Level 3 Communications is adding a new wrinkle to security services, introducing a new cloud-based service developed on next-generation firewall technology that has been built into its global network to replace on-premises security infrastructure. The Enterprise Security Gateway service is delivered from 40 Level 3 points of presence globally, can protect data on any device and is available to subscribers of any carrier.

The new service moves the security perimeter from the enterprise itself to the Level 3 network: One of its key goals is to address the rising costs of security for enterprises, which currently spend up to 60% of their IT dollars on that one function, says Chris Richter, senior vice president of global security services for Level 3 Communications Inc. (NYSE: LVLT) It covers a range of security issues including anti-malware with sandboxing, data loss protection, application awareness and enforcement and next-generation firewall.

"This new service is very powerful in ability to stop, block and detect attacks," he commented. "We have the horsepower, the network reach, the global reach, so we thought, 'Why not roll out gateways and create a virtualized, powerful high-performance next-gen security capability?' "

Read the latest on issues around network security in our security section here on Light Reading.

Instead of deploying on-premises security hardware and employing IT security specialists, enterprises are given a detailed portal through which they have complete visibility of what is happening in their network, and can receive reports and gateway performance data, including a view of traffic the gateway is blocking. Customers also have the ability to change their security settings on-demand and add new services as needed.

The ESG service is the latest in Level 3's security services push, which has started with a major distributed denial of service mitigation service and has expanded from there. (See Bargain Botnets Fuel Level 3's Expansion, Level 3 Offers Secure Cellular Internet Access, Level 3 Brings Volume to DDoS Mitigation and Level 3 Elevates Security With Black Lotus.)

According to Richter, ESG represents Level 3's "biggest product investment this year."

That investment put high-powered redundant next-gen firewall chassis in each of Level 3's 40 points of presence globally, along with massive routing and switching capabilities, Richter says. It also funded creation of two sandboxing infrastructures, one in North America and one in Europe, into which go snapshots of very packet that comes through the network with executable files or PDFs or other possible documents. If there is an indication of malware in them, Level 3 writes a signature against that malware to update its gateways on a constant basis, and notifies the customer of the quarantined traffic.

From its five global security centers, Level 3 provides around-the-clock access to security experts to resolve any issues. The carrier also makes constant use of its threat access information to update the security offerings.

Customers that are using other broadband service providers can access the Level 3 ESG through secure IPSec or GRE tunnels and get the same protection, Richter says. "This is carrier agnostic -- you don't have to buy a network service from us to get the benefits of the security service," he says. "We haven't see anything like this at other carriers," he adds.

— Carol Wilson, Editor-at-Large, Light Reading