The Arctic Wolf SOC-as-a-service optimizes the integration of machine and human intelligence. The service combines people, process and technology to deliver an elite-level, enterprise-class SOC-as-a-service in minutes. Each customer is assigned a security team, who becomes intimately familiar with the company’s business and operational requirements. The security team analyzes logs, weeds through alerts to eliminate false positives, and conducts necessary security forensics to definitively identify any breach or attack. The Arctic Wolf cloud, with its proprietary SIEM, expedites the process using its advanced machine learning capabilities and automated user behavioral analytics, and integrates data from external threat feeds to proactively identify suspicious behavior.
We Obsess Over Data Protection
Protection of customer information is a crucial element of our business model. It is integrated into our culture in the form of policy and procedure formalizations and supporting controls. To enable our customers to comply with regulatory and standards requirements, we architect production environment and support systems using a secure cloud-computing model. To ensure our secure architecture operates according to performance and security specifications, we have implemented an Information Security and Compliance Program using ISO 27001 and Trust Services Principles as the foundation for our governance, risk and controls program.
How We Protect Your Data
Assignment of Authority and Responsibility
A governance structure for information security within Arctic Wolf is established and maintained. Key responsibility of the information security governance structure is to identify and manage risks (threats and vulnerabilities) to the organization, as administered and maintained by the Information Security Officer in partnership with the subject matter experts from various departments. Team members are assigned to implement and maintain the information security program and made aware of their duties and responsibilities. These employees have the appropriate skills and qualifications necessary to manage the information security program.
HR Policies and Practices
Arctic Wolf’s worker (employees and contractors) onboarding program provides workers with education and resources to make informed business decisions and act on their decisions with integrity. Training and awareness is provided to full-time workers and third parties on a periodic basis to educate them on applicable policies, standards and information security practices.
Arctic Wolf workers are accountable for understanding and adhering to the guidance contained in the Acceptable Use and Security Awareness policies.
For US and Canadian citizens, background checks are required before full-time workers are granted access to production systems and information. Background checks at Arctic Wolf are performed at the time of joining as a condition of employment.
All Arctic Wolf staff and contingent staff are accountable for understanding and adhering to the guidance contained in the Arctic Wolf set of Information Security Policies. Policies address areas including asset classification, risk assessment, access control, change control and acceptance, incident response, exceptions, training, and where to go for additional information. Policies are available on the company intranet.
Access and Identity Access Management
Arctic Wolf utilizes primarily multi-factor identity access management tools used by IT and production support service teams to manage their respective infrastructure and services.
Okta is used for identity management for the majority of the software-as-a-service tools that support the Arctic Wolf platform. Individuals are assigned application access using the tool based on their roles and responsibilities.
Access to the production is controlled via secure VPN tunnel, and an SSH to the bastion hosts is required to access nodes in the production environment. Further access to the production nodes are handled via AWS’s identity access management (IAM) tool. Within the tool, unique accounts are created for individuals, and shared / service accounts are created for recurring business purposes. Access within IAM is restricted using permissions or policies that are either internally managed or customized for the specific account.
R&D Access to Production
R&D has access to the production environment as part of the continuous deployment practice. Access is controlled via SSH login to the bastion host, which is monitored by an internal sensor. Login events are visible to the assigned internal CSE for detection of anomalous activities.
Employees can log into Arctic Wolf internal systems using Okta and all cloud-based application are integrated with Okta. Password requirements are managed through both the LDAP and Okta tool.
Periodic User Access Review
A manual user access review is performed by technology management on a periodic basis for access to the production environment. This review includes the assessment of custom AWS IAM policies and permissions. Periodic review of user access to Okta and in-scope applications is performed by the internal account management team.
Commitment to Competence
Arctic Wolf Networks (Arctic Wolf) management defines competence as the knowledge and skills necessary to accomplish tasks that define the individual’s job. Commitment to competence starts at the hiring process where potential candidate qualifications are assessed by management and subject matter experts to determine proper job fit, requiring individual training requirements to maintain knowledge relevant to the dynamics of the business, a culture of empowerment and collaboration and lastly, coaching/mentoring practices to ensure achievement of performance goals.
Arctic Wolf follows an established approach to risk management and conducts an annual corporate-wide risk assessment, led by the ISO. The risk assessment is established to monitor, manage and mitigate strategic, operational, financial, legal and compliance risks, including those related to security and availability of the platform. The risk assessment process identifies and prioritizes risks based on impact, likelihood and vulnerability.
Security and Incident Communication
Arctic Wolf uses its own product service—as such, several internal sensors are implemented in the production and internal environments—coupled with an established incident response procedure for comprehensive monitoring, analysis and reporting. Incidents are reported to IT where an incident ticket is opened. The ticket escalates to the Computer Security Incident Response Team so that events and incidents can be resolved in a timely manner.
Shared and Service Accounts
Shared and service accounts are managed using an enterprise security password generator service, and access to the service is restricted to authorized personnel. Passwords and other certificates are rotated on a periodic basis.
New User or Modification of User Access
The process to request and approve new access is initiated by HR (or any worker) via a Jira ticket, which is routed to the internal accounts management team. Access to the production environment is limited to authorized personnel only.
Termination Access Removal
When individuals leave the company, Arctic Wolf HR initiates a Jira ticket to the internal account management team where the account is disabled without undue delay. The team follows a checklist in order to disable all accounts and access within the environment. Terminated accounts are deleted from the system after 45 days.
Arctic Wolf implements appropriate endpoint protection and technology management to administer security policies and configurations.
Data transmission (Encryption)Based on the customer’s data connection request, the encrypted connection is configured through the Arctic Wolf network between the customer and the desired Arctic Wolf application and support platform. Arctic Wolf uses Secure Sockets Layer (SSL) security protocols for transmitting data over unsecured networks.
Customer content is stored and processed on AWS databases, which are segregated via logical indices.
Data at rest (Encryption)Arctic Wolf has a data encryption policy that protects customer data at rest using AWS S3 encryption.
Network configurationArctic Wolf’s production network is entirely run in Amazon Web Services. VPCs with private and public subnets are used, with the vast majority of EC2 instances running in the private subnets. NACLs are used where applicable, and restrictive Security Groups are applied to each EC2 instance and AWS resource (where applicable).
Sensors running in the customer’s network connect to the Arctic Wolf production network using VPN tunnels. Further restrictions are placed on the VPN servers to ensure the sensors can only contact the required services in the Arctic Wolf production network, using a combination of filter rules, NAT and non-routable networks.
Software development lifecycle (SDLC Process)Arctic Wolf follows an agile and continuous deployment model for software development. Sprints are performed on a regular basis, and project design documents that establish requirements for product releases are documented and retained.
Regulatory and Compliance Standards
Arctic Wolf Is SOC 2 Type II Certified