CASE STUDY

Pennsylvania Housing Finance Agency

Replaces MSSP with AWN CyberSOC™ Service

BUSINESS

The Pennsylvania Housing Finance Agency works with the U.S. Department of Housing and Urban Development to provide affordable homeownership and rental apartment options for senior citizens, low/moderate income families, and people with special needs.

CHALLENGES
  • SecureWorks, a managed security services provider (MSSP), was not delivering value
  • Lack of proactive threat hunting and vulnerability assessments due to limited staffing and budgets
  • Inability to create custom reports needed to assess security posture
RESULTS
  • Concierge security with security experts that are effectively an extension of the internal IT team, instead of having to contact security call center
  • On-premises network monitoring and 24/7 coverage that provides complete visibility into threats
  • Customized reports and vulnerability scans to understand potential threats and assess security posture

“Arctic Wolf provides a far superior service than what an MSSP can offer. The AWN CyberSOC service is personalized, and the Concierge Security™ team is truly an extension of my internal team. I have peace of mind knowing they are focused on threat detection and response, 24/7.”

Kris Clymans, Manager, IT Infrastructure, Pennsylvania Housing Finance Agency

The Pennsylvania Housing Finance Agency (PHFA) is a quasi-government agency in the state of Pennsylvania, which assists low and moderate income families so that they can achieve home ownership. It also provides rental apartment options for senior citizens and people with special needs through counseling and administration of U.S. Department of Housing and Urban Development (HUD) contracts.

PHFA’s headquarters is located in Harrisburg with satellite offices in the Pittsburgh and Philadelphia areas. A small IT staff of just 10 team members is responsible for protecting the sensitive financial data and personal identifiable information (PII) of thousands of tenants stored in multiple databases in PHFA’s data center.

PHFA’s key infrastructure includes several web portal interfaces that make it possible for customers (tenants) to interact with mortgage lenders, and for attorneys to approve loans and rental agreements. All these web applications are exposed to the internet and are potential attack surfaces for hackers to get in and steal sensitive tenant PII data, such as social security numbers, pay stubs, and W2 tax statements that can be used for identity theft and fraud.

SecureWorks: Expensive and Unable to Meet Expectations

For more than 10 years, PHFA’s limited IT staff monitored its internet-facing network and servers using products such as intrusion detection/prevention sensors (IDS/IPS), email security gateways, and universal threat management firewalls. The team realized they needed to do more to address today’s threat landscape, but they did not have the knowledge or expertise internally.

Since a security operations center (SOC) is a fundamental element of any modern cybersecurity strategy, PHFA chose to work with a managed security services provider (MSSP) to gain the immediate benefits of a SOC. The agency chose SecureWorks for the company’s reputation and advanced capabilities. However, once a customer, it realized that SecureWorks’ security operations center did not provide a personalized level of service. Whenever IT team members called with a security issue, they had to move through tiers of support, and it seemed like a different person was helping them each time. The overall service experience was difficult and frustrating.

Arctic Wolf Becomes the First Line of Defense

After carefully re-evaluating their specific needs, PHFA selected Arctic Wolf’s SOC-as-a-service, the AWN CyberSOC, and has now been a very satisfied customer for over two years. Among the reasons are:

  • Responsiveness: Arctic Wolf provides a personalized experience with a focus on actionable threat detection and response. And the PHFA IT team likes knowing a dedicated point person is always available for answering any technical questions
  • Regular Vulnerability Assessments: Arctic Wolf’s security engineers provide monthly vulnerability scans that help prioritize which systems to patch. This adds great value, and is a large reason PHFA remains happy with the service
  • 24/7 Monitoring: PHFA relies on Arctic Wolf as the first line of defense 24/7 to stop any threats until the agency can determine a permanent fix

According to Kris Clymans, “No other solution over the last 16 years would notify us when a user entered credentials into a phishing site. That said, we only get notified of a very limited number of security incidents that need our attention. Either the automated rules address it or Arctic Wolf’s Concierge Security team handles it without getting us involved. We go months without having to intervene on many incidents.”

Delivering Peace of Mind to PHFA

The named Concierge Security™ team that anchors Arctic Wolf’s SOC-as-a-service has provided tremendous value to Pennsylvania Housing Finance Authority. The team reviews reports with business and IT leadership on a monthly basis, and provides an assessment of PHFA’s overall security posture, alerting the agency only about security incidents that matter, high-priority vulnerabilities that need to be patched, and outstanding security incidents that need to be closed. Arctic Wolf has delivered peace of mind to PHFA.

Request a Demo