OpenReach, SecureWorks announce security partnership

BALTIMORE (Telephony)—OpenReach and SecureWorks announced a strategic partnership during ISPCON Spring 2001 this week that combines OpenReach’s virtual private network (VPN) services with SecureWorks’ Internet monitoring services. The result is a service that provides end-user customers greater protection against intrusive attacks, and Internet service providers (ISPs) with a revenue-producing opportunity.

Essentially, the partnership marries the managed firewalls and public key infrastructures that are intrinsic elements of the OpenReach VPN package—for both site-to-site connections and remote-access connections—with SecureWorks’ ability to identify and verify a hacking incident.

The fact that the SecureWorks offering is a service and not a stand-alone product is a crucial distinction, according to Mike Pearson, chief technical officer for SecureWorks.

“Ninety-eight percent of alerts generated by intrusion detection systems are false positives, meaning that it’s legitimate traffic that for some reason looks like an attack,” he explained. “We’re able to add that crucial human element that allows us to determine whether the incident was a false positive or a real attack. We do it by having not only our automated sensor at the customer’s premise, but we have the secure communications back at our 24/7 operations center where we have humans monitoring alerts in real time.”

In addition, the product will shut down the connection when it detects a hacking incident, and provide the identity of the hacker, which takes the fight against hacking to a new level, added Mark Tuomenoksa, CEO of OpenReach.

ISPs are able to leverage the product offering in two ways. They can secure their own networks, or they can sell the package, either as an ala carte item or as a bundled element of the ISP’s own service offering. Either way, the opportunity to generate revenue from an added-value offering is a rare occurrence, claimed Pearson.

“The problem with most ISPs is that their customers naturally assume they’re secure,” he said. “So they’ve had a problem in the past with doing added-value services with other types of managed security offerings, because they were so expensive. Now, OpenReach and SecureWorks have an affordable solution that the ISPs can actually resell and make money and it’s not absurdly expensive.”

Affordability is a key given the current state of the capital markets, added Tuomenoksa.

“In this market we’ve seen revenue-to-capital spending drop tremendously,” he said. “In 1996 it was five-to-one, last year three-to-one and this year two-to-one. So the investors are saying, ‘You can’t spend more money to get these value-added services. Figure out another way to do it.’ That’s what we show up with.

“There’s no capital outlay. This is all software. The last thing people want is to spend more capital, because the investors will say, ‘Wait a minute, you just spent $X million on what you said was the service, but now you’re telling us it’s a commodity, and you want to do it all over again?’ That’s a hard sale right now.”