What’s a modern company’s best defense against the growing repertoire of cybersecurity attacks? They could stock up on security point solutions currently crowding the market. But would their personnel know what to do with them?

A security skills shortage set to leave 3.5 million jobs unfilled by 2021 has many companies wondering how they’ll fill the gap. No doubt, many wish they could just purchase the whole security kit and caboodle as a service.

Some companies apparently have read their thoughts. The desire to outsource security — particularly among small to medium-sized businesses — is growing, according to Marty Sanders (pictured), chief security services officer of security operations center as a service company Arctic Wolf Networks Inc. The company, founded in 2012 and based in Sunnyvale, California, offers a cloud-based service that provides 24×7 monitoring, vulnerability assessment and threat detection and response.

To some, SOC as a service appears to be the shortcut to peace of mind around security. It addresses prohibitive costs, the skills shortage and vulnerabilities that don’t disappear when information technology security personnel go home.

“A lot of the companies, they might have that office admin that became the IT person that became the security person,” Sanders said.

That’s hardly ideal, especially as the threat landscape grows and hackers get more and more sophisticated. Machine learning, artificial intelligence and other technologies are enabling cybercriminals like never before. But assembling a world-class security team to work around the clock is simply not feasible for many.

“If you were to go out and buy a security team to cover you 7 by 24, it’s at least a minimum of six to seven people to do that,” Sanders said. The cost of doing so could be quite high. An SOC as-a-service offering could do the same high-level security monitoring affordably, he added.

Sanders spoke with Stu Miniman, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the recent WTG Transform event in Boston. They discussed how SOC as a service can relieve businesses in a skills and budget pinch (see the full interview with transcript here). (* Disclosure below.) 

This week, theCUBE spotlights Arctic Wolf Networks in its Startup of the Week feature.

Many fronts in new cybersecurity war

We are currently experiencing a “dramatic rise in cybercrime,” according to a report from Cybersecurity Ventures Inc.  These threats will cost the world $6 trillion per year by 2021, up from $3 trillion in 2015. Increased reliance on the internet, which requires extra cybersecurity protections, and spending on defense services are two factors contributing to ballooning costs.

Technology companies, their enterprise customers, and thought leaders are struggling to effectively fight multiplying threats. Some believe that network-driven security is the best way to secure dispersed, multicloud IT environments.

“You need to make sure security follows the data — that’s the new trend,” Ken Xie, founder and chief executive officer of Fortinet Inc., told theCUBE in April. “That’s where the infrastructure [of] security needs to involve the networking side, the end point side and the cloud.”

Fortinet is striving to be a leader in network-driven security. It is also marshaling educational efforts to address the skills shortage. Its NSE Institute offers self-paced and instructor-led courses and certifications in various network security concepts.

Many companies realize the difficulty and cost of hiring a whole new batch of security pros to stave off attacks. Some are trying to raise the security IQs of the employees they already have.

“There’s very little of what we do in security that’s just done by security practitioners,” Katie Jenkins, chief information security officer of Liberty Mutual Insurance Co., told theCUBE during Amazon Web Services Inc.’s AWS re:Inforce event in Boston last month. Liberty is corralling its whole company and some third parties — including asset managers, compliance people, a privacy team, auditors, and procurement specialists — into its refreshed security program.

“We’re educating them on how to prevent phishing attacks. We’re doing all sorts of culture-based initiatives, recognizing that if it’s just the security folks doing security, we’re going to have a big gap,” Jenkins said.

Subscribe security headaches away

Sanders believes that the easiest approach to security — especially for SMBs and small enterprises — is just to get rid of it. That is, they should let a service provider with highly skilled specialists and advanced technology handle it for them. After all, even very good onsite security teams often clock unimpressive response times, he explained.

“The typical threat has been in their environment for at least 100 days before they notice it. What we want to do is get it down to minutes,” Sanders said.

And hackers know that these teams aren’t on the ball 24/7. Thus, there are certain times when they can more easily penetrate cracks in the system. “We want to make sure that any threat that’s coming in, we’re notifying on it immediately,” he said.

Arctic Wolf’s 24/7 “concierge” SOC as a service assigns real security professionals — one senior and one less senior person — to man a customer’s whole environment. They learn about all of the customer’s applications, their ingress/egress points, possible attack vectors, etc. Assisted by machine-intelligence technology, they keep a hawk’s eye out for consequential events, while striving to vet false positives and “little red hen stories,” Sanders said.

Arctic Wolf is available as a monthly subscription-based service. Once companies subscribe, they often begin to feel like legitimate partners and teammates with the company, according to Sanders. That’s because the concierge security pros learn their systems thoroughly, build on their knowledge and improve over time.

“You’re not dealing with somebody fresh every time that you call in,” Sanders said. “If you have any type of event that validates that there’s somebody trying to break in, you want to have that person that understands your environment. It makes it so much easier if you have that consistent face that you’re dealing with.” 

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of WTG Transform. (* Disclosure: TheCUBE is a paid media partner for WTG Transform. Neither Winslow Technology Group LLC, the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE