Managed Security Services

Helping ISPs Become Managed Security Providers

Providing secure business Internet service requires far more than adding a firewall to your customer's network. ISPs can enter the Managed Security Service market without growing in-house security expertise by joining a reseller program like this one from DefendNet Solutions.

Lisa Phifer
VP Core Competence, Inc.

From Melissa to the LoveBug to LifeChanges, nasty mail viruses continue to hound Internet — and especially Outlook — users. Headline-grabbing distributed denial-of-service (DDOS) attacks have web hosters scrambling to protect themselves and their customers. Enterprises jumping on the eBusiness bandwagon fret over the looming specter of cyber-theft. Today, it seems that just about everywhere you look, you find heightened consumer awareness about on-line security.

The good news for ISPs: Awareness translates into growing demand for security products and services.

An ISP can avail itself of this opportunity in two ways: by selling turn-key security solutions, or by adding managed security to its service portfolio. According to DefendNet Solutions co-founder Vincent Giordano, "We find that managed services are what customers really want, but the downside for an ISP entering this market is the cost of support — creating relationships with vendors, building and staffing a security NOC, purchasing customer premise equipment." DefendNet should know: It is, itself, a managed service provider, headquartered in Providence, RI.

But, since last September, DefendNet's prime objective has not been direct sales. DefendNet is now helping ISP and CLEC resellers to become managed security service providers.

Outsourced Security for Small and Midsize Enterprise Customers
DefendNet wraps its managed security service around popular customer premise firewalls:

SecureInternet-100 protects up to 25 users with a Netscreen-5 firewall for $249/month.

SecureInternet-250 includes a WatchGuard Firebox II firewall, starting at $599/month.

SecureInternet-500 includes a Check Point Firewall-1, starting at $999/month.

Once a firewall is installed at the customer site, DefendNet leverages this platform to sell "à la carte" security services like virtual private networking, content filtering, anti-virus scanning, and load balancing.

As DefendNet is quick to point out, security is more than a firewall. 30% of all break-ins occur with a firewall in place. What makes the difference? Expert vulnerability assessment, security policy configuration, monitoring, and reporting. DefendNet's east and west coast network operations centers provide 24x7 toll-free support and surveillance. Customers receive monthly reports to track incidents, network usage, and trends. DefendNet also performs an overall vulnerability assessment for each customer, before and after installation, repeated every six months thereafter.

DefendNet designs, prices, and markets these services to small and mid-tier companies that conduct business on a regional level. The competition? Think ISS eServices, who aims for larger Fortune 500 companies, and myCIO, who pursues the SMB market but on a national level.

Becoming A Reseller: What's In It For Both Of Us?
DefendNet believes it can best grow its managed security business by partnering with tier 2/3 ISPs and emerging CLECs who don't already have 24x7 security-focused NOCs. "Experience has shown that our best point of entry is after the customer is already connected. We estimate that 20% of existing [business dedicated line] customers would be interested in adding security services," said Giordano. ISP and CLEC resellers help DefendNet locate and sell to these potential customers.

In return, "Our partner program is a way for ISPs to offer managed security services to their customers without doing anything. The ISP bills its customer for the service, and returns a portion of the revenue back to DefendNet," said Giordano. "DefendNet does all the heavy lifting."

Just how much does DefendNet's service cost the reseller? According to Giordano, "Depending on sales volume, an ISP might return 70% of gross to DefendNet as cost of goods sold. That leaves 30% that falls straight through as profit, without additional support or materials expense."

Resellers can establish sales quotas based on DefendNet's 20% uptake projection. "For example, if you're selling 100 lines per month and 20% purchase even the entry-level security service ($249/month), add $5000/month to your existing sales quota," said Giordano. And if you'd rather not be a reseller? DefendNet offers a referral partner program that pays commission for each acquired customer.

Instant Managed Service Provider?
DefendNet partners avoid building their own security NOCs and purchasing hardware, but they don't really become managed security providers overnight. Bringing a new service to market is a major undertaking. Resellers must teach their sales team to sell a new product -- and a complex one at that. DefendNet isn't blind to this need. It invests marketing dollars on cooperative advertising (think COVAD). It sends a SWAT team in to bring the ISP's sales force up to speed on managed security services. It also works with the ISP to dovetail outsourced services with existing services, enhancing the ISP's provisioning process and backend support systems. Doing this right is not easy; only time will tell whether DefendNet has what it takes.

Given this up-front investment, how does a reseller qualify for DefendNet's partner program? According to Giordano, "All ISPs qualify. However, we find that the most successful ISPs are those with a direct sales force of 100+ people selling business dedicated services." Unstated but implied: the ISP must be generating non-trivial revenue from business grade services in order to justify such a sales force.

Once the resale arrangement is in place, how does the process work? According to Giordano, "The ISP sales force can ask DefendNet to perform a vulnerability assessment. We do a quick scan and 90% of the time find vulnerabilities that the sales team can use to help sell services." The ISP sales team may also sell à la carte services like virus scanning, remote office VPN, or branch office VPN, depending on the size of the customer's network.

Eventually, the customer is signed and the ISP provisions the line. Once the ISP has assigned the customer's IP address, DefendNet will program the CPE firewall and ship it to the customer. "The ISP typically sends someone on-site to install an access router," said Giordano. "This person also plugs in and cables the CPE firewall. From that point on, DefendNet monitors the CPE from our NOC."

If any problems are detected, DefendNet follows a protocol established by the ISP (i.e., who calls who, and when). If customers want to make security policy changes, they call the DefendNet NOC's toll-free number. "Five changes per month are built into the cost of the service," said Giordano. " If customers want to add new services, they call their ISP, and the upgrade is coordinated between the ISP and DefendNet using defined processes."

Bottom Line
In December, 1999, analyst group IDC said, "The worldwide market for network security services will soar from $512 million in 1998 to $2.24 billion in 2003, reflecting an average annual growth rate of more than 34%." That's a big chunk of change to ignore because you're a smallish ISP with too much on your plate to grow a specialized security staff. But if you enter a reseller program, do so with your eyes wide open: Expect to invest sales effort, and make sure resold services are well integrated into your service portfolio and business process. After all, you want to keep and expand your customer base by tapping new revenue opportunities, not lose customers due to poor sales/support handoffs.

 —End