Nortel is expanding its security services portfolio, capitalizing on its networking expertise to offer service providers and enterprise customers consulting service in the security arena, along with a managed service offering and security compliance services.

“We now have a full-blown, fully rounded portfolio to address the needs of all the markets we serve – carriers, SME, enterprise, service providers,” said Ralph Santitoro, director of security services at Nortel. The company has pulled together its many internal security resources, previously scattered around the company in different product groups, into one internal organization focused on the wide-range of security needs.

The new offerings – Security Compliance Services, Managed Security Services, and Security Consulting Services – are intended to enable customers to get the degree of assistance they need in assuring network security. For service providers, one key aspect is the ability to provide security in a converged IP world, that includes voice and video, Santitoro said.

“For the carriers, one of the things that is unique about what Nortel offers is that we address their needs,” he said. “If you look in the market and ask who you go to for security services, the companies tend to be very enterprise focused. One of strengths that Nortel brings is our knowledge of the carrier market and what their issues are. They maybe had a lot of experience with locking down their TDM voice network. When they move to VoIP, it is more of an application that rides on the Internet. It is exposed to a lot of threats – viruses, works, etc. – that are Internet-based. We understand the VoIP solutions, the equipment, from carrier grade perspective.”

A key challenge in that environment is being able to identify the cause of the security breach within a complex network environment, he added, as well as designing industry best practices and standards into the way security is established.

“Because we deploy lots of carrier solutions, we bring that expertise of making security hardened across the globe,” Santitoro said.

Nortel is targeting the full range of the carrier market, he added, from larger carriers who need consulting to aid their existing staff to Tier 2 and Tier 3 companies, who may not have specific staff trained in security.

“Security is people, processes, and technology issue,” Santitoro said. “You have to address each part. Are my people trained to apply good security practices, not to use ‘password’ as their password? Who has access to the equipment? How do you make sure that default password is kept secure? It’s much more than putting a box here or there to do intrusion detection.”

As part of its service, Nortel also will allow its service provider customers to resell its security offerings.

“A lot of carriers may have managed security services, some don’t,” Santitoro said. “We can managed the devices for the actual service providers. We will manage their equipment as well. If a service provider wants to get into the security business, we will design for them a security operations center. We have our own, but we can design one and put all the tools in place and staff it for them or train their staff to do it. If they want to be a managed security services provider we will get them into that business.”

Security Compliance is another issue that plagues both enterprises and carrier network operators, especially in light of government regulations for compliance as well as privacy laws and rules for identity protection. One advantage to using a comprehensive security vendor is the ability to stay on top of changes in rules and regulations, and to stay abreast of changing threats.

“You need a real-time situational awareness of your network at all times,” Santitoro said. “And you need to correlate that information 24 by 7, in order to avoid being exposed to the zero-day threat. It’s not the threats you know about that will hurt you, it’s the ones you don’t know about. One of the things we do is stay on top of what’s happening in the network right now.”

Some of those threats may not be obvious, as with recent thefts of VoIP service that didn’t cause a network outage, but did produce major revenue leakage, he added.