice to have.' Matrix can do it, because its NOCs are 24/7. Matrix has also been talking about things like automatically closing down ports to prevent denial of service attacks," observes Zeus Kerravala, VP at the Yankee Group for Applications Infrastructure and E-Networks & Broadband Access Planning Services.