Marty Sanders, CSSO at Artic Wolf sits down with Stu Miniman (@stu) at WTGTRANSFORM2019 at the Hotel Commonwealth in Boston MA #theCUBE #WTGtransform https://siliconangle.com/2019/07/23/can-a-single-as-a-service-pill-cure-security-skills-panic-attack-wtgtransform-startupoftheweek/ Can a single as-a-service pill cure a massive security skills gap? What’s a modern company’s best defense against the growing repertoire of cybersecurity attacks? They could stock up on security point solutions currently crowding the market. But would their personnel know what to do with them? A security skills shortage set to leave 3.5 million jobs unfilled by 2021 has many companies wondering how they’ll fill the gap. No doubt, many wish they could just purchase the whole security kit and caboodle as a service. Some companies apparently have read their thoughts. The desire to outsource security — particularly among small to medium-sized businesses — is growing, according to Marty Sanders (pictured), chief security services officer of security operations center as a service company Arctic Wolf Networks Inc. The company, founded in 2012 and based in Sunnyvale, California, offers a cloud-based service that provides 24×7 monitoring, vulnerability assessment and threat detection and response. To some, SOC as a service appears to be the shortcut to peace of mind around security. It addresses prohibitive costs, the skills shortage and vulnerabilities that don’t disappear when information technology security personnel go home. “A lot of the companies, they might have that office admin that became the IT person that became the security person,” Sanders said. That’s hardly ideal, especially as the threat landscape grows and hackers get more and more sophisticated. Machine learning, artificial intelligence and other technologies are enabling cybercriminals like never before. But assembling a world-class security team to work around the clock is simply not feasible for many. “If you were to go out and buy a security team to cover you 7 by 24, it’s at least a minimum of six to seven people to do that,” Sanders said. The cost of doing so could be quite high. An SOC as-a-service offering could do the same high-level security monitoring affordably, he added. Sanders spoke with Stu Miniman, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the recent WTG Transform event in Boston. They discussed how SOC as a service can relieve businesses in a skills and budget pinch (see the full interview with transcript here). (* Disclosure below.) This week, theCUBE spotlights Arctic Wolf Networks in its Startup of the Week feature. Many fronts in new cybersecurity war We are currently experiencing a “dramatic rise in cybercrime,” according to a report from Cybersecurity Ventures Inc. These threats will cost the world $6 trillion per year by 2021, up from $3 trillion in 2015. Increased reliance on the internet, which requires extra cybersecurity protections, and spending on defense services are two factors contributing to ballooning costs. Technology companies, their enterprise customers, and thought leaders are struggling to effectively fight multiplying threats. Some believe that network-driven security is the best way to secure dispersed, multicloud IT environments. “You need to make sure security follows the data — that’s the new trend,” Ken Xie, founder and chief executive officer of Fortinet Inc., told theCUBE in April. “That’s where the infrastructure [of] security needs to involve the networking side, the end point side and the cloud.” Fortinet is striving to be a leader in network-driven security. It is also marshaling educational efforts to address the skills shortage. Its NSE Institute offers self-paced and instructor-led courses and certifications in various network security concepts. Many companies realize the difficulty and cost of hiring a whole new batch of security pros to stave off attacks. Some are trying to raise the security IQs of the employees they already have. “There’s very little of what we do in security that’s just done by security practitioners,” Katie Jenkins, chief information security officer of Liberty Mutual Insurance Co., told theCUBE during Amazon Web Services Inc.’s AWS re:Inforce event in Boston last month. Liberty is corralling its whole company and some third parties — including asset managers, compliance people, a privacy team, auditors, and procurement specialists — into its refreshed security program. “We’re educating them on how to prevent phishing attacks. We’re doing all sorts of culture-based initiatives, recognizing that if it’s just the security folks doing security, we’re going to have a big gap,” Jenkins said. ...