Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Overwhelmed by an onslaught of external threats that aim to take down or infiltrate their networks, enterprises are increasingly turning to their telecommunications carriers, ISPs and managed services providers to help stop attacks before they arrive.

Companies are demanding that their providers offer a range of security protections as part of their licensing agreements. Alongside those onboard network defenses, many telecom carriers, ISPs and MSPs are building out a range of additional security offerings to protect customers and create new opportunities to make money.

When enterprises draw up their SLAs (service-level agreements) with carriers, most already require that their providers take on the task of blocking DoS (denial-of-service) attacks, malware and spam e-mail, said Mitch Ferro, senior director of product management for Broadwing Communications’ Internet and Managed Services group, based in Austin, Texas.

The notion that such threats are expected to arrive via voice and data communications networks is rapidly becoming a thing of the past, he said.

“We’re seeing that customers are looking to us for specific types of security services that naturally gravitate towards carriers, and the trend toward customers demanding denial-of-service, spam and virus protection as part of their SLA has really taken off over the last year and a half,” Ferro said. “We’re trying to provide a cleaner pipe to the customer than what has been acceptable in the past. It’s a question of where you stop the bad guys: at the door to your house, or before they ever get to your neighborhood.”

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet’s Security IT Hub.

Ferro said that well over 50 percent of Broadwing’s ISP customers already include some reference to security requirements in their SLAs, with the number growing rapidly. Along with those guaranteed network defenses, the company also offers an additional DoS protection service for a price, as well as similar spam and e-mail security programs, and a “Clean T1” service which includes all three types of protection.

Looking forward, Broadwing is planning to create services for managed firewall outsourcing and network intrusion detection, and may also launch a PWAN (Private WAN) offering. Not only does providing such services help keep existing customers from swapping providers, there are also significant opportunities for the carrier to create new revenue streams based on the demand for security expertise, he said.

“The good news for us is that at same time customers are asking us to do more with security, they’re also willing to pay a premium for these services,” Ferro said. “At the end of the day it is still cheaper for them than to use us than [to do] the work in-house, and we can deploy architecture across multiple customers to see what’s going on in the networks further upstream and detect any problems much sooner than customers ever could.”

As a result of the trend toward carrier-provided security, a range of technology providers are betting that they can expand their own businesses by creating the tools the companies use to protect their customers. One such firm, Arbor Networks, in Lexington, Mass., is providing some of the underlying technology used by Broadwing to help support its own security services.

IBM adds anti-virus capabilities to its ISS endpoint security tools. Click here to read more.

Broadwing is specifically using the Arbor Peakflow SP network monitoring and traffic measurement appliance, which promises to detect and mitigate anomalies to root out attacks. Because of the magnitude of today’s distributed DoS threats, carriers need such tools to protect both their own infrastructure and those of their customers, and identify threats as early as possible to prevent them from gaining momentum, said Danny McPherson, chief research officer at Arbor.

“On one side, providing bandwidth is becoming a commodity, so these carriers are looking for new ways to lock in revenue, hold onto customers and create new opportunities,” MacPherson said. “As these companies add new services for convergence, including video and voice over Internet Protocol, they’re going to need to have proactive security in place, as customers will expect the same level of performance from those applications that they’ve come to expect from traditional carrier services.”

Another technology provider trying to cash in on the shift toward carrier security is software maker Narus, which offers to bolster infrastructure protection using deep packet inspection and correlation to scan every link and element on a network.

“These carriers already have a lot of the information that is needed to root out attacks before they ever reach the customer,” said Steve Bannerman, vice president of marketing for Narus, based in Mountain View, Calif. “We can provide them with the additional layer of intelligence they need to help identify anomalies upstream and keep end users protected.”

In another example of the continued push by carriers to extend their security expertise, some large firms have begun buying out technology specialists that can provide them with the tools necessary to compete. On Oct. 25, London-based telecommunications industry giant BT Group announced that it had purchased network security outsourcing specialist Counterpane for an undisclosed sum, rumored to be in the $40 million range.

Counterpane, also based in Mountain View, gives BT another angle on carrier security, as the firm offers services for monitoring networked enterprise applications, including Microsoft and Oracle databases, SAP business applications and IBM mainframes. Doug Howard, chief operating officer at Counterpane, formerly managed security issues at telecom giant AT&T.

“The problem is, although carriers have fair amount of capability to see suspicious network activity, they need to add additional technology to be able to provide enterprise-class security services, and those won’t be available cheaply, so the market is already feeling pressure to acquire the necessary pieces,” Howard said. “Many carriers may already have experience with distributed DoS, but their response time is typically hours, and for large customers processing millions of transactions online, that’s not acceptable, so there will be more activity.”

At least one industry watcher agreed that there will likely be more deals over the coming months as carriers aggressively push to expand their security footprints. For the carriers it’s all about finding new ways to retain customers and build services revenue, but customers will likely appreciate noticeable network security improvements as the trend takes root across the telecom industry, said Maribel Lopez, an analyst with Forrester Research.

“It really works out well for everyone, as customers don’t want to pay for bad traffic, and the service providers look better by helping to prevent nasty malware from entering the enterprise,” Lopez said. “Even if the enterprises don’t buy the add-ons, it makes them feel better about their carrier; we will see more acquisitions as the threats continue to change and carriers need new technologies that can help the continually monitor and update their systems.”

Check out’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraine’s eWEEK Security Watch blog.