“It’s hard to believe that security challenges at my perimeter disappeared once we implemented the Arctic Wolf solution, but they really did!”
Brad Moldenhauer, Director of Information Security, Steptoe and Johnson LLP
Steptoe and Johnson (Steptoe) manages 12 internet gateways that provide connectivity and other services to its local and regional offices. Although there are currently no direct security compliance frameworks explicitly for the legal segment, Steptoe’s diverse client base in financial services, healthcare, retail, manufacturing, and other fields often require signed attestations that the firm will follow specific cybersecurity policies to conform with clients’ risk management requirements.
Managing a huge volume of critical client data across several countries and between offices means the company must protect data both in transit and at rest. According to Brad Moldenhauer, Steptoe and Johnson’s director of information security, before engaging with Arctic WolfTM, Steptoe “had an existing SIEM in place, but it wasn’t tuned properly and operated as nothing more than a spam relay.”
When It Comes to Security, You Can’t Do It Alone
Moldenhauer believes, “Security operations is something you do. Not something you have.” And with a small team he quickly realized keeping up with the log data, alerts, and data sent from the firm’s on-premises security information and event management (SIEM) solution would pose a significant challenge as Steptoe’s business scaled. Moldenhauer also identified gaps in the company’s security posture that could leave it vulnerable to attack. It was clear a new approach to monitoring its IT environment was necessary: a solution that could remove the toil from managing these alerts, as well as augment Steptoe’s security team. It was time to look to MSSPs and evaluate SIEM and security operations center (SOC)-as-a-service approaches.
A Personal, Predictable Approach to Protection
During his initial investigation, Moldenhauer sought to evaluate a number of vendors and security service approaches that could assist with web content filtering, IPS/IDS, and vulnerability management needs. After scheduling demonstrations with several vendors, he selected Arctic WolfTM Managed Detection and Response, as he liked having a dedicated security team, an inline IDS/IPS system, and the ability to have all logs sent to one place for analysis. He also liked Arctic Wolf’s personalized approach to security, and the security advice he receives from his dedicated Concierge SecurityTM Team (CST).
“Arctic Wolf falls into the unique bucket of services and products and is a critical component of our incident response portfolio,” Moldenhauer said. “It’s difficult to imagine a scenario where I wouldn’t lean on my CST for support.”
A SOC-as-a-Service That Grows as You Grow
The Arctic Wolf Managed Detection and Response solution is anchored by a Concierge Security Team who offers the custom alerting and 24x7 threat monitoring that Steptoe needs. Additionally, to provide insight into vulnerabilities and an organization’s digital risk posture, the Arctic WolfTM Managed Risk solution delivers 24x7 continuous vulnerability scanning that’s managed by security experts. Beyond vulnerability scanning, Managed Risk also provides visibility into system misconfigurations against globally-accepted critical security control benchmarks, as well as account takeover risk exposure that traditional vulnerability management systems miss.
Delivering Consistent Results
Since deploying the Arctic Wolf SOC-as-a-service more than four years ago, Steptoe and Johnson have seen improved security across both its internal and external networks. Arctic Wolf helps filter out the noise, provides actionable security intelligence, and enables Moldenhauer’s team to focus on what’s important. Steptoe hasn’t recorded a security incident since the partnership began, but that doesn’t mean anomalous activities aren’t being found:
“A few years ago, we migrated a number of on-premises devices to the cloud and sent backups to an AWS instance,” Moldenhauer said. “I forgot to let my Concierge Security Team know about this, and within minutes of the backups during our 3:00 AM maintenance window I received a call from Arctic Wolf informing me of what was happening. Obviously, this was a planned event and not malicious; but it’s nice to know that Arctic Wolf monitors my environment for anomalies like this, 24x7. They truly have our back when it comes to cybersecurity.”