‘Security Operations Center’ Approach Is Fail-Safe Against Cyberattacks, CEO Says

With cyberattacks expected to be on the rise in 2017, a key line of defense will take the form of “security operations centers,” or SOCs. And with SMBs expected to be targeted more aggressively by the bad guys, making the SOC approach affordable is going to be essential.

https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iThat’s where Arctic Wolf Networks, a SOC-as-a-service provider in Sunnyvale, California, sees its sweet spot. In a recent interview, Arctic Wolf founder and CEO Brian NeSmith explained the concept:

You buy protection much like you buy locks on the door and bars on your windows at your home, but the reality is that you also want something that monitors how someone might evade that. The SOC does that for your IT infrastructure, much like you buy a monitoring system for your home. The reason you need that is because the landscape is so complicated, the attacks can come from any direction, the nature of the attacks can change at any time. So you need something that’s continuously looking and monitoring that infrastructure to ensure that all the defenses that you built up haven’t in some way failed you. The goal of the SOC is it’s there when all other defenses fail.

One of the highest-profile recent cyberattacks, of course, was the one against the Democratic National Committee during the presidential campaign. So if the DNC had been a subscriber of Arctic Wolf’s SOC-as-a-service, would that attack have been prevented? NeSmith said a good portion of it would have been, because the DNC would have recognized the original breach and the compromises that had taken place:

The DNC honestly had really not adhered to even some of the more obvious types of cybersecurity practices that they should have. But a SOC does become a fail-safe. It helps you highlight when you’re getting compromised and helps you remediate that and deal with that. Part of the responsibility of the SOC is to also point out improvements that you can make in your infrastructure to reduce your risk, and so I think with the SOC in place, the risk would have been clear. For people that are non-technical, a SOC can make the risk clear so that they can make decisions and choose to make investments or not.

I asked NeSmith what differentiates Arctic Wolf’s SOC from other SOCs. His response:

The biggest challenge in the security world right now is getting people with expertise, and mid-size organizations find it problematic to both hire and keep people with the right expertise. What we’ve done by building a service is we provide not just the technology, but the people that provide the functionality. A critical element is the expertise of the people, and that’s really where we differentiate ourselves — providing that full-service solution, which includes the talent as well as the technology.

Aside from the insights he provided in the interview, NeSmith has come up with a list of six predictions for 2017 that I found to be well worth sharing here:

• SMB attacks will increase. Large enterprises are very aware of their security weaknesses, and they have made significant investments to fortify their security. Most of the low-hanging fruit, however, has not been picked yet. In 2017, we’ll see cyber criminals shift more of their focus to SMBs, who are easier targets since they are less sophisticated and do not have the budget and/or resources to implement enterprise-class security. According to security research from earlier this year, more than half of small businesses were targeted in the last 12 months. In 2017, we’re predicting 75 percent of all SMBs will be a target.
• Ransomware gets smarter and more dangerous. Ransomware stole headlines in 2016, but the gig isn’t up. New variants of ransomware that are able to evade detection will become prevalent in the coming year. As ransomware has become an epidemic, detection methods have been created, forcing cybercriminals to continually enhance their data-stealing tactics. In this cat-and-mouse game, ransomware will evolve to be more self-contained, and thwart today’s detection methods. Expect to see another spike in ransomware in health care and financial services, as the criminals get smarter in the new year.
• Cyberwars among nations become official. Cyberwarfare among nations has been all cloak-and-dagger up to now. Everybody knows it happens, but it is never covered as widely as a traditional military campaign. As threats become more advanced and intelligent, the severity of their impact on international conflict will force nations to bring the issue to the forefront, publicly acknowledging their intent and actions. Expect to see more reports about cyberattacks and defenses on the evening news.
• Cyber insurance will become a line item on IT budgets. We know by now that businesses should be worried not about if they will be breached, but when. As more organizations accept this reality and consider how they will recover from a potentially crippling financial loss from a data breach, incident response plans are evolving to include cyber insurance. The guarantee that complete data recovery is attainable and affordable is peace of mind that businesses are finding more and more value in, and a trend that we can expect to see grow in 2017.
• IoT threats will become a concern for SMBs. The IoT is all about creating more connections. But more endpoints mean more potential for attack and SMBs already have their hands full trying to secure traditional and mobile devices. The addition of connected “things” will muddy the waters even further, and complicate cybersecurity to a point we haven’t experienced to date. The year 2017 will open the eyes of many who aren’t yet taking this threat seriously, as unexpected devices/endpoints are accessed.
• Blockchain will be used to fight against malware and ransomware. Blockchain applications are on the rise, and while cybersecurity use cases are beginning to crop up, the full potential of the technology is yet to be tapped. Void of points of entry and a permanent record of the data trail, blockchain will present a new level of security options for many businesses. In 2017, security pros will begin incorporating it into their cybersecurity roadmap.

A contributing writer on IT management and career topics with IT Business Edge since 2009, Don Tennant began his technology journalism career in 1990 in Hong Kong, where he served as editor of the Hong Kong edition of Computerworld. After returning to the U.S. in 2000, he became Editor in Chief of the U.S. edition of Computerworld, and later assumed the editorial directorship of Computerworld and InfoWorld. Don was presented with the 2007 Timothy White Award for Editorial Integrity by American Business Media, and he is a recipient of the Jesse H. Neal National Business Journalism Award for editorial excellence in news coverage. Follow him on Twitter @dontennant.