Cyber Security Q&A with Mike Vamvakaris, Zayo Group
We talk to Mike Vamvakaris, Vice-President of Managed Cyber Security at Zayo Group, about his practice and what it means for customers. Vamvakaris, for his part, has more than 20 years of experience with cyber security, cloud applications and managed services environments within start-ups and multi-million-dollar organisations. Now, he’ll be leading a focused team of security professionals, “dealing with everything you hear about on the nightly news.”
Why is Zayo expanding their Managed Security Service Provider (MSSP) business?
Vamvakaris: With the acquisition of Allstream, Zayo has inherited a long history and focus on cyber security. Information security, robust protocols and a range of security solutions are central to what we do. Now we’re taking cyber security to the next level with a full suite of managed services for our customers. It’s no longer enough to just have a firewall. We’re now moving into advanced threat detection and correlation — we’re focusing on the behavioural aspect and getting in front of the threats. We’re also vendor-neutral, so we work with the customer to build use cases that are unique for their specific vertical — we’re not there to send them to a vendor.
A lot of customers are experiencing scarcity of IT staff or security expertise. Zayo adds intrinsic value by not only working as an extension to their IT team, but also augmenting it with 24x7x365 monitoring by highly trained security staff, the use of current technologies, the application of innovative security solutions and a real-time pulse on threats. We offer use cases and the recurring monitoring of events through the SOC. We also offer managed security services — that’s traditional firewall, anti-malware, content filtering — so we can manage their existing infrastructure. We offer professional services, working with the customer to do penetration tests and/or vulnerability assessments to identify inherent cyber risks within their organisation. We also recommend security solutions to help them build up their own security infrastructure.
What security services are offered through the SOC?
Vamvakaris: Before you can try to figure out a defense, you need to understand who’s out there attempting to compromise your business. Our Global Security Operations Centre addresses that. We specialise in cyber security, understanding who the threat actors are and what data is worth protecting in an organisation.
We’ll go in with professional services and help a company identify what their vulnerabilities are; we do a penetration test to see how easy it is to infiltrate your network. We then provide management of your existing infrastructure, and with the new SOC we can offer continuous event monitoring. We’re like the security guard that protects your building — except we guard the doors in your network others can’t always see. Plus, we’re continuously watching the threat landscape and providing organisations with information that is contextual to their business.
Which businesses or verticals will benefit from this approach?
Vamvakaris: We’re already protecting a consortium of government agencies, which demonstrates our ability to protect complex networks. We have customers from a number of verticals and can pool together all of the different indicators of compromise that are relevant to any company or industry — for example, government, hospitality, manufacturing, IT services, financial and retail. We work with these customers on a one-to-one basis to understand their unique exposures and to customise a solution for them. All our customers can benefit from the same level of security.
Why should companies consider a managed security solution over an in-house solution?
Vamvakaris: Organisations have enough to deal with just trying to manage their main business to be successful. By choosing a managed security solution companies can focus their resources on their core competencies.
However, the reality is cyber threats are growing in frequency and sophistication and it is challenging for companies to keep up with proactive security controls, competing priorities, and governance. For these reasons, companies benefit from a managed security solution versus trying to do it all internally. The key is for companies to do their research to ensure they select a trusted partner who can meet their unique security requirements and compliances.
What are some reasons to consider Zayo over other MSSPs?
Vamvakaris: With Zayo’s expansion into Canada, we have become the first pan-American network operator that also ties into Europe. We are able to provision hundreds of customers on the same platform while maintaining their individual security controls. This means customers can benefit from the cost savings and scalability inherent with a multi-tenant environment. We realise each business is unique and we approach each customer as such to offer a custom managed security solution. Customers also have the choice of a dedicated security environment. For added flexibility, we now have a monthly service fee where they can pay per node or per second. It’s more cost-effective for companies; they don’t need to hire their own cyber security team of experts, but they need access to one.
As we continue to grow our MSSP, our goal is to be forward-thinking and proactive in our approach, so customers don’t have to wait for a breach to happen and subsequently spend months, or even years, investigating what was stolen and how. We help our customers adopt a holistic approach to security and work with them to implement effective and tailored cyber security solutions.