Brian NeSmith is the CEO of Arctic Wolf Networks, which was started back in 2012. They provide Security Operations Center-as-a-Service. I have known him for decades when he started a quirky company called Cacheflow that eventually became part of Blue Coat where he was also CEO. I asked him a few questions.
Q: What has changed in enterprise infosec compared to when you first started at AWN six years ago?
Back when we started the company breaches were smaller with little lasting damage. The stakes are much higher profile now. We started the company before Target, Equifax and Petya, major attacks that put cybersecurity on the evening news. Nowadays cybersecurity is a boardroom topic, and a company’s brand and business are affected by how good their security is.
Q: How does a SOC-as a S differ from just a MSP who sells managed SOC services?
SOC-as-a-service provides experienced security analysts doing real security work. MSPs selling managed SOC services are usually just managing the infrastructure or forwarding alerts, but they are not doing the actual security work. The pressing issue in our industry today is how we detect and respond to threats and not just managing the infrastructure more cost effectively. SOC-as-a-service provides that, and managed SOC services from an MSP does not.
Q: What portion of the resources you monitor are on premises vs. cloud of your current customers? How has that changed from six years ago?
The portion of cloud resources we monitor has been steadily increasing over the past six years. But the largest resource we monitor in most companies is still the employees and their endpoints. Many people view people as the weakest link in the chain, and we find that still to be the case. Most security incidents are still due to some sort of human error or mistake even when they have the best security products in place.
Q: You ran Blue Coat through some very turbulent times, when it was first called CacheFlow. How have web apps changed from those early days and will enterprises ever feel secure deploying them?
It is a completely different world today than when I first started leading CacheFlow. There is not a company out there that does not rely on a web app to operate or serve their customers. If they have not, companies do not have a choice but to embrace web apps, so they need to figure out what is needed to feel secure deploying them.
Q: Is ransomware or fileless malware more of a threat today from your POV?
I don’t think they are any more of a threat than other types of malware. Ransomware is different in that it can literally bring your business to a halt. That is very different from traditional malware. When it comes to fileless malware, the increased danger comes from how openly information is on how to exploit these. We have seen malware become commercialized so you can literally purchase the malware you want to use and even get technical support. This means that anyone can become a hacker, and it will result in more attacks.