• United States

ISS backs new IPS offering with cash-or-credit guarantee

Jan 19, 20043 mins
Intrusion Detection SoftwareNetwork Security

Service designed to automate attack blocking.

Internet Security Systems is so confident that the managed security offering it is announcing next week will automatically block certain network attacks that it pledges to pay customers thousands of dollars in credit or cash if the service fails.

The new Security Incident Prevention Service, which requires customers to use the Proventia G or M intrusion-prevention systems (IPS) ISS introduced last year, targets about 30 of the most-critical threats. These include worms that go after Microsoft software and those that exploit Apache Web servers and other programs.

The IPS service, which includes vulnerability assessments and comes in standard and premium editions, costs $2,000 to $2,200 per month, per managed IPS. The company’s managed intrusion-detection system (IDS) service costs less than $2,000 per month.

To encourage customers to jump from IDS-based monitoring services to IPS-based automated blocking – some network professionals are concerned that IPS products will block legitimate traffic – ISS is guaranteeing up to $50,000 in cash if the premium prevention service fails and up to $25,000 in credits if the standard service doesn’t work.

The city of Sterling Heights, Mich., which has used ISS for four years to remotely manage its firewall and monitor for attacks via an IDS, is game for giving the managed IPS service a try.

“We’re willing to block attacks,” says Steve Deon, network administrator for the city, which maintains a private network for 1,000 municipal employees, including law enforcement, that reaches 20 buildings. “We’ve seen some things enter our network, such as worms and viruses, we’re not happy about.”

Taking aim

ISS says it will pay customers up to $50,000 in cash if its Security Incident Prevention Service fails to detect and stop attacks such as:
MS Blast worm
HTTP Code Red
Nachi worm
Windows RPCSS DCOM buffer overflow
Sendmail mail header processing buffer overflow

ISS monitors the network via its Southfield, Mich., security center, one of the half-dozen it has around the globe.

Kelly Kavanagh, principal analyst at Gartner, says the ISS prevention services are the first of their kind in a market that includes vendors such as Counterpane, Symantec, Ubizen and VeriSign. She says offerings already exist where a managed service provider identifies attacks, but that blocking is not enforced until the service provider consults with the client.

“The Proventia appliances take the manual intervention step out of the process,” Kavanagh says.

But as unusual and attractive as the cash incentives are, Kavanagh says ISS’ service-level agreements leave the company with a few escape clauses, such as if there is an “Internet emergency” or if an ISP’s network goes on the blink.