Government agencies are discovering that managed security services represent an increasingly attractive alternative to trying to find and retain the cybersecurity skills they need to defend against a growing array of threats.
That’s due in part to the need for newer, deeper and broader security skills than most agencies have on staff, says Chris Novak, global director for the Verizon Threat Research Advisory Center.
But it’s also because managed services providers “have the ability to access the depth and breadth of talents and capabilities that might not otherwise be available in an agency setting.”
The kind of cybersecurity skills agencies often need isn’t always accessible through their “typical hiring or recruiting processes of most agencies — or may be out of reach from a salary standpoint, given the competition on the market,” says Novak in a new StateScoop podcast underwritten by Verizon.
Novak, who leads hundreds of cybersecurity investigations annually, noted an encouraging development, however, in the latest edition of Verizon’s annual Data Breach Investigations Report.
Organizations that leveraged managed security and threat intelligence services experienced significant improvements in reducing the time it took to identify and respond to potential threats, says Novak.
“Those two things contributed heavily to an actual, measurable improvement in an organization’s discovery time,” he says. “Historically, we’ve seen that detection and response to incidents and breaches — it could go about eight months or so on average, typically, before an organization will even have identified the fact that that they have suffered an incident. And then obviously, they have to take steps to mitigate it and respond and recover.”
Addressing security risks
Another consideration behind the swing to managed services is the extent to which technology is being brought to the center of enterprise risk management issues, says fellow podcast guest M.K. Palmore, vice president and field chief security officer, Americas for Palo Alto Networks, which partners with Verizon’s managed security services arm.
Agencies still have to implement their security roadmaps. “But what we’ve seen certainly are enterprises now having to engage in different aspects of that roadmap much more quickly than they had originally planned,” in response to expanded threats arising from workforce shifts prompted by the pandemic.
“Managed services may become part of that calculus as you begin to decide how you level up your capabilities,” Palmore says.
When security isn’t core to the mission
“Focusing on security is not what a lot of agencies’ mission is all about,” says Novak, explaining why managed security services often make smarter economic sense in the long run.
”Security is something that is a need-to-have, to ensure that the mission can be done. But generally speaking, it is not the focus of why or what the agency does — save for a few whose mission is in fact safety and security,” Novak says.
“Having the ability to lean on a third party, who’s actual focus is on security, both from an [managed services] or [professional services] perspective, allows you to remain more focused on your core objectives, and spend more time, more effort and more resources on what the core mission is,” he says.
Another reason agencies turn to managed services providers like Verizon is the global view they provide on potential threats, according to Novak.
“When we look at our global backbone, there’s an opportunity to draw a lot of threat intelligence from what it is that we see, just by what happens to transit,” he explains. “The backbone of the internet is essentially the battleground in which most of these cyberattacks take place. It’s almost like in the movie, “The Matrix,” when all of a sudden it becomes visible as to exactly what it all means and how it all works together. Having that visibility is incredibly valuable.”
Novak and Palmore also discuss in the podcast what distinguishes operating in the today’s environment compared to the days before the pandemic; use cases for adopting managed services; and recommendations for CIOs to win buy-in from agency leaders to take greater advantage of managed and professional services.
Listen to the podcast for the full conversation on closing talent gaps in IT security and learn more on how Verizon Professional and Managed Services can provide a full spectrum of digital and security solutions for your organization.
This article was produced by Scoop News Group for, and sponsored by, Verizon.
Novak’s team leads hundreds of cybersecurity investigations annually, including financial fraud, cyber-espionage, ransomware, attacks on industrial control systems and cyberterrorism. And he advises multinational corporations and government agencies regularly on their cybersecurity posture.
Palmore has nearly three decades of government and cyber security experience, including 22 years at the FBI.
You can hear more coverage of “IT Security in Government” on our FedScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.