Carriers predict boom in managed security services

Telecommunications companies ranging from Internet service providers to wireless carriers are betting that a new wave of managed security services can help generate additional opportunities with enterprise customers.

For several years, while carriers have been aggressively building out their own capabilities — and customer-facing services — for defending infrastructure operations from threats such as denial-of-service attacks, many telecommunications companies are readying new security offerings that promise to help customers ward off everything from viruses to botnets, and spam.

As so much of the current focus in IT security is aimed at filtering traffic coming through the network, carriers maintain that they are better suited than enterprises themselves to identify emerging attacks delivered via Web sites, online applications, and electronic messaging systems.

By tapping into their operators to handle more security responsibilities, pundits claim, enterprises can save time and money previously spent on researching, installing, and maintaining the different applications needed to provide the same protections that the new services aim to provide.

“Today we see managed security services evolving based on a more complete product set, not just denial-of-service, but rather based on anything related to confidence and availability in the network,” said Graham Smith, security expert at U.K.-based carrier Cable & Wireless. “We’re looking at building services to find attacks before they happen at the customer level; we have the intelligence to see things like botnets before they get huge and out of control.”

To that end, Smith said that Cable & Wireless will introduce a new generation of security services in Sept. 2007 that promise to scope out threats before they ever arrive on enterprises networks. Along with protection against botnets — programs that infect machines for the purpose of using them to carry out other attacks — the carrier will include messaging security and intrusion detection capabilities as part of a bundled package.

Some carriers already market some of these technologies to customers today, said the expert, but the key to winning over IT leaders who are used to running their own applications, he said, will be in offering tighter integration among security tools and more attractive pricing than individual point products.

“Most of our competitors today are already selling some form of intrusion detection along with some other security services, but our goal is to bring together best of breed technologies combined into a single solution for a single price,” said Smith. “These areas of security are all related and there a need for real, high-level integration; with the size of our networks and our relationships with the technology providers, we can process things that customers could never do on their own.”

Another carrier looking to significantly expand its presence in the managed security services market is Verizon, Basking Ridge, N.J., which introduced a new package that promises to help enterprise business defend against malware and phishing attacks in early March.

Labeled as Verizon Managed Web Content Services, the offering includes anti-virus, anti-spyware, and URL filtering capabilities, sold either as a package or on an individual basis. In addition to fending off attacks and protecting network uptime, the services also promise to help companies enforce employee-related security policies, such as tracking and policing Web usage.

Built via a partnership with security applications vendor MessageLabs, based in New York, Verizon executives said they created the services because customers were increasingly asking if the firm could take on more security duties.

“These products are being driven by cost effectiveness, there’s no hardware or software deployed at the customer, and no capital investment up front; they are easy and cheap to deploy and there’s very limited care and feeding, and that’s what customers want,” said Cindy Bellefeuille, director of security solutions for Verizon Business. “Maintenance of gateway systems is pricey, and most large organizations have many geographic locations; premise-based solutions demand deployment of equipment and staff wherever the live, doing this work in the cloud can eliminate a lot of those costs.”

One of the companies providing the technology used by carriers to create the underpinnings of their new security services is Arbor Networks, based in Lexington, Mass.

Arbor, which counts Cable & Wireless as one of its customers — along with a number of other sizeable operators including AT&T and British Telecom — recently announced a new initiative dubbed Active Threat Level Analysis System (ATLAS) Initiative which is aimed at analzing threats as the appear on telecommunications and computer networks around the globe.

According to the vendor, ATLAS uses a global darknet sensor network to gather intelligence on host/port scanning activity, zero-day exploits and worm propagation, along with botnet and phishing infrastructures. Over the next 18 months, the company plans to create a range of new products and services based on the system.

By funneling the data it receives via ATLAS into its products, company officials said, the firm can help carriers stay ahead of new threats as they emerge, who in turn can provide protection for their customers.

In mid-March the company released the newest version of its Peakflow SP platform for carriers, which included new security and threat management tools to its existing capabilities.

“The carriers are deploying the technology first to protect themselves, but they also see a huge opportunity to try and wrap business models around these tools and drive new revenues,” said Paul Morville, vice president of product management at Arbor. “For us the challenge is to try and kill two birds with one stone and offer these companies something that not only does the job in terms of fighting attacks but also allows them to deliver seamless services to their customers, but it’s a great opportunity for everyone.”