Security as a Weapon

In sweeping plan, Verisign merges services to tap data, intelligence.

Verisign Inc. has crafted a sweeping new security strategy that pulls data from the companys expansive stable of customers and disseminates it to each in an effort to help customers prepare for, and even prevent, network breaches and hacks. The strategy, known as Security Intelligence and Control Services, will combine several of VeriSigns services to make better use of the reams of data and intelligence that VeriSign sees daily through its monitoring of customer devices and its management of a large portion of the Internets Domain Name System infrastructure.

But the initiative will also include some new offerings, to be announced later this fall, as well as partnerships with major vendors such as IBM and Microsoft Corp.

"We want to deploy systems that are aimed at providing intelligence so customers can better control their environments and use security as an offensive weapon in making business decisions," said Ben Golub, senior vice president of security services at VeriSign, in Mountain View, Calif. "We can give people the benefit of what we see inside and outside their networks."

The core of the strategy is the companys managed security services, such as firewall and intrusion detection system monitoring, and its authentication and fraud protection services. Through its monitoring of security devices and online payment systems, VeriSign is able to identify patterns in how crackers and online con artists operate and can share that data with customers before their systems are hit.

For example, VeriSign can identify IP addresses that are frequently used to attack networks and disseminate that information to its customers. This data can be valuable in other ways, too, as VeriSign officials said that there is an overlap of nearly 50 percent between attackers IP addresses and IP addresses used in online fraud.

The result is intended to be a more complete view of what activity is occurring across the Internet and might be coming soon to a network near you.

This extension of the managed security infrastructure is an important step in making such services more valuable to large enterprises, analysts said.

"You gain the benefit of the knowledge and expertise of people who have experience with the Internet at large," said Pete Lindstrom, an analyst at Spire Security LLC, in Malvern, Pa. "In some ways this is a delivery decision on their part. But this has always been one of the strong value propositions of managed services: more context."

Another key component of the strategy will be Trust Gateway, an application VeriSign introduced in April to simplify the process of securing Web services. The software performs the XML security operations on behalf of applications so that developers dont have to include security code in their applications.

Trust Gateway will serve as a conduit through which customers can configure their security posture at the network layer, VeriSigns Golub said. Company officials said they plan to an- nounce the details of the new product offerings, as well as the partnership agreements, in the next few weeks.

VeriSign officials said the shift in strategy for the company came as a result of a change in the way customers discuss and deploy security technologies. These discussions have progressed from technology-centered conversations focused on which new box or software an enterprise should buy next, to more strategic, big-picture talk about how security can help businesses achieve their objectives.

"Weve been noticing a real change in the nature of security and the way people think about it," said Golub. "Most business initiatives involve risk, and they want to manage that risk the way you might manage financial risk."