“We needed another layer of security to watch everything that goes on and Arctic Wolf provides the perfect fit.”
— Director of Information Security, Southern US-Based Construction Company
As more and more organizations leverage digital technology, processes become more efficient and the speed of doing business accelerates further. This is particularly true for companies involved in the supply chain, as they must keep up with industry acceleration or risk losing business contracts.
From a cybersecurity perspective, however, digitization expands the attack surface. And increasingly, those in the supply chain are finding vulnerabilities in their security posture that could pose a risk to their customers—and their customers’ customers as well. Supply chain attacks often have a ripple effect.
As cybersecurity becomes a higher priority for firms across industries, a security incident is the last thing a business wants to experience. Understanding that growing threats put it at an increased risk of experiencing its own security incident, a southern US-based construction company focused on what it could do to bolster its defenses. The company’s director of information security worked to set security as a top IT and business priority.
“Even if you come away relatively unscathed, a major incident will pull significant time and resources away from your daily business activities and productivity will plummet. That’s why we put security at the forefront of our activities,” said the director of information security.
Improving the business’s overall security posture had already been on the director’s radar for a while. However, getting buy-in was another story. Company leadership was concerned that new security solutions were too costly to implement. Once they began to read more frequently about increasing attacks in their industry, that all changed.
The construction firm’s incident response team brought in an endpoint provider for a full-service solution. The provider recommended installing an EDR agent on all of the endpoints and servers to understand what data was being attacked. However, the company was only an active service provider for remediation rather than a solution to identify security issues and notify the construction firm of threats or advise it on how to ramp up security to resolve gaps in its posture.
“Even with these solutions, we weren’t seeing everything,” said the director of IT. “We couldn’t see the network, the devices that didn’t have the agent, the periphery, or the edge.”
Seeing Everything in Full View
The construction company decided it needed to have a complete view of its entire environment. After researching solutions and various options, it sought to add another layer of security with Arctic Wolf® Managed Detection and Response. The solution monitors everything that’s happening in the environment 24x7 and alerts the director and the company’s IT team when incidents occur. The solution also provides the expert support of the Arctic Wolf Concierge Security® Team (CST) that works directly with the firm’s IT team to perform threat hunting, incident response, and guided remediation that’s tailored to the unique needs of the company’s environment.
The decision to bring on the Arctic Wolf solution has proven to be the right one. For example, the alerts from Arctic Wolf enabled the company to see that bypasses it set up on its server for less secure, non-people accounts could potentially provide access to the company’s VPN. This visibility and knowledge allowed the company to rectify the situation before any attackers could exploit it.
Next Up—the Cloud
The experience gained from the construction company’s broadening focus on cybersecurity has had a direct bearing on the its journey to the cloud. Currently, it has two virtual machines (VMs) in the public cloud supported by Arctic Wolf® Cloud Detection and Response for Amazon Web Services (AWS). In the near future, the company expects to make the shift from its classic on-premises environment to the public cloud.
“If a meteor strikes our building, we need to be able to get to our data,” said the director of information technology.
Compared to other highly regulated industries, selling nails, screws, and building products doesn’t garner much scrutiny. However, the construction firm does have commercially sensitive data it wants to ensure always remains secure. The director makes a case for remaining with AWS when it expands into the public cloud while the company continues to evaluate its cloud options, as it seeks to balance consistency, streamline migration, and leverage the security benefits of a diverse, multi-cloud environment.
“Keeping these separate would be a security plus in our view and AWS keeps them separate,” said the director. “Putting all your eggs in one basket could be risky.”
As Arctic Wolf ‘s Cloud Detection and Response solution for AWS offers comprehensive coverage, including centralized analysis of activity from CloudTrail, CloudWatch, GuardDuty, AWS WAF, and Amazon EC2 instances, the director knows the construction company will be continue to have a strong security posture.
“It’s reassuring to know that our sensitive data will stay secure during the migration and long after,” he said. “Arctic Wolf provides the same total visibility into AWS environments that it does to those on-premises, and that is vital to effective security in the cloud.”
About Arctic Wolf
Arctic Wolf® is the market leader in security operations, pioneering the first cloud-native security operations platform to end cyber risk. Leading the industry with threat telemetry from endpoint, network, and cloud sources, the Arctic Wolf® Platform, supported by the original Concierge Security® Team is the last line of defense for thousands of organizations worldwide.