Image

1. SECaaS is cheaper and more effective than “BYO” Security Hardware
The traditional way many companies deal with security is the BYO Security Hardware solution, meaning “buy your own” security hardware and hope you know how it works, how it functions, and how it fits into the rest of your network security hardware. First, there were firewalls and next-gen firewalls. Next, signature-based intrusion detection and prevention hardware. And what happened? Companies still got hacked with regularity. Why not leverage the hundreds of millions of dollars a year of hardware that the major brand network security providers spend annually to help improve your own security exponentially without the associated costs? Your ROI and your CFO will appreciate you for suggesting the idea.2. No More “Alert Fatigue” and far fewer “false positives”
Here is where the rubber meets the road. There are three serious and related problems today that scream out for “forward thinking” cybersecurity solutions:- The vast increase in network traffic year over year for the last few years, which has caused far more chatter for skilled incident responders to sort through and interpret on a daily basis;
- The trickle-down nature of cyber-crime, which has placed attacks, such as DDoS-as-a-service and Ransomware as a Service (RaaS), in the cost range of a fine New York City dinner for four people; and
- The skilled cyber HR shortage, which has left companies severely limited in the amount of skilled workers they can hire to both hunt down and respond to threats showing up on their intrusion detection devices or firewall logs.
"In early 2015, estimates based on U.S. Bureau of Labor statistics indicated that there were just over 200,000 unfilled cybersecurity jobs in the U.S. Intel Security's recent 'Hacking the Skills Shortage' report projects that number to be one to two million by 2019. [T]he head of a large global firm remarked: 'If I wanted to hire another top-notch ITSec professional, I couldn't even do it right now.'"[1]“Fancy” and “Cozy Bears,”[2] along with the countless cases of ransomware we have seen in 2016, have left us convinced that cybersecurity is becoming infinitely more complicated than it was 12 months ago, and we only see things getting more complicated going forward. Wouldn’t it be nice, as in one instance we know of, that one organization saw a 100-fold drop in security alerts after its SECaaS device was installed on its network by a leading provider. And the alerts that organization did get were not false positives. They were actionable, real alerts that were vetted in real time by the fully trained and experienced security defense staff at the SECaaS provider. This time, however, since its incident responders were not overwhelmed with chatter, they could respond in an appropriate and timely fashion. That is one of many distinct advantages of SECaaS.
3. Rubbing Salt on Open Wounds
It would not be extremist to say that with the increasing amount of interconnected devices being wired into critical infrastructure and being created by the Internet of Things, the amount of network traffic will only get worse by the day, week, and month. Added to reasons one and two, IoT will only serve to better our lives but make our incident responders even more overworked and outgunned. There are more benefits here than we can list, but we think you get the point. Like other new ideas and solutions we have mentioned on these pages, like AI and Machine Learning[3] and cybersecurity automation and orchestration,[4] we think SECaaS is an idea whose time has come.[5] We simply don’t have enough people to man our cybersecurity forts and shiny black boxes, and we don’t have any more time to consider other solutions when industry regulators, like New York’s Department of Financial Services, are paying even more attention to the cybersecurity posture of regulated entities. For all these reasons, it's time to give SECaaS a chance to help us become super human incident responders who can protect our company’s most vital IP and IT assets.Image

[1] See “Cybersecurity Beyond Traditional Risk Management,” available at http://www.insidecounsel.com/2016/09/15/cybersecurity-beyond-traditional-risk-management.[2] See “Russian government hackers penetrated DNC, stole opposition research on Trump,” available at https://www.washingtonpost.com/world/national-security/russian-government-hackers-penetrated-dnc-stole-opposition-research-on-trump/2016/06/14/cf006cb4-316e-11e6-8ff7-7b6c1998b7a0_story.html.[3] See “How AI Can Save Corporate America From Devastating Cyber Attacks,” available at https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/how-ai-can-save-corporate-america-from-devastating-cyber-attacks/.[4] See “Next Generation Solutions to Today’s Big Cyber Problems,” available at https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/cybersecurity-automation-and-orchestration-next-generation-solutions-to-todays-big-cyber-problems/.[5] Three of the larger SECaaS providers that we know of are FireEye, K2 Intelligence and IBM, which have the ability to reach internationally as well for larger organizations and funds.