This is the second article in a new blog series that highlights real-world use cases of how the Arctic Wolf Concierge Security® Team (CST) of engineers and analysts keeps customers safe amid a growing remote workforce and a landscape of increasingly sophisticated cyberthreats.
An Expanding Remote Workforce Brings New Security Challenges
A healthcare company providing wellness solutions has always enabled remote workers but, like most organizations adapting to business challenges brought on by the COVID-19 pandemic, IT now supports a much larger set of employees who work from home. In fact, a recent study from Stanford University found that 42% of Americans are working from home in 2020 as organizations change course to help ensure the well-being of their employees during this time.
The IT and security team, who also work from home, now need to make sure everyone has secure access to both on-premises and cloud services. Employees now require assistance with connectivity, accessing voicemail, passwords resets, and VPN access to the corporate network in addition to everything else they traditionally need. It’s been an “all hands on deck” approach to keep the business up and running as seamlessly as possible.
Bad Software; Good Call
A few weeks ago, this healthcare customer’s help desk received a call from one of its remote end users who reported she may have downloaded malware. What began as attempt to download an apparent software package quickly became an issue when the user noticed an unexpected window flash by with foreign language characters on it.
Fortunately, this employee was trained to report potential incidents—which can determine the difference between a mere nuisance and a devastating breach— and raised an alarm immediately. She reported what happened and that initiated an urgent call to Arctic Wolf so the security team could respond quickly.
Rapid Response
With assistance from Arctic Wolf’s dedicated Concierge Security Engineer (CSE), the customer was able to investigate the problem and lock the device within minutes of the initial help desk call. Here is the timeline of events:
T=0
A 24×7 Arctic Wolf CST analyst received the call and routed it to the customer’s dedicated CSE, Tom, who knows this customer well. Tom meets regularly with this customer and has detailed familiarity with its environment and security controls.
The customer’s security analyst first asked Tom if Arctic Wolf saw any suspicious traffic coming into its network from the laptop of the user who thought she may have downloaded malware. The user has VPN access to sensitive data about their customers and the security analyst was concerned about possible lateral movement inside the corporate domain by the attacker.
T+10 minutes
Tom assured the analyst there was not any suspicious network traffic and told him that any problem was likely contained on the laptop.
T+20 minutes
Further investigation of the endpoint showed an unauthorized Python package had been recently installed on the end user’s laptop.
T+21 minutes
Following corporate guidelines, the laptop was locked and the end user was issued a new computer.
T+30 minutes
Tom provided a summary of the problem and resolution to his contact, closing the case.
Broader Security Measures for Remote Working Conditions
This healthcare industry customer initially deployed Arctic Wolf® Managed Detection and Response (MDR) across its network locations and only remote workers were required to have the endpoint protection component installed. With 80% of employees now working from home, however, the rollout of endpoint protection was accelerated accordingly, which facilitated the rapid resolution of this issue and potentially saved the organization from an expensive data breach.
Three things prevented an isolated incident from becoming a company breach:
Speed: The Concierge Security Team was ready when the customer called and hit the ground running.
Sharing the load: At a time when organizations’ IT and security operations are stretched like never before, Arctic Wolf ran the playbook and performed the investigation.
Expertise: The CST is well trained and has a deep understanding of their customer environments. This allowed Arctic Wolf to perform the investigation and determine the right conclusion without putting additional burden on the healthcare company.
Arctic Wolf CST members such as Tom continue to meet monthly with customers to discuss changes to their environment and discuss industry trends. Recent meetings have focused on protecting the remote workforce, collecting logs from new VPNs, and the latest phishing tactics that target remote workers.
For more real-world examples of the Arctic Wolf CST in action, take a look at our case studies.
