Seeking Services

Companies are much more aware of the need for IT security after the Sept. 11 terrorist attacks and last year's Nimda and Code Red worms, security solution providers said. But in a down economy, they're more interested in services such as risk assessments and vulnerability management than new products, security specialists say.

"We're seeing more people interested in baseline risk assessments," said Errol Weiss, vice president of the Mid-Atlantic region at New York-based Predictive Systems.

"There are fewer dollars, so they're spending wisely," Weiss said. "They want to figure out where they should spend before spending on projects willy-nilly."

Businesses know they can't just grab products to solve security problems,they need solutions, said David Pollino, managing security architect at Cambridge, Mass.-based @stake.

"Customers are focusing on process, not products," Pollino said, adding that business continuity is a major concern for enterprises.

Though the managed security business experienced a shakeout over the past year, survivors said they're going strong.

Netsec, a Herndon, Va.-based firm serving U.S. government agencies, has seen an uptick in business in the financial, pharmaceutical and manufacturing markets, said Ken Ammon, president and CEO of the company. Customers are realizing that intrusion-detection systems aren't valuable unless they're managed and monitored, he said.

Netsec also expects more interest in its vulnerability and patch advisory service because the number of security patches is overwhelming administrators, he added. Netsec's service provides customized vulnerability alerts and possible remedies.

Guardent, Waltham, Mass., also offers a managed service to help customers deal with vulnerabilities. The service, slated to be launched March 5, provides recurring vulnerability tests from every angle of the network, said Jonas Hellgren, managing director at Guardent.

A Guardent analyst studies the data gathered from the tests, ranks the vulnerabilities based on the threat they pose to the customer's network, and provides mitigation measures, Hellgren said.

Another area of focus among customers is application-oriented security solutions, such as those for e-mail, said Robert Booker, vice president at Syntegra, a consulting and integration firm in Arden Hill, Minn.

Companies are more aware of security needs, but actual spending still is slow, Booker said.

"Awareness has gone up, but not necessarily the investment," he said.

Businesses increasingly want to know how a security solution will provide a return on investment, which can be a challenge, Booker said.