MCI Communications today announced a comprehensive security risk management service designed to help enterprise customers tailor their security services to the value of specific network assets, and change those services in real-time as their networks change.

MCI NetSec Security Risk Management Service is a managed security solution covering both the wide-area network and the enterprise LAN as part of MCI’s “cloud-to-core” strategy that enables companies to proactively respond to security threats and to changes in their networks. It is built on Finium, an integrated services and delivery platform that MCI acquired when it bought Net-Sec and that now encompasses both network and premises-based security.

The service is significant in several respects, said analyst Jeffrey Kaplan, managing director of THINKstrategies Inc. The combination of the service flexibility, the visibility it provides customers, the combination of LAN and WAN monitoring and the security expertise that MCI NetSec is bringing are all important aspects of the new service, he said.

"When you put all these together, especially in light of the fact they are being acquired by Verizon, this is a very aggressive offer," Kaplan commented. "This would be a real asset for Verizon and hopefully, they won't attempt to compromise the service."

The new service is the latest in a string of initiatives launched by MCI since it acquired NetSec last year, and represents the company’s biggest effort to date to take a leadership role in the managed security business. The Yankee Group has predicted that Enterprise Risk Management will be a $650 million business by 2008. The challenge for service providers is to convince enterprises to move from a homegrown approach to a network-based service.

MCI is attacking that challenge by providing customers with real-time information regarding their networks through a secure Web-portal and allowing them to react accordingly to immediate threats or problems. A dashboard approach provides customers with information at both the management and operation level, combined with response options that can be implemented real-time, and summary of items that require immediate attention. Customers also get a scorecard which shows their current risk threat. All of these tools replace the customer spreadsheets and other mounds of data.

“But we are not just giving someone notice that their risk score has changed,” said Ruby Qurashi, vice president, MCI NetSec Product Management. “We are presenting this information in the context of their business and we give them a tracking tool for remediation.”

The MCI SRM approach enables enterprises to manage their security risks on a prioritized basis, providing the highest level of protection for key strategic assets and shifting resources to protect assets as they come under threat from viruses, worms, spyware or hackers, she said.

“We give them extensive security risk and management tools that allow them to prioritize, initiate and track remediation plans,” Qurashi said. “They can track critical systems separately from others.”

The service includes unified threat management, automated asset inventory, integrated scanning and patch management, extensive trend and historical reporting and collaboration that provides customers with the benefit of MCI NetSec’s extensive experience in security. Customers also can initiate network scanning to detect threats.

"They are willing to present themselves as a second set of eyes," Kaplan said. "They will provide the monitoring and the customer can do the management. Then as customers get more comfortable with MCI and see what they can do, they will be more willing to hand off that piece as well."

The service is available beginning in January of 2006, which is also when MCI’s merger into Verizon is expected to close.