A Human Approach to Security Operations

In an age where cyber security talent is in short supply and companies are on a mad dash to automate everything, augmented by artificial intelligence and machine learning, it’s rare to hear a vendor promote the human side of its business. Sure, the topic of people comes up when there is discussion of “robots taking over” and we have to be reminded that, a) artificial intelligence requires a human to design and implement its training data, b) we’re still a ways off from AI being reliable enough to use ubiquitously, and c) while technology is advancing, there is and always will be a human element to security. Computers can make lightning-fast assessments and correlations, but humans—at least in 2019—are still best equipped to make decisions about the data. After all, a machine can’t tell you your individual risk tolerance, which assets are most important for your unique business model, or whether or not you can take down a production system to patch a vulnerability—even a critical one.

Companies do need a balance between the amount of technology they deploy and the people they hire to manage the technology. But it can be a struggle; there is generally more work to be done than bodies that can do the work, and new technology products need people to configure, deploy, and maintain those products. This push and pull—implementing the right technology but having enough people to govern them—is one of the reasons companies, small- and medium-sized businesses, in particular, look to security service providers for external expertise.

Changing the definition of “SOC”

SOC-as-as-service provider, Sunnyvale, California-based Arctic Wolf Networks, isn’t just touting scalability and automation as its benefits; the company is focused on concierge service as part of its monitoring, response, and risk offerings. This sounds antithetical to how many other SOC, MSP, or MSSP providers approach the market today. Therefore, Ed and I asked the team why they’ve taken this approach and how it can work without being so stinkin’ expensive as to price the company’s services out of their target market, which is primarily medium-sized businesses of up to 5,000 employees.

To understand Arctic Wolf’s perspective, Product Marketing Director Todd Thiemann took us through a bit of history. Co-founders Brian NeSmith (CEO) and Kim Tremblay (Senior VP of Strategy), former CEO and VP of Engineering (respectively) of Blue Coat Systems prior to its acquisition by Symantec, saw a hole in the mid-market for security monitoring and threat detection. In 2012 they founded Artic Wolf with a focus on managed detection and response, a then-nascent category. As an MDR provider, the amount of telemetry the team was collecting and analyzing lent itself to further growth. Thus, over the years, Arctic Wolf has layered additional services into their offerings.

"We ingest 40 billion observations per day of telemetry from our customers, and that data helps us to identify ‘bad’ in their systems and defend against and respond to intrusions,” said Thiemann. The number one problem with security today, he told us (which is consistent with every observation of the market that this analyst has ever heard), is that companies’ tools—their logs, their security products—are all too noisy. There are simply too many alerts, a high percentage of which are false positives, for companies to handle. On top of that, mid-sized companies rarely have enough staff and in-house, cross-platform expertise to evaluate every high priority alert. Even if the security and operations teams can manage monitoring and alert triage, when they find an event, they don’t have the acumen to respond.

A different kind of security platform

Arctic Wolf has added to its SOC-as-a-service over time, including offerings such as cloud monitoring (SaaS and IaaS), vulnerability assessment and management, and account takeover (ATO) protection. They have become a full-service MSSP, in a sense, which is not unique to the security market. But that’s where things get interesting; whereas other MDR and MSSP firms laud automation and the advanced algorithms of their AI and machine learning, not once during our call did Thiemann mention those coveted capabilities—until directly asked. Instead, he focused on the concierge service, the named team of engineer plus analyst who are assigned to every customer. This technical customer service team is focused on relationship building, providing not just technical support, but also feedback and advice about customers’ environments, including proactive threat hunting and recommended remediation plans, quarterly reviews about overall security posture, and suggestions to reduce IT and business risk.

For me and Ed, this was a refreshing conversation. So many companies try to dazzle us with their technical differentiators (which sometimes are not so different) or how their fully automated product which is powered by machine learning makes customers’ lives/networks/data protection/etc. more efficient, simpler, and effortlessly scalable.

Arctic Wolf took the approach that, yeah, they do all that, but it’s not all they do. The selling point isn’t automation, scalability, AI, or other functionality that has become table stakes for every security product and service provider; it’s how they help their customers in a human way—backed up by all the bells and whistles one would expect in a SOC, MDR, or other security service provider.

You can head over to the Arctic Wolf website to learn more about the technical side of their offering—it’s all there—but if you’re interested in a tailored, concierge approach to monitoring and network defense, give the team a call. And lest you think this white-glove service will break your bank, Thiemann assures us this is not the case. Pricing is based on the threat surface - number of endpoints, servers, and cloud deployments a company wants monitored - which certainly sounds like it scales well for SMBs.