• United States



by Paul Kerstein

MCI Pitches ‘Comprehensive’ Network Security Service

Dec 07, 20054 mins
CSO and CISOData and Information Security

MCI Inc. on Tuesday announced the upcoming release of a network-security managed service, saying it will be the most comprehensive package available.

MCI’s NetSec Security Risk Management Service, available to U.S.-based companies in January, is designed to help large businesses improve their security through a number of features. The service will include functionality to identify outside security risks, manage patches, inventory network-connected computers, and provide tailored services based on an enterprise’s policies or business services, MCI said.

Built on Finium, MCI NetSec’s next-generation integrated services and delivery platform, the service will classify threats using a real-time scorecard as a way to suggest security priorities to customers and provide remediation capabilities, MCI said. The company expects to role out the service to European companies during the second half of 2006.

MCI calls the service a “cloud-to-core” offering, meaning it’s aimed at both outside, Internet-based threats and on internal network security. That broad approach gives MCI, a major provider of long-haul bandwidth, an advantage over some security vendors that focus on a smaller piece of the security picture, said Chris Sharp, vice president of MCI NetSec Security Services.

“[MCI is] able to proactively protect our customers due to the fact that we’re able to see different types of vulnerabilities and threats emerging out on the Internet at large,” Sharp said. Using the MCI services, businesses with limited resources can make “better decisions” and fix the problems that can most affect them, he added.

MCI has built up its network security offerings in recent years, and the company acquired NetSec, a provider of managed security services, in February. The new service’s integration of inventory management is important because it provides businesses an up-to-date picture of their networks, said Ruby Qurashi, vice president of MCI NetSec product management.

“In the end, you’re able to calculate risk, in real time, based on any vulnerability that’s on a particular application or system,” she said.

MCI called the service the “first” comprehensive security risk management service available to large businesses. Jeffrey Kaplan, managing director of the IT consultant firm Thinkstrategies Inc., praised the MCI offering, but declined to name it the first comprehensive service.

“With all the services, it’s an impressive offering,” said Kaplan, based in Wellesley, Massachusetts. “Whether it’s the most comprehensive, well, that’s in the eye of the beholder.”

The “cloud-to-core” approach in the MCI service should be attractive to large businesses, Kaplan added. “When it comes to security, getting a holistic view, and having someone who will take responsibility for it, is important,” he said.

Kaplan said his only concern about the service is MCI’s pending merger with Verizon Communications Inc. and what effect the merger will have on MCI offerings. Still, he praised MCI for launching new services with the merger expected to be completed by the end of January. “Many organizations would be sitting on their hands or worrying about internal politics,” Kaplan said.

The service will provide customers with a browser-based dashboard that provides charts identifying risks and priorities. The information is organized to give customers an across-the-board view of threats, remediation status, and risks across the network, MCI said.

The new service also will allow customers to map vulnerabilities against specific assets. Scanning can be scheduled at any time to ensure that remediation is completed, MCI said.

Large businesses will be able to purchase two levels of service from MCI. There will be a one-time deployment fee, plus charges of US$1,000 a month for 100 Internet Protocol addresses, more for additional IPs, MCI said.

By Grant Gross – IDG News Service (Washington Bureau)