Zelle LLP has 150 attorneys and support staff located across nine different U.S. locations and an office in London. The firm has 165 endpoints and 65 servers along with a range of cloud services to support its attorneys and staff. Zelle’s client portfolio includes Fortune 100 enterprises with comprehensive cybersecurity requirements for its law firms and other vendors. To that end, Zelle’s legal engagements typically require conforming with corporate clients’ risk management requirements.
Significant data breaches that originate through work with subcontractors have driven awareness among large corporations to the potential risks vendors pose. Corporations now require their legal counsel to adopt stronger security measures than ever before. What were initially questionnaires evolved into a combination of questionnaires with review sessions.
According to Bryce Hustad, Zelle’s director of information technology, “Corporate clients frequently require signed attestation from us stating that we’ll follow specific cybersecurity policies, so it’s important the firm has a comprehensive solution.”
“Arctic Wolf acts as a force multiplier for our IT team. The Arctic Wolf SOC-as-a-service ensures Zelle’s and our clients’ data always remain secure. It has improved our security posture and helped us meet client security obligations.”
Bryce Hustad, Director of Information Technology, Zelle LLP
Finding the Right Managed Detection and Response Solution
An internal audit of their security practices revealed gaps in security related to their ability to detect and respond to threat indicators. Through this process, Zelle discovered that ramping up managed detection and response (MDR) was a significant security need
In seeking to improve its MDR capabilities, Zelle evaluated three vendors in the space: TruShield, eSentire, and Arctic Wolf™. Ultimately, Zelle selected Arctic Wolf. Not only did the Arctic Wolf SOCas-a-service provide the robust functionality and skilled expertise that Zelle needed, but the service’s subscription-model pricing provided Zelle with business flexibility, allowing the company to scale security requirements as needed.
Taking The Toil Out of Vulnerability Assessments
The firm regularly performs third-party vulnerability assessments, the results of which became difficult to manage and act upon.
Seeking a more continuous approach to managing their digital risk posture that would offload the toil of managing their third-party vulnerability assessments, Zelle added Arctic Wolf’s Managed Risk solution.
The Managed Risk solution provides 24x7 continuous vulnerability scanning that’s managed by security experts. Beyond vulnerability scanning, Zelle also gains visibility into system mis-configurations against globally-accepted critical security control benchmarks, and their account takeover risk exposure that they weren’t receiving before.
Outstanding Results Across the Board
Zelle deployed the Arctic Wolf SOC-as-a-service over a year ago. Since then, the Zelle IT team has seen improved security all across its network and has met client requirements in a number of ways:
15-minute notification and resolution from when a high-level user provides law firm credentials to a known phishing site
Greater frequency of vulnerability scans to accommodate law firm customer requirements
Increased log retention timeframe to meet changing customer requirements
A quantified risk score that measures and benchmarks digital risk against industry peers
Arctic Wolf helps secure Zelle’s sensitive data by flagging suspicious events. And by eliminating events that turn out to be false positives, Arctic Wolf’s Concierge Security™ Team gives Zelle a greater ability to scrutinize their existing security controls, tighten policies, and validate Arctic Wolf’s monitoring of its operations.
Arctic Wolf™ Managed Detection and Response and Managed Risk have enabled Zelle to improve its security posture for far less than had they continued on with their third-party vulnerability assessments, or hired their own security experts and established an in-house SOC. As Hustad said, “When you compare the investment in Arctic Wolf to the alternative of doing things internally, the ROI is exceptional. I do not have to pay for SOC infrastructure and a 24x7 staff of security engineers. We could not provide nearly the same level of service internally for the cost we pay for Arctic Wolf’s solution.”
Working with Arctic Wolf has allowed Zelle to adjust how it uses its own IT team. Explained Hustad, “Using the Arctic Wolf SOC-as-a-service has pulled a lot of time back into our days. We no longer have to deal with excessive alerts. When there is something anomalous, we’re notified. It is a huge relief and timesaver for us. It has improved our own security and allowed us to meet increasingly stringent client security requirements.”
Reflecting on his experience working with Arctic Wolf’s team, Hustad said, “Arctic Wolf has been great. People mean a lot. Everyone we work with at Arctic Wolf has been phenomenal.