MCI adds security risk management service

MCI will offer in January a new service designed to help network managers quantify, prioritize and remediate security risks across their organizations. MCI officials say the service – dubbed NetSec Security Risk Management – is the first of its kind.

The service is based on a new module that MCI has built in its Finium managed security services platform. The security risk module allows customers to use a scorecard approach to prioritize and track critical systems against security threats and vulnerabilities. It features a dashboard interface to provide users with an overall view of security threats and remediation efforts companywide.

“A lot of our customers say they are not tracking security risks or if they are they are doing it with Excel spreadsheets they created themselves,” says Chris Sharp, vice president of MCI’s NetSec Security Services. “We’re offering more of a standards-based approach to quantifying risks. It’s a unified threat management capability, so it shows not just what the vulnerabilities are but what the assets are.”

The service allows customers to prioritize their systems prior to an attack and track remediation efforts following an attack. It offers an automated asset inventory, integrated scanning and patch management. Users can create extensive reports for themselves or to share with upper management.

The service includes a threat navigator, which allows users to drill down into the information about threats for particular systems and to see those threats across multiple platforms. Once a system is added into the asset inventory, the service calculates the risk associated with that system based on the operating systems, applications and patch levels on that system.

The service’s scanning feature allows network managers to track vulnerabilities across many assets and to check on remediation efforts when a weakness is found. MCI says the scanning process is a timesaver when a single vulnerability, such an operating system patch, is required across thousands of IT assets.

“We believe this security risk management offering sets a new benchmark,” says Ruby Qurashi, vice president of MCI’s NetSec Product Management. “No one else has as comprehensive of a service that we offer. The other services are not metric based and don’t offer a risk score, so users can take action. We’ve also given them a tool for remediation planning and tracking remediation efforts.”

MCI is offering two versions of the security risk management service: a basic service that includes no scanning and manual input of assets into the inventory; and an advanced service that includes asset scanning. Pricing starts at $1,000 per month for 100 IP addresses, with a one-time deployment fee.

The new security risk management service is part of a broader effort by MCI and other carriers to introduce managed services that bridge backbone and enterprise networks. This so-called “cloud-to-core” architecture allows carriers to provide a range of security services including managed firewalls, managed intrusion detection systems, managed endpoints and identity management.

For more information about MCI’s NetSec Security Services, click here.