Although there are around 3 500 security vendors in the market and an enormous amount of money is being spent on all their different tools and solutions, breaches are still happening – and happening often. One thing is clear, the cybersecurity industry doesn’t have a tools issue; it has an effectiveness issue.

One of the biggest challenges we are seeing in the market is the average length of time it is taking companies to identify a breach or security incident within their organisation. In fact, the global average is around 207 days, an alarming number if we consider the amount of damage that can be done during that time. Moreover, it still takes about 70 days to contain and mitigate against an incident – bringing the total time up to nearly three-quarters of a year. Imagine how much damage a criminal could do with 70 days of access to your data?

There are many reasons why this is happening. The first, and probably the greatest challenge we see from a global perspective, is that there is a massive cybersecurity skills gap. This shortage is amplified in South Africa due to challenges in attracting people into the industry and retaining those who do join the workforce, who are presented with an almost limitless access to highly paid work anywhere in the world.

The bottom line is this: if we look at the number of positions that need filling versus the skills available to fill them, the gap is enormous. According to Gartner, a company that wants to build a 24/7 security operations centre (SOC) needs a minimum of eight staff to run it, including enough staff to cover three shifts a day, as well as team members to cover while others are on leave, or in training. It’s easy to see how a lack of cybersecurity skills can significantly hamper these efforts.

Another challenge, not only for enterprises but for small medium-sized businesses, too, is the complexity involved. Trying to manage a slew of different solutions from a range of vendors, or having an in-house SOC, becomes too complex and too expensive. Most companies will put a few tools in place to cover the basics, and hope that they do an effective enough job, but they need help getting these multiple vendor solutions to work.

There’s also the question of a lack of visibility. Many companies do not know the extent or condition of their current cybersecurity estate, or whether their products and solutions are working effectively. Without visibility into the information they have, how it is being secured, whether any gaps or blind spots exist, and how long will it take to get these answers, they cannot hope to defend themselves effectively.

Speed is everything

Creating accurate security reports on all the different vendor solutions takes time, and these often need to be manually reconciled into a single report. Speed is everything and time is one thing that cybersecurity professionals don’t have — after all, last week’s information is not useful in the fight against today’s threats. Any entity wanting to understand what is happening in the organisation from a cybersecurity standpoint needs to be able to look at all its security data now to build context.

Added to these challenges, compliance has become a big issue for South African organisations. The Protection of Personal Information Act (Popia), South Africa’s privacy law, introduced stringent requirements for the processing and protection of personal information, and is a challenge for many local businesses. If they fail to protect their customers’ data, heavy penalties and fines can be levied against them, particularly if they operate in verticals that store sensitive personal information, such as healthcare or financial services.

To address these challenges, Arctic Wolf has built a solution that is fundamentally different from anything else on the market. What the company offers, is a concierge-delivered security operations model. We are bringing the human element back into cybersecurity, instead of simply giving customers a tool that produces a report and leaving them to figure it all out. We monitor networks and endpoints around the clock, eliminating alert fatigue and false positives to fuel faster response, with detection and incident response capabilities tailored to the specific needs of each customer.

We are bringing the human element back into cybersecurity, instead of simply giving customers a tool that produces a report

Customers don’t have the right skills or all the tools they require in place, and often they don’t have a unified way of viewing their environment. To change this, we are shifting the mindset from a tools-based one to an operational one. We do this by working with our customers, taking on board all their security telemetry and filtering it to provide actionable outcomes. By doing this, we also reduce the need for the high-end in-house skills that would be needed to do this.

What sets Arctic Wolf even further apart is that it allocates two dedicated security operations experts to each customer, which become an extended part of their team. Customers can liaise with their named and highly knowledgeable resources via phone and e-mail, instead of through an impersonal call centre.

In addition, Arctic Wolf shifts its customers away from looking at individual components to building up their security strategies and trying to reach what we call a business resilience phase. We help customers discover risks that go beyond simple vulnerabilities, benchmark the current state of their environments, and implement risk management processes to harden their security posture over time. This is what helps us build true resilience, to ensure our customers are proactive, insurable and compliant, and ultimately, to end cyber risk now.

About Arctic Wolf
Arctic Wolf is the market leader in security operations. Using the cloud-native Arctic Wolf Platform, we help companies end cyber risk by providing security operations as a concierge service. Highly trained Triage and Concierge Security experts work as an extension of internal teams to provide 24×7 monitoring, detection and response, ongoing risk management and security awareness training to give organisations the protection, resilience and guidance they need to defend against cyber threats.