Responding to threats quickly to neutralize the spread of an attack is a process, not an isolated event.
For most IT and security teams the incredible volume of data coming at them, combined with the lack of resources available to monitor their critical systems 24x7, is simply too much to handle.
When a threat is identified, it needs to be isolated quickly to prevent the spread of the attack.
But in order for threat and attack responses to be successful, teams need 24x7 continuous threat monitoring, combined with personalized response workflows in order to identify and isolate threats fast.
That’s exactly why we’re excited to introduce our managed containment capability to the Arctic Wolf Managed Detection and Response service.
This capability extends the Arctic Wolf Concierge Security Team’s ability to help customers RESPOND to threats detected on their networks and endpoints.
When an indicator of compromise is detected, the Concierge Security Team initiates the containment workflow. The Concierge Security Engineer uses unique identifiers (such as host name) to apply the containment action. A notification is sent to the contained device to inform of the action taken. The CST works with the customer’s IT department on remediation (i.e. re-imaging the device), and re-scans the device to verify that no further threat exists.
If no further threat is detected, the containment action is lifted by the CST and a notification is sent to the host system.
This new capability enables Arctic Wolf Managed Detection and Response customers to address several endpoint detection and response use cases, including:
- Host-based containment: Blocks data exfiltration and the propagation of threats such as malware by enabling rules to prevent host devices from communicating externally, and with other devices on your networks
- 24/7 Continuous monitoring: IT departments get peace of mind knowing Arctic Wolf can monitor for and stop the spread of threats immediately.
- Containment reporting: The Arctic Wolf Concierge Security™ Team provides monthly reporting and insight into the containment actions taken over previous periods.
- Containment notifications: Uses a system push to notify the user that their endpoint device has been contained. The system push is also sent to the user when the containment action has been released.
Figure 1: indicator of compromise detection and containment lifecycle
Existing customers can start benefitting from this right now, so reach out to your Arctic Wolf representative or Concierge Security team to customize your security outcomes.
For more information on Arctic Wolf’s leading SOC-as-a-service, Managed Detection and Response, Arctic Wolf Agent, or Managed Risk, visit arcticwolf.com