Qwest Cyber Solutions, the application service provider arm of Qwest, announced Monday it is stepping up its security offerings to provide customers with different levels of security that they can add on to their existing service as they choose.
QCS is partnering with managed security service provider Veritect to offer the services, which range from intrusion detection to vulnerability scans to professional security services. The QCS announcement follows news this past July that Qwest was partnering with Veritect parent Veridian to offer Veritect security services to Qwest hosting customers. QCS uses Qwest data centers to host enterprise applications.
QCS' new, enhanced security services augment security services already offered to QCS customers, including secure connectivity through VPNs, basic firewall management, virus protection and user account management.
"We're extending [the security services] out in order to be more proactive," says Brad Clay, a QCS vice president. Clay notes the new services are designed to seamlessly integrate with the ASP's application hosting technology.
Analysts say ASPs are reviewing their offerings to ensure they can provide security levels required by an increasingly demanding customer base.
"A lot of ASPs, including [QCS], have responded to the general demand from customers to provide more and better security options," says Laurie McCabe, vice president and service director at Summit Strategies. "What [QCS] is doing is they're saying, 'Hey, if you're going to be getting a hosted solution from us, we can bundle into that some additional security if you need it.'"
By offering the security services in a tiered way, QCS is providing more flexibility to its customers, McCabe says.
"The idea of doing it in terms of an add-on makes sense because obviously for some applications and some customers, it's not going to be worth spending additional money," she says.
QCS' new services are:
* Host based intrusion detection. Software agents are customized for the customer's security policy, server operating system and applications, providing 24-7 monitoring of files, system applications and application logs to detect unusual activity. Customers receive reports, threat analysis and recommendations to stop attacks.
* Network intrusion detection. This is offered in two packages. The first includes sensors, tailored to the customer's security policy and network, which are placed within the circuit to transparently monitor network traffic 24x7. Events trigger an alert to QCS, which notifies the customer and works with the customer to correct the problem. Customers receive reports, threat analysis and recommendations to stop attacks. The second package includes standard sensors that transparently monitor the network 24x7. When an event is detected, QCS is alerted and notifies the customer.
* Strong authentication. This adds a second level of authentication security beyond username and password to protect access to QCS-hosted applications.
* Periodic vulnerability scans. Twelve scans that can be used within 12 months for up to five IP addresses to ensure firewalls are locked down, relevant patches have been applied to servers and that no holes exist in the network. Actions are recommended to fix problems.
QCS also is offering professional security services to enterprises, enabling them to take advantage of Veritect security professionals to do simulated attacks for penetration testing, vulnerability assessments and risk analysis. The services are available immediately as add-ons to application hosting packages and are priced based on individual customer needs.
RELATED LINKS
