The company outlined the three groups of services that underpin the Security Intelligence and Control Services (SICS) initiative Tuesday. The effort brings together real-time data and other security products from VeriSign to help companies better defend themselves against attacks and fraud.
"Basically, we are trying to change the model for security from reactive--when an attack hits their 'walls' or 'doors'--to proactive by watching the network at large and helping them protect themselves," said Stratton Scavlos, CEO of VeriSign.
The SICS framework covers existing products and services and some new releases. It comprises three major security categories: network, application and commerce. Under the Network Security banner, VeriSign will offer managed security, vulnerability assessment and monitoring services. The Commerce Security services are aimed at helping retailers and e-commerce sites avoid fraud and attack, while Application Security services are designed to let companies secure Internet applications and lock down Web services.
For VeriSign, whose varied businesses are hard to classify, the SICS initiative, announced Monday, is less about offering new services and more about making the Internet security company more tangible, according to Laura Koetzle, a senior analyst at market research firm Forrester Research.
"They realise that they are a tough company for customers to get their arms around," she said. "So I think this whole Security Intelligence and Control Services announcement is a way to give the world a way to think about VeriSign."
VeriSign announced in May that Merrill Lynch had contracted it to secure the financial company's network. And in June, the security company introduced a service that combines domain name service (DNS) information from its registry business with fraud data in order to help businesses pinpoint locations with high fraud rates.
"That (service) culminated a year of research and development," Scavlos said. "This new initiative now adds intelligence to the equation. Companies are all very capable of running their own security, but they don't have this ability to see outside their network."
Moreover, VeriSign plans to bring on new partners that will also use its data to provide services that are aimed at better protecting customers.
"We believe that one of the keys to this intelligence and control initiative is vendor independence," he said. "We are going to build an ecosystem around this so that others can build value-added services."
The SICS announcements come as VeriSign faces criticism for actions it has taken as the registrar for .com and .net domain names.
The Internet engineering community took the company to task for changing the way its servers respond to nonexistent domain names. VeriSign had created a wildcard in its database that would forward any requests for a nonexistent or reserved domain name to a page of its own, named Site Finder, which would help the user look for the Web site.
Last Friday, the company took that service down and reset the database to respond to such requests in the traditional way: by returning an error code.
VeriSign said it plans to make more security announcements that are connected with the SICS initiative throughout October.
Dear Mr Lemos
I note with some fascination and astonishment Mr Stratton Scavlos’s comments on Internet Security in the above article!
You are indeed fortunate to be privy to his council as this is a privilege not extended to my Member Of Parliament Mrs Laura Moffatt, who wrote to Mr Scavlos on My behalf in JUNE 2003. The subject was of course SECURITY.
Perhaps in your conversation with this individual you can mention my name - ALEXANDER MCKILLOP - as I live in England and Mr Scavlos and certain other Company Directors have conveniently failed to correspond with me on the subject either.
You may also care to ask him why Mr McKillop was FORCED to repurchase his OWN THREE BUSINESS DOMAIN NAMES directly from Nominet U.K. in order to protect them from an unwanted “GUEST” and to avoid dealing with a Company (with whom I have NO association), but who are currently - and without my permission – are in possession of them?
I have addressed the issue to the U.K. Information Commissioner’s Office for Data Protection and have found the situation to be wanting on the subject. Make of that what you will!
The matter is also currently in the hands of the U.K. Law enforcement and is being progressed to my satisfaction despite a pattern of constructive evasion, deceit and lies from the parties RESPONSIBLE for this disaster.
The evidence of this fact I can produce in writing and tape recordings of what few phone calls I have had on the subject, so when certain individuals chose to make retractions to statements made – as has happened – it will make interesting press.
This situation has now taken SIXTEEN MONTHS 24/7 out of my life since I PERSONALLY discovered an unwelcome “Guest” on the 15th MAY 2004.
Please note NONE of the Companies involved – which included a wholly-owned subsidiary Company of Verisign Inc. - discovered this individual for what I am informed (ELEVEN MONTHS LATE and many obstructions later!) is TWENTY TWO MONTH PERIOD!
Is it not interesting that these Companies and Directors have NOT reported the matter to the U.K. Police or Data Protection agencies? Even more frightening that they have not pursued the unwelcome guest? This is all the more frightening when you consider the penalties in the U.K. for this offence!
A member of staff at the Company that is currently in TEMPORARY possession of my THREE DOMAIN NAMES (until the authorities conclude their investigations) has informed me that they obtained 60,000 accounts along with mine!
I cannot guarantee the varacity of the statement made as it was offered as an excuse for GIVING this unwanted “Guest” access to my domain names and email, which he destroyed at, will during his intrusion.
I could simply “blow your mind” by informing you of the nature of this man’s employment – but I will not! Give yourself a giggle by asking Mr Stratton Scavlos instead! You will NOT believe it!
Particularly when you consider that they have NOT pursued him over SIXTEEN MONTHS and counting and I was the ONLY one that has stopped him! However what other domain name accounts and email he has maybe been given access to I am not in a position to know.
However, I have been given information a few days ago that another victim has come forward to Scotland Yard and I am attempting to trace them with the aid of the media at the moment.
So with regard to Internet Security – THERE IS NONE! Verisign Inc. cannot PROVE to me that they have carried out ANY investigation into this matter DESPITE me constantly requesting it. What Verisign Inc. Litigation Counsel HAS stated is that the unwanted “Guest” approached their wholly owned subsidiary Company and was given this access in AUGUST 2001!
Worse still – they CANNOT explain what this unwanted “Guest” provided as Identification to be ACCEPTED as the OWNER of my domain names!
I have invoices, Domain Name Ownership Certificates from 1999! He did NOT! I KNOW that I TELEPHONED him on the 15th MAY 2003 and he h