P-Cube enables ISPS to detect and quarantine spam zombies.

P-Cube Inc., the first company to provide programmable IP service control platforms for broadband and mobile network operators, has announced it has further extended its service security capabilities by enabling its service application, Engage v2.1, to detect and protect service provider networks

from spam zombie attacks. P-Cube's Service Control Platform, featuring the Engage service application, offers service providers an off-the-shelf tool for network-based detection and protection from spam zombie attacks, as well as minimizing their operational and support costs. Engage anti-spam capabilities are in deployment with P-Cube's global service providers.

"Spam is clearly one of the most serious and complex problems our customers face today. Spam costs service providers and their customers a lot of money in terms of storage, bandwidth and productivity loss, as well as serving as a distribution method for more serious security threats," said Yuval Shahar, CEO and president of P-Cube. "Augmenting our industry-leading P2P solution, Engage adds security capabilities to our existing service control technology with DDoS and spam protection. Our service control technology gives service providers, for the first time, the ability to eliminate the threat posed by legions of spam zombies without disrupting network performance, allowing providers to manage their networks for advanced services delivery."

Spam zombies are an insidious strategy of both hackers and spammers to infect unprotected computers with a Trojan horse program. Once infected, these systems become "zombie" machines that can be used to either distribute more spam or serve as the basis for a Distributed Denial-of-Service (DDoS) attack. Estimates range from 40 percent to 80 percent of all spam originating from spam zombies. Until today, the large number of attacking machines makes it difficult to identify the source of a spam zombie-based attack or to take corrective action in real time without causing massive disruption to network operations and legitimate users.

"Spam zombie-based attacks are one of the most difficult problems for service providers to defend against, creating support challenges for meeting customer satisfaction," said Ron Westfall, Broadband Infrastructure Principal Analyst at Current Analysis. "As spammers use more sophisticated techniques, providers can adapt by leveraging programmable, intelligent network infrastructure to respond to threats in real time. Addressing the spam zombie challenge requires a multi-dimensional approach that includes the ability to map traffic to a particular subscriber and classify it to the SMTP protocol. This is just one example of how Service Control technology helps to reduce security threats in service provider networks."

Engage differentiates itself from alternative technologies by employing deep packet inspection at Levels 4-7, as well as the ability to maintain "state" to identify and redirect anomalies in network traffic generated by spam zombies. Adding state allows a solution to differentiate, for example, between 1000 1k messages generated as 1000 independent sessions or a single 1 megabyte mail session. State-less solutions can only count packets and cannot easily differentiate between a multitude of small sessions or a single large one.

Identification: Engage detects the characteristics of a zombie attack in the early phases, often the first few thousand messages, and quickly identifies the source of the suspected spam attack.

Protection: After suspicious traffic patterns have been identified, Engages' fast reporting allows system administrators to intervene, quickly redirecting or quarantining the zombie machines. Such activity limits the amount of spam that gets through the network.

Notification: Since infected users are unaware of the infection, in addition to stopping the zombie attack originating from their machines, Engage notifies subscribers of the infection and redirects them to support centers where they can take corrective action.

P-Cube's service application, Engage, leverages the Service Control Platform's application- and subscriber-aware architecture to monitor and analyze application-level traffic, which allows the service provider to quickly identify spam zombie activity from a particular subscriber, block their email transmissions and redirect the infected subscriber to a site where the system can be purged of the zombie infection.

Distinct from alternative methods that rely on Layer 3 devices or software solutions that lack the intelligence and horsepower to handle hundreds of millions of emails a day, Engage operates at multi-gigabyte wire speeds. As a result, Engage can perform these functions without introducing latency into the network. P-Cube's innovative Service Control technology is comprised of a programmable network element that creates an intelligent overlay enabling the network operator to identify, classify, guarantee performance of and charge for content-based services.

Engage v2.1 is available with spam protection capabilities today and is currently shipping.