Equant announced a managed service this week that it says will address a major shortcoming of intrusion-detection systems: too many false alarms.
"There are a large amount of false negatives and false positives with intrusion detection," says Steve Maslin, product manager for Equant's Intrusion Detection service.
Initially available only for the company's managed firewall service customers, the offering promises an added level of security by examining traffic for irregular patterns or content. The service may be made available to other managed service customers based on user demand, according to the carrier.
The Intrusion Detection service is based on Cisco’s IDS 4200 Sensors that Equant deploys in front of Check Point firewalls on customer sites (although Equant will support other vendors' IDS gear if already installed).
Alarms and alerts are forwarded to security operations centers run by Equant partner Ubizen, which correlates the messages and sorts out those that might spell trouble.
"This is a service that does not rely on an automatic response, but an intelligent response to alerts and alarms," Maslin says.
Equant says this service could offload a lot of work for a customer. In one customer example the carrier says a company with up to 30 sensors experienced 5 million alerts in a month. Of those alerts only 250,000 were identified as "real attacks." And of those, only 55 needed to be escalated to the customer as the carrier was thwarting the attacks.
Equant meets with each customer before service deployment for a network vulnerability assessment.
The offering will be available in 220 countries where Equant offers managed services.
"One of the greatest strengths of Equant is that it truly offers a global service and provides a one-stop shop for an integrated portfolio of managed security services," says John Sherwood, managing director at consulting firm Sherwood Associates.
The service is initially for customers that have dedicated IP connections running from 45 Mbit/sec to 200 Mbit/sec. An upgraded version planned for in the fall will support customers with connections up to 1Gbit/sec, Maslin says.
Equant is far from alone in the managed security services market. AT&T Corp., which launched enhancements to its IDS service last month, handles the monitoring of customer network security in-house.
MCI, like Equant, teams with a security company to deliver its offering. In MCI's case, ISS is the partner. Ubizen and Internet Security Systems also offer security services of their own, although companies such as Equant and AT&T offer many more managed services. While ISS is the market leader, Equant can offer users a broader range of security product support, where ISS only offers customers probes developed by the company, Sherwood says.
Equant's Intrusion Detection service rates vary depending on the customer's dedicated bandwidth connectivity. The carrier says it will charge about $3,800 per month for a 100M bit/sec connection for a user that signs a three-year contract.