VeriSign Inc. will announce an expansion of its managed security services offerings Tuesday at the Networld+Interop conference in Las Vegas, adding a full complement of services, including managed firewall, antivirus, intrusion detection and more.
The services announcement signals the full integration into the company of Exault Internet Security Systems Inc. and Telenisus Corp., companies that VeriSign acquired in mid-2001 and late 2001, respectively, according to Robert McCullen, vice president of marketing at VeriSign, located in Mountain View, California. The two companies bring a combination of security and network consulting and managed security services to VeriSign that the company plans to leverage for the new services, he said.
The company also announced partnerships with ActivCard Inc., Check Point Software Technologies Ltd., Nokia Corp., Counterpane Internet Security Inc., Enterasys Networks Inc. and NetForensics Inc. that will allow it to offer products and services from those companies through its consulting and services division, McCullen said.
VeriSign will be expanding its current roster of managed services -- which already includes managed SSL (Secure Sockets Layer), managed PKI (public key infrastructure) and managed DNS (domain name system) -- to include managed firewalls, VPNs (virtual private networks), intrusion detection, antivirus and content filtering, McCullen said.
The security services were brought to the company in the Telenisus acquisition, while the Exault deal boosted VeriSign's consulting arm, he said. The company now has around 300 CISSP (Certified Information Systems Security Professional) consultants on staff, he added.
The new services are aimed at enterprises, which are increasingly looking to outsourced security services because they "are trying to make more with what they've got," McCullen said, alluding to the state of the economy. "This is clearly a way we can help them do that."
No matter what the state of the economy, security isn't an area that can be neglected, said Dave Berkowitz, senior manager of corporate communications at VeriSign.
"If you've got an e-business, this isn't something you can ignore because the economy is making it difficult for you to keep up," he said.
Besides economic concerns, though, security is simply not a key strength for many companies and so outsourcing those functions to security experts makes sense, McCullen said.
The new services will be managed from two Security Operation Centers (SOCs) each staffed by a total of about 50 people, said McCullen. The company plans to incorporate the management of the security services into its 13 existing network operations centers, which it uses for Internet and certificate operations, among other things, in the future, he said.
The services are all immediately available and will cost between US$150 per month and $2,500 per month each, depending on customer needs, he said.
Though the services and consulting divisions currently make up about 10 percent of the company's revenue, VeriSign expects that to increase in coming years, McCullen said.
"We're definitely viable in this market," he said. "This is a logical progression."
"You trust us to manage the Internet, you can trust us to manage your security," he said.
VeriSign's competency in its DNS and certificate businesses doesn't necessarily mean it will be a good managed security services company, said Laura Koetzle, infrastructure research analyst with Forrester Research Inc. The combination of integrating the new companies and services, and dealing with partners and clients means "there's a lot of potential for things to go wrong here," she said.
"There are probably going to be some hiccups in the beginning," she said.
Any difficulties at the outset, though, will likely be overcome as "VeriSign has acquired a lot of companies over the years and has been mostly successful," she said.
VeriSign's entry into the managed security services market makes sense for the company and puts it "in a position to take a chunk of the new business," she said. Companies already using services from other companies are not likely to switch, due to contracts and the cost of switching, Koetzle said.
"If I were any of the smaller managed security service providers, I would not be welcoming this with open arms," she said.
The CISSP-certified consultants that VeriSign will be able to marshal in its consulting work will also help it, she said"The fact that VeriSign has a bunch of them tends to be a vote in their favor," she said. "The smaller companies just aren't going to have that kind of talent pool."
"Provided they can surmount the difficulties of knitting a bunch of different players together," Koetzle said, "VeriSign is going to be a major player (in the managed security services market) unless they pull back."
If National Tech Team Inc.'s experience in using VeriSign's services is any indication, Koetzle is right.
National Tech Team is an IT company that offers help desk and call center outsourcing, as well as customer assistance Web portals, to Fortune 100 customers worldwide, said Maj Homa youn fal, executive director of technology at the Southfield, Michigan, company.
The company uses VeriSign's managed Intrusion Detection System and vulnerability assessment services to protect its offerings to clients, he said.
National Tech Team chose VeriSign because its customers wanted a name-brand security provider to stand behind the company, he said.
"When I bring up VeriSign, the number of questions (about security) quickly goes down," he said.
The company hadn't used any intrusion detection system before, but it had considered deploying and monitoring one using its own employees, he said. They decided against this as "having someone monitoring 24-by-7 is cost-prohibitive for us," he said.
National Tech Team has been using VeriSign's services since the end of 2001 and would recommend them "without hesitation," he said.
"If I need anything, I have access to their resources immediately," he said.