VeriSign changes tactics on security

VeriSign has integrated its various security services as part of a new initiative that aims to get businesses on the offensive when it comes to protection.

The Mountain View, Calif.-based company outlined the three groups of services that underpin the Security Intelligence and Control Services (SICS) initiative Tuesday. The effort brings together real-time data and other security products from VeriSign to help companies better defend themselves against attacks and fraud.

"Basically, we are trying to change the model for security from reactive--when an attack hits their 'walls' or 'doors'--to proactive by watching the network at large and helping them protect themselves," said Stratton Sclavos, CEO of VeriSign.

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

The SICS framework covers existing products and services and some new releases. It comprises three major security categories: network, application and commerce. Under the Network Security banner, VeriSign will offer managed security, vulnerability assessment and monitoring services. The Commerce Security services are aimed at helping retailers and e-commerce sites avoid fraud and attack, while Application Security services are designed to let companies secure Internet applications and lock down Web services.

For VeriSign, whose varied businesses are hard to classify, the SICS initiative, announced Monday, is less about offering new services and more about making the Internet security company more tangible, according to Laura Koetzle, a senior analyst at market research firm Forrester Research.

"They realize that they are a tough company for customers to get their arms around," she said. "So I think this whole Security Intelligence and Control Services announcement is a way to give the world a way to think about VeriSign."

VeriSign announced in May that Merrill Lynch had contracted it to secure the financial company's network. And in June, the security company introduced a service that combines domain name service (DNS) information from its registry business with fraud data in order to help businesses pinpoint locations with high fraud rates.

"That (service) culminated a year of research and development," Sclavos said. "This new initiative now adds intelligence to the equation. Companies are all very capable of running their own security, but they don't have this ability to see outside their network."

Moreover, VeriSign plans to bring on new partners that will also use its data to provide services that are aimed at better protecting customers.

"We believe that one of the keys to this intelligence and control initiative is vendor independence," he said. "We are going to build an ecosystem around this so that others can build value-added services."

The SICS announcements come as VeriSign faces criticism for actions it has taken as the registrar for .com and .net domain names.

The Internet engineering community took the company to task for changing the way its servers respond to nonexistent domain names. VeriSign had created a wildcard in its database that would forward any requests for a nonexistent or reserved domain name to a page of its own, named Site Finder, which would help the user look for the Web site.

Last Friday, the company took that service down and reset the database to respond to such requests in the traditional way: by returning an error code.

VeriSign said it plans to make more security announcements that are connected with the SICS initiative throughout October.