Lack of Cybersecurity Expertise Creates Need for a SOC-as-a-Service
Like many midsized organizations, the healthcare services provider has a modest IT staff tasked with managing a complex IT environment. This means its engineers must assume several roles and have little time for hunting down security alerts generated by point security products deployed in the organization’s IT infrastructure. Cybersecurity was not their forte, but the need to secure patient and client data became increasingly important with the rise of newer threats such as WannaCry ransomware.
Recognizing the gap in their expertise, the team weighed adding a managed security service provider (MSSP) solution, such as FireEye, against managing it in-house with Splunk Enterprise Security for security information and event management (SIEM). Their analysis showed they could not feasibly get all the services they needed from a traditional MSSP or an in-house SIEM without significantly increasing their budget and staffing.
Arctic Wolf’s AWN CyberSOC™ service met their needs by providing a dedicated Concierge Security™ team (CST) that works as an extension of their IT team. The Arctic Wolf CST is their singular point of contact, monitoring their network and directing response to all threats. With years of security experience to draw from, the organization relies heavily on the CST’s expertise in handling its security-related matters and ensuring its data stays safe.
Addressing Alert Fatigue
The IT team had a good perimeter defense architecture in place, including next-generation firewalls, web gateways, and a mobile device management solution. The challenge was that each of these point solutions generated thousands of alerts per day. The IT staff had no time to investigate and determine which were legitimate security incidents. With so many alerts, alert fatigue can set in, where IT staff become so desensitized to the noise they fail to respond to an actual threat.
The AWN CyberSOC service ingests thousands of daily alerts from the organization’s wide range of security products and highlights only those few that require some sort of remediation. The service combines machine intelligence to correlate incoming alerts with network flow data, behavioral analytics and threat feed subscriptions, and a dedicated CST to perform validation and triage. Additionally, the AWN CyberSOC includes unlimited log collection, so daily triage and forensics are performed across the entire network.
Dedicated Security Expertise and 24/7 Monitoring
The organization’s IT team was impressed by the AWN CyberSOC service and Arctic Wolf’s DNA, especially for the following reasons:
- A dedicated AWN Concierge Security team that acts as an extension of the organization’s IT staff, and is always available as a trusted security advisor
- A predictable, fixed monthly service cost for continuous network monitoring with expertise for threat detection and response, which was far more cost-effective than deploying a SIEM
- Arctic Wolf is an engineering-driven company that continually invests in its cloud-based SOC-as-a-service platform to meet customer demands
Arctic Wolf: A Trusted Cybersecurity Partner
This health and social services organization found Arctic Wolf to be a trusted SOC-as-a-service provider, with a dedicated security team that understands its specific business risks (protecting PII/ePHI data) and provides customized reports to meet its compliance requirements. As a midsized non-profit organization with a small IT team, Arctic Wolf brought it peace of mind through expert 24/7 monitoring that’s become essential for growing non-profit organizations.