Gary Landau has been leading IT and information security teams for over 25 years as part of startups as well as large global organizations. He is currently a Field CISO with Unisys Security Services, where he supports companies in many different industries. His mantra is “keep making it better” and he is passionate about continuously improving system reliability, performance, and security.
In this interview with Gary Landau, we dive into how Managed Security Service Providers (MSSPs) can play a vital role in helping organizations navigate the current cyber security landscape and how they can help you optimize your cyber security strategy.
If you missed Cyber Talk’s past interview with Gary Landau, click here.
As an MSSP, how do you accurately assess what is happening in cyber security today?
We have the advantage of aggregated information from our collective customers. With visibility into security issues across industries, with different types of regulated information and with information pulled from different geographies, we have an expansive understanding of the various cyber security issues that our customers are facing, and experience in discerning which solutions will work best for a specific client.
In which industries or sectors are you seeing the highest demand for MSSP services, and why do you think that is?
I don’t see one type of industry seeking out MSSP services more than another. But what I do see is that select MSSP services are in greater demand than others. One service that I see in higher demand consists of 24/7 SOC services. Security monitoring and response needs to be 24/7, as it takes a lot of work to run a global SOC and most organizations can’t do it on their own. Part of what makes managing an SOC difficult for most organizations is the staff turnover, especially in a 24/7 security service. For the purpose of maintaining quality and consistency of services, having an MSSP take care of it can make a lot of sense.
What are the biggest challenges or obstacles that MSSPs face in meeting the cyber security needs of their clients?
One of the biggest challenges is storage space — so a lot of clients try to be sparing about how much log data they collect and retain. The more that they collect and retain, the more costly it can be. There’s a cost for ingesting data as well as storing it — mostly with SIEM solutions. So, clients try to make decisions about what not to collect or how to avoid retaining data for excessive lengths of time.
However, every time there’s an incident, those same customers lament that they didn’t have the logs available to do a thorough investigation into how the issue got started or where it spread to. After an incident, a lot of organizations regret that they didn’t collect those logs. It’s a cost-benefit analysis, of course, and they must decide what level of risk is acceptable. If that decision is to forego collecting some logs, then if an incident occurs, they need to be able to justify why they made such a decision. If they aren’t prepared to justify it, then they need to collect the logs.
Can you share some success stories or examples of how your MSSP has helped organizations overcome specific cyber security challenges?
One example is from when Unisys helped a city prepare to host the Superbowl by improving the city’s security posture. This involved collaborating with both local officials and the Department of Homeland Security to ensure cyber security across a vast number of areas.
Another example is our work with the California State University System in support of the largest PeopleSoft installation in the nation; where Cal State houses their HR, finance and student information systems in the cloud. We help them protect their sensitive data with data masking and many other tools and processes. For example, we protect them from ransomware with an immutable data vaulting solution. We keep their cloud environment secure by continually monitoring and driving towards 100% compliance with the recommended security settings, as outlined in the NIST800-53 and ISO27001 benchmarks.
What is your MSSP’s long-term vision for supporting organizations’ cyber security needs as the threat landscape continues to gpost?
As an MSSP, Unisys does in-depth assessments to identify cyber security gaps, and then implements and manages advanced cyber security safeguards. Our assessments are continuous, so that our security safeguards are evolving as threats change. However, our focus goes beyond just cyber security. Our vision is to improve businesses and business technology through cloud adoption and application modernization. Cyber security is just a part of making this happen.
Is there anything else that you would like to share with our C-level audience?
C-level leaders should be realistic about their organization’s strengths, weaknesses, capacity and timelines. I recommend looking at where teams are struggling and to address corresponding issues first. Security is not something to procrastinate on. For organizations that want to build up internal capacity in certain areas, working with an MSSP sooner rather than later could save them money in the long-run. Not only can an MSSP take the stress off of teams and enable in-house staff to do a better job of what they already do well, but MSSPs simultaneously improve the overall security posture for the organization, letting everyone rest a little easier.