Bringing IP VPNs to The Next Level

That was the message from Rosalyn Roseboro, program director at RHK Inc. at the consulting company's recent Startrax event in Phoenix. "We don't believe IP VPNs have fully reached their potential," she says. IP VPNs are still an "immature source of service provider revenue."

While many service providers offer network-based -- and CPE-based IP VPNs, other security measures such as intrusion detection, denial of service prevention and firewalls are typically handled by end user-owned CPE, although network-based solutions are available, she says. That's a problem because IP VPNs solely for connectivity are a low-value sell, particularly for incumbent carriers that get good profits from ATM and frame relay services today. Still, Roseboro predicts IP VPN ultimately will prevail as the platform for new services. A network-based model for new services via IP VPN will prove out, she says, because of the lower costs due to shared infrastructure, better manageability and scalability.

Specialty IP VPN services provider Virtela Communications Inc. is one of the trailblazers in the area of value-added services. The company, which offers both outsourced CPE- and network-based IP VPNs, also provides such optional adjuncts as IP VPN-based multicast, says Maaz Sheikh, vice president of market strategies and services with Virtela. The end user just clicks on the names of people in his or her address book to set up a meeting. "This is a huge revenue-generating service for us," he says. "Customers are willing to pay $3,000 to $4,000 a site for the connectivity and video equipment." In addition to the corporations that use this service for internal communications, individuals like stock analysts use it to broadcast information on particular stocks to their customers, he says.

WorldCom's Inc. Bob Blakley, manager of security services, says his company has also focused on ensuring it has integrated bundles available to meet its customers' complete, secure access needs. That's the thinking that drove WorldCom's new Enterprise Addition service. Prior to WorldCom's recent deal with CheckPoint Software Technologies Ltd., WorldCom had offered managed firewalls since 1997, he explains, but not on a truly global service basis, because customers in other countries didn't have the same experience as customers did in the U.S., he says. Through WorldCom's Enterprise Addition, he says, if a box fails and a customer needs a replacement box, sparing is available within a day no matter where in the world the customer needs it. In May 2002, WorldCom also announced a partnership with Integrated Security Systems Inc. (ISS) to allow WorldCom to integrate ISS's intrusion detection and other security features with its own IP VPNs, says Blakley.

Jeff Wilson, executive director of Infonetics Research Inc., says that while many service providers offer managed firewalls as well as multiple IP VPN options today, integrating the two is a different issue. "It's not big technology issue, it's more of a marketing issue," he says. For example, a big company might want to tightly manage the firewall at its headquarters, but for telecommuters with DSL they might want to outsource the firewall, he says. Wilson says it took the RBOCs a long time "to figure out there was a revenue opportunity." He notes a SBC-NetScreen to push low-end NetScreen firewalls to broadband DSL customers.

Security Service Forecast
Source: Infonetics Research

Intrusion Detection: The Next Big Thing?

Intrusion detection may be the next big thing in security services.

Jeff Wilson, executive director for Infonetics Research Inc., says intrusion detection systems from companies like Intruvert Networks are smarter, faster and more integrated into the larger security picture.

While most intrusion detection systems do analysis of signatures for attacks, signatures are not the best and only way to guard against attacks, he says. Some newer systems now look for anomalies in the use of protocols, anomalies in the use of traffic patterns and set up "honey pots," which are systems -- set up to look like servers or other network resources -- designed to trap hackers. At the same time, companies like NetScreen Technologies Inc. (which recently acquired intrusion detection technology through its purchase of OneSecure) is planning to integrate that intrusion detection functionality into its firewall, says Wilson. All that capability in a single box, he says, will make it easier for service providers to build managed security packages.

Indeed. Jim Allen, manager of security services at Verizon Federal Network Systems, a Verizon Communications Inc. company that sells secure network services primarily to the federal government, says he's seeing a move from intrusion detection to intrusion prevention tools. He says Verizon FNS is just completing shopping for such tools and hopes to roll out new intrusion prevention services in the first half of this year.

Says Amit Yoran, vice president of managed security services operations of Symantec Corp., which provides an array of outsourced security management, monitoring, and response services to enterprises and service providers, "we've already seen great interest our managed intrusion detection offering."

Share this article: Email, Slashdot, Digg, Del.icio.us, Yahoo!MyWeb, Windows Live Favorites, Furl
Add this article feed to: RSS, My Yahoo, Newsgator, Bloglines