Verizon's New Security Offer Covers Your Apps

Verizon Business today is launching a new service aimed at helping enterprises continuously monitor and protect their Web-based applications from security threats and data breaches.

The software-as-a-service (SaaS) offering, using WhiteHat Security's application vulnerability management SaaS platform, lets subscribers check their applications for vulnerability whenever changes are made or even on a periodic basis for safety's sake.

The Verizon Business Application Vulnerability Scanning (AVS) is aimed at stopping the growing amount of Internet hacking designed to capture data -- credit card numbers, Social Security numbers, etc. -- that can instantly be turned into cash, said James Tomlinson, senior security strategist, Verizon Business.

The "2009 Data Breach Investigations Report," an annual effort by Verizon, discovered that 79 percent of the 90 confirmed breaches reported were compromised via Web applications, exposing 285 million records. As more common business applications -- such as human resources, training, shared databases, sales force management, and expense reimbursement -- become Web-based, there is greater possibility of hackers going after those applications to extract valuable data.

"Anywhere there is data that a criminal can turn into money, that data is vulnerable," Tomlinson said. "A new way of attacking an application can come out, even if the code for that application was written well."

That's why enterprises need to be checking the vulnerability of their applications on an ongoing basis, throughout the product lifecycle, Tomlinson said. The new Verzion AVS service does that, at three subscription levels -- baseline, standard and premium -- based on the size and complexity of the Web site being protected. The service is available immediately to customers globally, regardless of whether or not they buy data or other services from Verizon.

The growing number of Web-based applications and the complexity of providing ongoing security make it harder for businesses to do this on their own, Tomlinson said. "Many businesses lack the expertise or the resources to do this in-house," he said. "With our service, they don't have to deploy equipment, they don't need technical expertise -- if they know the URL of the application, they can sign up and take advantage."

Subscribers can do vulnerability scans on demand, whenever changes are made or on a regularly scheduled basis, Tomlinson said. "They put in the URL and other data about the applications and we check that app on an ongoing basis," he said.

Verizon also offers Web application firewall as a managed service, and subscribers to AVS can use that offering to block any vulnerabilities that are discovered behind the firewall while software codes are fixed. Verizon does also have the expertise to help software developers with security coding, Tomlinson said.

The AVS service is the latest in Verizon's managed security offerings. Pricing starts at $3,300 annually per application for the baseline service, with volume discounts available.

— Carol Wilson, Chief Editor, Events, Light Reading