Yep, here we go again taking on something new. Something counter-intuitive to what we know. Or perhaps it is something that people really don’t want to know about right now. Perhaps it is counter-intuitive to the cybersecurity jobs we hold. Yet we know in our heart of hearts that “status” quo cybersecurity isn’t working for our company, business, organization or country. Three years ago, the subject of “security as a service,” or SECaaS, was something that was in its infancy (like a lot of the cybersecurity things we know today). At that time, SECaaS was like a “blackbox,” a cybersecurity service that was installed onto a computer network that “others” watched and ran and monitored. It only involved the company IT department when necessary (or at least that was the impression many had). SECaaS was like Harry Potter, the poor step-child that was kept in the closet below the Dursley’s living room stairs. Today, the attitude and opinions about SECaaS, for some, has completely changed for the better. Organizations, large and small, are using SECaaS to not only step up their cybersecurity game but also provide a level of 24/7 monitoring with intrusion detection and prevention services that is necessary (if not a requirement) in today’s cybersecurity ecosystem. We are here to dispel the myths and notions about SECaaS because we believe it is a tool of forward-thinking executives of all sizes of companies, PE firms and hedge funds who find themselves simply overwhelmed with the vastly increased amounts of cybersecurity threats and alerts they need to deal with on a daily basis. So, enough with the hoopla, because you don’t need to hear it from us. The statistics on SECaaS speak for themselves. Indeed, the Global IT SECaaS market is expected to grow by almost 20 percent during the period 2016-2020 from about $3 billion today to about $8 billion in 2020. Here are three things you really need to know about SECaaS:
1. SECaaS is cheaper and more effective than “BYO” Security Hardware
The traditional way many companies deal with security is the BYO Security Hardware solution, meaning “buy your own” security hardware and hope you know how it works, how it functions, and how it fits into the rest of your network security hardware. First, there were firewalls and next-gen firewalls. Next, signature-based intrusion detection and prevention hardware. And what happened? Companies still got hacked with regularity. Why not leverage the hundreds of millions of dollars a year of hardware that the major brand network security providers spend annually to help improve your own security exponentially without the associated costs? Your ROI and your CFO will appreciate you for suggesting the idea.
2. No More “Alert Fatigue” and far fewer “false positives”
Here is where the rubber meets the road. There are three serious and related problems today that scream out for “forward thinking” cybersecurity solutions:
- The vast increase in network traffic year over year for the last few years, which has caused far more chatter for skilled incident responders to sort through and interpret on a daily basis;
- The trickle-down nature of cyber-crime, which has placed attacks, such as DDoS-as-a-service and Ransomware as a Service (RaaS), in the cost range of a fine New York City dinner for four people; and
- The skilled cyber HR shortage, which has left companies severely limited in the amount of skilled workers they can hire to both hunt down and respond to threats showing up on their intrusion detection devices or firewall logs.
Indeed, one recent article noted:
"In early 2015, estimates based on U.S. Bureau of Labor statistics indicated that there were just over 200,000 unfilled cybersecurity jobs in the U.S. Intel Security's recent 'Hacking the Skills Shortage' report projects that number to be one to two million by 2019. [T]he head of a large global firm remarked: 'If I wanted to hire another top-notch ITSec professional, I couldn't even do it right now.'"[1]
“Fancy” and “Cozy Bears,”[2] along with the countless cases of ransomware we have seen in 2016, have left us convinced that cybersecurity is becoming infinitely more complicated than it was 12 months ago, and we only see things getting more complicated going forward. Wouldn’t it be nice, as in one instance we know of, that one organization saw a 100-fold drop in security alerts after its SECaaS device was installed on its network by a leading provider. And the alerts that organization did get were not false positives. They were actionable, real alerts that were vetted in real time by the fully trained and experienced security defense staff at the SECaaS provider. This time, however, since its incident responders were not overwhelmed with chatter, they could respond in an appropriate and timely fashion. That is one of many distinct advantages of SECaaS.
3. Rubbing Salt on Open Wounds
It would not be extremist to say that with the increasing amount of interconnected devices being wired into critical infrastructure and being created by the Internet of Things, the amount of network traffic will only get worse by the day, week, and month. Added to reasons one and two, IoT will only serve to better our lives but make our incident responders even more overworked and outgunned. There are more benefits here than we can list, but we think you get the point. Like other new ideas and solutions we have mentioned on these pages, like AI and Machine Learning[3] and cybersecurity automation and orchestration,[4] we think SECaaS is an idea whose time has come.[5] We simply don’t have enough people to man our cybersecurity forts and shiny black boxes, and we don’t have any more time to consider other solutions when industry regulators, like New York’s Department of Financial Services, are paying even more attention to the cybersecurity posture of regulated entities. For all these reasons, it's time to give SECaaS a chance to help us become super human incident responders who can protect our company’s most vital IP and IT assets.
About the Author: Paul Ferrillo is counsel in Weil’s Litigation Department, where he focuses on complex securities and business litigation, and internal investigations. He also is part of Weil’s Cybersecurity, Data Privacy & Information Management practice, where he focuses primarily on cybersecurity corporate governance issues, and assists clients with governance, disclosure, and regulatory matters relating to their cybersecurity postures and the regulatory requirements which govern them. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
[1] See “Cybersecurity Beyond Traditional Risk Management,” available at http://www.insidecounsel.com/2016/09/15/cybersecurity-beyond-traditional-risk-management. [2] See “Russian government hackers penetrated DNC, stole opposition research on Trump,” available at https://www.washingtonpost.com/world/national-security/russian-government-hackers-penetrated-dnc-stole-opposition-research-on-trump/2016/06/14/cf006cb4-316e-11e6-8ff7-7b6c1998b7a0_story.html. [3] See “How AI Can Save Corporate America From Devastating Cyber Attacks,” available at https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/how-ai-can-save-corporate-america-from-devastating-cyber-attacks/. [4] See “Next Generation Solutions to Today’s Big Cyber Problems,” available at https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/cybersecurity-automation-and-orchestration-next-generation-solutions-to-todays-big-cyber-problems/. [5] Three of the larger SECaaS providers that we know of are FireEye, K2 Intelligence and IBM, which have the ability to reach internationally as well for larger organizations and funds.
Tripwire ExpertOps
Elevate your organization's cybersecurity with Tripwire ExpertOps! Explore our managed security service now to ensure round-the-clock protection and expert guidance in safeguarding your digital assets.
