With cyberattacks expected to be on the rise in 2017, a key line of defense will take the form of “security operations centers,” or SOCs. And with SMBs expected to be targeted more aggressively by the bad guys, making the SOC approach affordable is going to be essential.
That’s where Arctic Wolf Networks, a SOC-as-a-service provider in Sunnyvale, California, sees its sweet spot. In a recent interview, Arctic Wolf founder and CEO Brian NeSmith explained the concept:
You buy protection much like you buy locks on the door and bars on your windows at your home, but the reality is that you also want something that monitors how someone might evade that. The SOC does that for your IT infrastructure, much like you buy a monitoring system for your home. The reason you need that is because the landscape is so complicated, the attacks can come from any direction, the nature of the attacks can change at any time. So you need something that’s continuously looking and monitoring that infrastructure to ensure that all the defenses that you built up haven’t in some way failed you. The goal of the SOC is it’s there when all other defenses fail.
One of the highest-profile recent cyberattacks, of course, was the one against the Democratic National Committee during the presidential campaign. So if the DNC had been a subscriber of Arctic Wolf’s SOC-as-a-service, would that attack have been prevented? NeSmith said a good portion of it would have been, because the DNC would have recognized the original breach and the compromises that had taken place:
The DNC honestly had really not adhered to even some of the more obvious types of cybersecurity practices that they should have. But a SOC does become a fail-safe. It helps you highlight when you’re getting compromised and helps you remediate that and deal with that. Part of the responsibility of the SOC is to also point out improvements that you can make in your infrastructure to reduce your risk, and so I think with the SOC in place, the risk would have been clear. For people that are non-technical, a SOC can make the risk clear so that they can make decisions and choose to make investments or not.
I asked NeSmith what differentiates Arctic Wolf’s SOC from other SOCs. His response:
The biggest challenge in the security world right now is getting people with expertise, and mid-size organizations find it problematic to both hire and keep people with the right expertise. What we’ve done by building a service is we provide not just the technology, but the people that provide the functionality. A critical element is the expertise of the people, and that’s really where we differentiate ourselves — providing that full-service solution, which includes the talent as well as the technology.
Aside from the insights he provided in the interview, NeSmith has come up with a list of six predictions for 2017 that I found to be well worth sharing here:
A contributing writer on IT management and career topics with IT Business Edge since 2009, Don Tennant began his technology journalism career in 1990 in Hong Kong, where he served as editor of the Hong Kong edition of Computerworld. After returning to the U.S. in 2000, he became Editor in Chief of the U.S. edition of Computerworld, and later assumed the editorial directorship of Computerworld and InfoWorld. Don was presented with the 2007 Timothy White Award for Editorial Integrity by American Business Media, and he is a recipient of the Jesse H. Neal National Business Journalism Award for editorial excellence in news coverage. Follow him on Twitter @dontennant.