Subscribe
About
  • Home
  • /
  • Security
  • /
  • Threat detection and response within minutes vs days

Threat detection and response within minutes vs days

Jason Oehley, Regional Sales Manager: South Africa, Arctic Wolf
Jason Oehley, Regional Sales Manager: South Africa, Arctic Wolf

Meeting today’s cyber security challenges head-on requires a shift in mindset, says Jason Oehley, South African Regional Sales Manager for Arctic Wolf. The business has just set up shop in Johannesburg and is already making inroads into the local cyber security market.

“Businesses need to move from a tools-oriented approach to cyber security to an operational mindset. We see a couple of challenges in the cyber security industry, with the primary one probably being the lack of skills around cyber security; there just aren’t enough skilled people to manage all of the different tools and systems that companies need.

“Secondly, as businesses expand into the cloud and a remote workforce, it creates a bigger attack surface, which means that a stronger security posture and security framework become a requirement instead of a nice-to-have. The business then finds that it has even more tools and needs more resources to manage them.”

To run a full-time, 24/7 security operations centre (SOC), Gartner estimates it requires eight to 10 full-term employees, including additional management staff and architects*; that’s a team that requires constant skills development. But in reality, you need between 10 and 12 to allow for people who are on leave or training, says Oehley. “One of the biggest issues faced by most organisations is that they invest in cyber security training for their teams only for them to move to another role or business.”

Arctic Wolf addresses these real challenges by offering cyber security as a service, referred to as a security operations cloud. “We’re a pioneer in this field. We take all of the customer’s security information and we filter it to find the most important incidents that need to be dealt with. We then present that information back to the customer with focused outcomes that need to be actioned. This allows the customer to employ a focused security team focused on proactive security management that can deal with those items when required.”

The biggest value of plugging into an as a service offering, because it’s a cloud-native approach, is that customers realise the value of scale and performance from a global perspective. Instead of the customer just looking at their own environment, they have an opportunity to leverage it within the context of a global viewpoint.

Andre den Hond, Senior Systems Engineer, Arctic Wolf
Andre den Hond, Senior Systems Engineer, Arctic Wolf

Highly skilled engineers look at all these logs from all these customers – we’re talking in the region of 2.5 trillion events a week – which means incidents are detected a lot quicker. “It takes on average 207 days to identify an incident and 70 days to contain it – not resolve it. That’s three-quarters of a year! We take 30 minutes or less to detect, investigate, verify and respond to an incident or challenge. There’s a massive difference between the rate of breach detection in the traditional cyber security environment compared to that seen in a security operations cloud environment. Thereby increasing cyber security effectiveness and protecting your data and that of your customers.”

“If you look at today’s cybersecurity market, there are probably in the region of 3 500 security tools out there. We’re seeing massive spend on cyber security. Yet we’re also seeing massive breaches on a daily basis. I think it’s safe to say that it’s no longer a tools issue. We need to build an operationally efficient environment that can look at the entire context of that security platform and feed back to the business intelligence in an outcomes-based strategy.”

He says Arctic Wolf is ready to apply the lessons learnt over the past 10 years globally, in a South African context. “European businesses have been quick to move to a cloud-first strategy, driving greater requirements around cyber security. We’re seeing South African businesses following suit now. And obviously the global trend towards a shortage of cyber security skills is particularly prevalent in the South African market.”

South African businesses are also facing increasingly onerous compliance requirements, such as POPIA and cyber security insurance. The country is additionally one of the most highly attacked nations from a cyber security standpoint. All of this lends itself to customers needing to build a security framework to protect them when they go into the cloud.

Arctic Wolf will have its head office in Johannesburg, but will operate across South Africa. It aims to build an ecosystem of partners across the country, targeting businesses with between 50 and 3 000+ users. However, the company has global businesses with up to 55 000 users, so is not restricted by size of operation.

“The local team will focus on building out the ecosystem, building awareness and ensuring we can further educate the South African market about the value of a security operations cloud, and as we build the business, we’ll invest in further local resources to support our customers and ecosystem.”

Oehley concludes by saying: “Our primary focus is on the human element. A lot of businesses look at cyber security and SOC services as a tool that they can plug into. We provide a concierge delivery model that includes access to security engineers who work closely with the customer to understand where they are on their security journey and where they want to be, and work with them to get there. Our customers don’t log a call, they reach out to their assigned resources.”

If you want to learn more, visit: www.arcticwolf.com.


Share