Verizon Business makes firewall more flexible

Enterprises using the network-based firewall offered by Verizon Business will now be able to control it much as they would a firewall on their own networks.

The global business services unit of Verizon Communications will let customers go outside the standard templates it has offered so far and tune firewall features to meet their specific needs. The company was set to announce the change on Monday at the RSA Conference in San Francisco.

As business operations spread around the world through outsourcing and mobile work, the line between the inside and outside of a corporate network becomes more complicated. For U.S.-based organizations, Verizon Business sells the Secure Gateway Network-based Firewall as an alternative to IT departments installing and maintaining their own firewalls. The service runs on modules in Cisco routers in Verizon's network core.

Since it rolled out the service about 18 months ago, the carrier has given customers a choice of templates for what they want the firewall to do. For example, one template might allow only e-mail packets to come in from the Internet. But the templates don't fit every enterprise need, said Eric Sorensen, senior group manager of secure gateway services at Verizon Business.

For example, an automaker that gets parts from a third party may want to let nonemployees onto its servers, but only those logging in from a certain factory and using a particular application, Sorensen said. With the Secure Gateway Network-based Firewall (custom), an IT administrator can set that kind of rule, he said. The service includes a Web-based interface for making changes in real time. The standard edition with templates is still available.

Most enterprises have balked at network-based firewalls because they don't want to give up granular control over their security, said Gartner Inc. analyst Alex Winogradoff. Verizon's new hands-on feature could help break down that resistance, he said.

Handing off security to service providers follows the trend of enterprises letting carriers provide and manage their networks, Winogradoff said. Keeping firewalls in many locations up to date is not easy, he said.

"It's a chore that is not part of the core business that enterprises want to be in," Winogradoff said.

One thing that might worry enterprises about the network-based firewall is control over periodic updates to the underlying software. An IT manager worried about a new version of software would want to be able to keep using the older version until the problem was solved, Winogradoff said.

The Secure Gateway Firewall is sold as a feature on top of a Secure Gateway port. A 1.5Mbps port costs an average of $200 to start and $1,000 per month. The custom firewall option would cost $140 per month. Verizon Business hopes to offer the service to customers based outside the U.S. later this year.

Also at RSA, Verizon Business will announce it is extending its denial-of-service protection system to Europe. Verizon DoS Defense Mitigation, which identifies and blocks attacks that use massive amounts of incoming traffic, is now available in 11 European countries, including France, Germany, Spain and the U.K., the company said. It plans rollouts in Canada, Latin America and Asia later this year.