SANS Review: SOC-as-a-Service

All the benefits of a Security Operations Center without the high costs of a DIY solution

SANS reviewed Arctic Wolf’s services from a customer’s point of view and found that the Arctic Wolf SOC-as-aservice offer provided visibility into events they launched in their mock midsize enterprise, caught and helped them repair vulnerabilities purposely left in the environment for review, and provided accurate reporting throughout the review. Most important, SANS was also afforded access, as needed, a security team who could send reports and help troubleshoot investigations. All of this worked seamlessly— without the high costs of implementation, configuration, and tuning.

 Use Cases Tested

Identify Source of Web Server Attacks

This test simulated real-world attacks against a customer’s website. For example, an e-commerce website used to conduct online credit card transactions. The Arctic Wolf SOC-as-a-service was found to provide the information needed to understand attacks in a clear and easily understood format in the Arctic Wolf™ customer portal so that the right assessments could be made quickly. No user training was needed on the customer portal interface where this information was presented.

Investigate Unusual Surfing Habits in the Workplace

Unusual surfing by end users was viewable with just a few clicks in the Arctic Wolf customer portal. The portal data view showed the IP address of the offending device, the sites it was surfing, and the amount of data that was being sent and received.

Mean Time to Detect Threats: Ransomware, Anomalous Traffic, Compromised Systems (IDS)

SANS simulated real world attacks and possible indicators of compromise and system compromise. Ransomware was detected within five minutes, which included analysis to ensure it was not a false positive. Anomalous traffic was defined using a customized rule. The rule was set up completely by the Concierge Security™ Team, and the customer only had to communicate requirements. The Arctic Wolf sensor detected a compromised system with its build-in IDS capability. Having the IDS, packet, and log collector all in one appliance gives Arctic Wolf the capability to correlate events quickly without dependency on any external tools.

Download the full SANS Service Review


Download PDF


Previous Article
Securing Digital Transformation in Local Government

Next Article
No Business Is Too Small a Target