Add NETSEC to your list of options for security service providers.

The Herndon, Va., company has announced it is morphing from a security consulting company to a 24x7 managed security service provider. For nearly three years, the company has been providing security consulting to government agencies and large commercial organizations.

Ken Ammon, CEO, says it's difficult for a consulting firm to grow and maintain quality, given that consulting requires essentially a 1:1 relationship with each client. Recognizing the shortage of security professionals, which affects NETSEC as well as its customers, the company decided to reposition itself.

In April of last year it opened its first operations center, at a secured site in northern Virginia. It targeted a handful of its high-profile clients to trial its new security services, using their feedback to improve it.

"Security is a relationship that has to be built," says Jerry Harold, NETSEC's president. "You have to start small and let the customer test your capabilities."

With that in mind, the company is offering a suite of three basic services intended to let customers test the waters before diving in.

For an annual fee of $7,950, the Network Intelligence service provides analysis of new security vulnerabilities and gives customers the opportunity to ask NETSEC roughly 24 questions per year about security issues specific to their networks. NETSEC researches each question and provides a custom report in response.

Next up the ladder is the Information Assurance service, which involves monthly network scans and penetration testing to find vulnerabilities, both internal and external. The service costs about $5,400 to $35,000 per year, depending on network complexity.

At the top of the chain is the Device Management service, whereby NETSEC manages a company's firewall, virtual private network and/or intrusion detection systems around the clock. The company will manage devices the company already owns, or provide them as part of the service.

Among the vendors whose products NETSEC can monitor are Cisco Systems, Check Point, F-Secure, Internet Security Systems, Intrusion.com, NetScreen, Network Security Wizards and RSA Security. The Device Management service costs about $18,000 to $88,000 per year, depending on the numer of devices being monitored. Managing a single firewall, for example, would cost $18,000.

NETSEC's real value-add, Ammon says, is its process and analysis capabilities. What the company learns from monitoring any one customer can be applied to all others, he says, an argument echoed by most service providers. NETSEC has trend analysis tools that can mine security log data and "discover things you would enver see looking at daily logs." Events that are deemed important enough get passed on to a trouble ticketing system, which triggers an analysis of the event. Others are logged for historical analysis.

Another differentiator is that NETSEC is a "pure" managed service offering, meaning the company does not offer consulting services. Instead, it allies with consulting companies who resell NETSEC services as well as help companies define security policies and architecture.

That strategy will help keep NETSEC's headcount under control. The firm has about 70 employees now and plans to grow to 135 by year-end. Most of the additions will be behind-the-scenes technicians, or "long-haired, smart people who don't want to deal with people except through a keyboard," Ammon says.

For more information, see www.netsec.net