Verizon Business today announced an extension to its managed security services that will protect its customers’ network infrastructure at the application layer. The new Application Log Monitoring and Management Service will let IT departments log, track and analyze activity at the software and Web application layer as well as within operating systems and servers for both Web applications and databases.

By extending security deeper into the organization infrastructure – through the network, data, and now the application and user levels – Verizon intends to provide more thorough and proactive protection from a wider range of threats, said Bart Vansevenant, head of strategy for security solutions. Now in addition to monitoring security devices, Verizon Business will also be monitoring applications, servers and activity logs which are not part of the security infrastructure.

“We are doing this in response to the evolution of threats,” Vansevenant said. “In the past, most threats were mass attacks – worms, viruses, and other things exploiting vulnerability at the network level. There is still some of that out there but we have seen a significant shift to threats at the user level and application level. Attacks are very targeted, not only at a network but at specific applications. They attempt to steal some data from a database or put some code on a Web site to make something happen.”

By tracking activity at the application and server level and applying appropriate policies, these kinds of threats can be identified and mitigated, Vansevenant said.

As with other services in its Managed Security Services portfolio, Verizon Business is touting the expertise it brings and the option for 24/7 monitoring and response that this new service will offer. IT departments can save money, reduce the complexity of their operations and automate security processes, Vansevenant said.

While many IT organizations may be tempted to handle this kind of protection themselves, they often lack the expertise, Vansevenant said.

“If you compare what a service like ours brings – it includes technology, people and processes,” he said. “Most IT departments may be able to put security in place but they lack the expertise and the processes experts to know how to deal with an incident. In addition to the fact that these threats have changed, there are additional aspects related to people, expertise processes that drive people to use a service provider.”

Verizon’s Application Log Monitoring and Management Service will automatically collect log data, analyze it, correlate to policies and known threats, and archive it. Threats can be filtered out and neutralized.

“We will do a pre-filtering – only a small subset of logs are relevant for security or compliance,” Vansevenant said. “The company will have a policy or we will have a correlation engine – and we will see if there are any incidents we can derive. For example, if someone is trying to log in on the database as an administrator and it’s not working, it might be a hacker. After collection, then correlation, the last step is doing the escalation.”

A managed security service will also enable businesses to stay in compliance with a wide range of legal requirements, Vansevenant said.

The new service, which will be available in early April, is being done in conjunction with LogLogic, whose software will be deployed at the customer premises, Vansevenant said.