Talking shop (and SOC) with Zayo’s VP of Managed Cyber Security

Security continues to be top of mind, both in the IT department and the C-suite. With the rise of the Internet of Things (IoT), the proliferation of cloud apps and the constant evolution of new threat vectors, information security is a challenge for organizations, to say the least.

That’s why Zayo Group is building out its security practice with the launch of a Global Security Operations Center (GSOC) later this year — in a secret location, of course — to complement its current security offerings. Zayo’s Managed Cyber Security will go to market with three services: Advanced Threat Management, Managed Security Services, and Professional Services and Consulting. The GSOC will initially launch in Canada, with plans to roll out in the U.S. in 2017.

We talk to Mike Vamvakaris, Vice-President of Managed Cyber Security at Zayo Group, about his practice and what it means for customers. Vamvakaris, for his part, has more than 20 years of experience with cyber security, cloud applications and managed services environments within start-ups and multi-million-dollar organizations. Now, he’ll be leading a focused team of security professionals, “dealing with cyber-criminal activity, similar to what you hear or read about in the news.”

Why is Zayo expanding their Managed Security Service Provider (MSSP) business?

Security has always been a focus for Allstream. With the acquisition of Allstream, Zayo Group has inherited a long history and focus on cyber security. Information security, robust protocols and a range of security solutions are central to what we do. Now we’re taking cyber security to the next level with a suite of managed services for our customers. It’s no longer enough to just have a firewall. We’re now moving into advanced threat detection and correlation — we’re focusing on the behavioural aspect and getting in front of the threats. We’re also vendor-neutral, so we work with the customer to build use cases that are unique for their specific vertical — we’re not there to send them to a vendor.

A lot of customers are experiencing scarcity of IT staff or security expertise. Zayo adds intrinsic value by not only working as an extension to their IT team, but also augmenting it with 24x7x365 monitoring by highly trained security staff, the use of current technologies, the application of innovative security solutions and a real-time pulse on threats. We offer use cases and the recurring monitoring of events through the SOC. We also offer managed security services — that’s traditional firewall, anti-malware, content filtering — so we can manage their existing infrastructure. We offer professional services, working with the customer to do penetration tests and/or vulnerability assessments to identify inherent cyber risks within their organization. We also recommend security solutions to help them build up their own security infrastructure.

What security services are offered through the SOC?

Before you can try to figure out a defense, you need to understand who’s out there attempting to compromise your business. Our Global Security Operations Center addresses that. We specialize in cyber security, understanding who the threat actors are and what data is worth protecting in an organization.

We’ll go in with professional services and help a company identify what their vulnerabilities are; we do a penetration test to see how easy it is to infiltrate your network. We then provide management of your existing infrastructure, and with the new SOC we can offer continuous event monitoring. We’re like the security guard that protects your building — except we guard the doors in your network others can’t always see. Plus, we’re continuously watching the threat landscape and providing organizations with information that is contextual to their business.

Which businesses or verticals will benefit from this approach?

We’re already protecting a consortium of government agencies, which demonstrates our ability to protect complex networks. We have customers from a number of verticals and can pool together all of the different indicators of compromise that are relevant to any company or industry — for example, government, hospitality, manufacturing, IT services, financial and retail. We work with these customers on a one-to-one basis to understand their unique exposures and to customize a solution for them. All our customers can benefit from the same level of security.

Why should companies consider a managed security solution over an in-house solution?

Organizations have enough to deal with just trying to manage their main business to be successful. By choosing a managed security solution companies can focus their resources on their core competencies. However, the reality is cyber threats are growing in frequency and sophistication and it is challenging for companies to keep up with proactive security controls, competing priorities and governance. For these reasons, companies benefit from a managed security solution versus trying to do it all internally. The key is for companies to do their research to ensure they select a trusted partner who can meet their unique security requirements and compliances.

What are some reasons to consider Zayo over other MSSPs?

With Zayo’s expansion into Canada, we have become the first pan-American network operator that also ties into Europe. We are able to provision hundreds of customers on the same platform while maintaining their individual security controls. This means customers can benefit from the cost savings and scalability inherent with a multi-tenant environment. We realize each business is unique and we approach each customer as such to offer a custom managed security solution. Customers also have the choice of a dedicated security environment. For added flexibility, we now have a monthly service fee where they can pay per node or per second. It’s more cost-effective for companies; they don’t need to hire their own cyber security team of experts, but they need access to one.

As we continue to grow our MSSP, our goal is to be forward-thinking and proactive in our approach, so customers don’t have to wait for a breach to happen and subsequently spend months, or even years, investigating what was stolen and how. We help our customers adopt a holistic approach to security and work with them to implement effective and tailored cyber security solutions.

Image: iStock