On 1 March 2004, MCI announced that it is now offering a DoS SLA designed to help customers defend against Internet attacks. The new SLA — believed to be the first offered by an ISP — guarantees that all MCI Internet customers will have immediate access to MCI's security staff, and that MCI Customer Support will respond to a suspected DoS attack within 15 minutes of a customer-generated trouble ticket. If MCI fails to meet the terms of the SLA, the customer will, at its request, be credited one day's prorated MCI charges for the affected service. The new SLA applies across all MCI (Internet Protocol) IP services, and the performance guarantees are automatically extended to all customers at no additional cost.

For several years, Gartner has been advising enterprises to demand that their ISPs and data-center hosting companies provide protection from DoS attacks. Such protection — including ingress filtering to block spoofed packets, and advanced flow monitoring and routing solutions to minimize the impact of attacks in progress — has become a reality. MCI's SLA announcement likely marks the beginning of a trend toward ISPs' offering protection against DoS attacks. These attacks, which inundate Web sites with bogus traffic, make it impossible for a site to respond to legitimate connections. A quick service response from the ISP will help to reduce an enterprise customer's downtime.

MCI customers should benefit from the company's commitment to begin working on a DoS attack within 15 minutes. The decision to add the performance guarantees at no additional cost is also a positive move. Nonetheless, the new MCI SLA does have certain limitations. For example:

• MCI doesn't provide any DoS detection. The customer must notice a DoS attack and place a trouble ticket.
• The SLA guarantees only that MCI will respond to a DoS attack, not that it will stop it.
• MCI has set a comparatively high threshold — more than 95 percent utilization — for DoS. Gartner believes the threshold should be closer to 80 percent for faster Internet connections.

Recommendations: Enterprises should continue to urge their ISPs and data hosting services to provide increasing levels of protection from Internet threats. ISPs and hosting services should respond to MCI's announcement by providing similar or greater levels of affordable protection against Internet infrastructure attacks, such as protection against DoS and DNS (Domain Name Service) attacks.

Analytical Sources: John Pescatore, Ted Chamberlin and Eric Paulak, Gartner Research

Recommended Reading and Related Research

• "How to Select an ISP in a Turbulent Telecom Environment" — Evaluate financial stability, customer service and a provider's service portfolio and prices when choosing your ISP. By Ted Chamberlin
• "Magic Quadrant for North American MSSPs, 1H03" — Consider outsourcing your perimeter security to a specialist at equal or less cost than you can do internally. By Kelly Kavanagh and John Pescatore

(You may need to sign in or be a Gartner client to access all of this content.)