Businesses feeling alarmed at how quickly the Web has grown into a dangerous place for their employees are showing interest in security services that free them from having to make investments in security appliances, software, and monitoring. AT&T on Monday introduced its latest network-based security service, Web Security, which provides Web-content filtering and screening for malware and spyware, as well as the filtering of Instant Messenger traffic for malware.

While AT&T, which operates one of the largest networks on the planet, is an obvious choice to offer such services, Trend Micro, a company that's made its name selling antivirus and Internet content filtering software, also sees a demand for network-based security services. The company last week announced that its OfficeScan 8.0 software, currently in beta, will be the first to include the company's new Web Reputation service, which offers Internet users warnings about shady Web sites and potentially dangerous traffic before they infect their PCs with spyware, keyloggers, or other malware.

As a communications service provider, AT&T is more than happy to take on security responsibilities at the network level for its customers, helping them break the cycle of investment in security technology. "Businesses need to view software and software features on the liability side of the equation," said AT&T chief security officer Ed Amoroso, in an interview. "One thing that AT&T has done to simplify networks is to push security into the cloud. It's admittedly a very AT&T or carrier-centric suggestion; I'm not going to apologize for that."

Under this network-centric security model, a company's network traffic is checked by its carrier for malware, spam, and other signs of trouble before the scrubbed traffic is delivered to the company. "You buy Internet access and embedded in that is all the security," Amoroso says.

Web traffic is becoming one of the largest targets for cyber attackers because companies are increasingly using HTTP protocols to pass information back and forth. When security comes from the carrier, companies don't have to deal with software installation, licensing, or obsolescence, said Stan Quintana, VP of AT&T Security Services, in an interview. He added that over time companies can expect to security services to in some cases cost half as much as an investment in hardware and software security.

AT&T doesn't expect companies to bring in the carrier to replace IT security systems all at once. "But we do offer an alternative as their infrastructure begins to age," said Quintana, who downplays the impact AT&T's security services could have on the market for security hardware and software products. "AT&T uses a lot of those components to provide its services," he adds.

AT&T's Web Security service, priced on a monthly per-seat basis, joins the carrier's existing firewall, intrusion detection, intrusion prevention, and secure e-mail services.

It's a growing model that could prove disruptive for vendors that make their living selling new security appliances and software upgrades. A notion not lost on Trend Micro, whose new Web Reputation service tracks IP addresses as network traffic tries to connect into customers' networks. If those IP addresses match those that have been blacklisted because their traffic contains malware, Trend Micro blocks the traffic before it reaches its customer's network.

Reputation Service works with Trend's OfficeScan client-side PC software to protect users from "IP addresses that are known to change frequently or send out ridiculous amounts of e-mail," said Trend Micro CEO Eva Chen in an interview. "The PC communicates with the service running in the cloud whether that PC is on a corporate network or connecting remotely."

While the availability of managed security services is nothing new, the expansion of services from carriers like AT&T and software vendors like Trend Micro means that companies have additional opportunities to consolidate the number of vendors they deal with and potentially simplify increasingly elaborate IT security setups.