Verizon Business is now offering to help businesses analyze potential security flaws in their business applications.
Verizon says that it decided to start offering an application security program after finding that 79 percent of corporate records were compromised last year through attacks against businesses' application layers. The new program starts by scanning and assessing risks for all company applications and then suggests a series of preventative controls that companies can take to secure their applications. From there, companies have the option of utilizing Verizon's Cybertrust Application Certification program, which the company says "verifies that their information-security controls, policies and procedures meet a stringent set of standards."
The application security program is merely a way for companies to assess their application risks and does not offer any security services on its own, says Omar Khawaja, the global services product manager for Verizon Business. The reason for this is that it would be impossible for the company to price its various security services into an application security package, says Khawaja, who explains that all actual security patches are sold separately. Security controls sold separately by the company include application layer firewalls, secure application development training, application log monitoring and DoS defense.
Verizon first reported that hackers were increasingly using vulnerabilities in business applications to compromise corporate records in its 2009 data breach report. That study found that a total of 285 million electronic records were breached last year, which represented more than the total number of records breached in the past four years combined. The reason for the sharp increase is that attacks on financial firms' networks had become more sophisticated and successful, the company said. Although only 17 percent of the attacks studied by Verizon constituted "highly sophisticated" data breaches, these attacks were responsible for 95 percent of all records breached.