Securing Member Information
With nearly $1B in assets, Bay Federal Credit Union serves 71,000 members and is the largest locally-owned credit union on California’s central coast. Bay Federal’s 220 employees operate five branch locations in Santa Cruz, Monterey, and San Benito counties.
Bay Federal’s IT infrastructure includes workstations, servers, and various routers and switches across six physical locations. The environment includes a corporate network, an ATM network, and several cloud-based solutions. Overseeing the diverse environment provides an ongoing security challenge for the company’s IT team, so the ability to leverage advanced tools with a minimum of administrative overhead was a goal for Bay Federal Credit Union.
Bay Federal Credit Union had used a managed security service provider (MSSP). Over time, the senior management team determined a best-of-breed partner was necessary to meet enhanced expectations. Richard Roark, VP and chief information officer at Bay Federal, explained: “We needed a proactive partner, and decided to research managed detection and response (MDR) alternatives that could act as an extension of our team.”
“The value for me is that Arctic Wolf is an extension of our team. Arctic Wolf has helped enhance our security and improve our compliance reporting posture while enabling the Bay Federal team to focus on projects that add the most value to our business.”
Richard Roark, VP and Chief Information Officer (CIO), Bay Federal Credit Union
The Goal: Improved Cybersecurity While Fulfilling Compliance Obligations
“We wanted someone monitoring our systems as an extension of our internal team,” said Roark. “We looked at the various managed detection and response offerings with a focus on Gartner’s top five MDR players.”
Bay Federal had other significant needs as well. It operates in a dynamic business environment that is ever changing and growing. For that reason, it needed a predictable pricing model and flexible terms to accommodate future business growth. The pricing structure couldn’t be based on events or log volumes, which can fluctuate considerably. Equally important were compliance considerations. Bay Federal functions under multiple compliance requirements, including National Credit Union Administration (NCUA) guidance and Payment Card Industry Data Security Standard (PCI DSS) requirements. The credit union also performs regular third-party risk assessments to evaluate business risks, with cybersecurity risks a key consideration. Bay Federal needed detailed reporting to support and inform these governance and compliance requirements.
Exceptional Results in Short Time
Bay Federal’s IT team worked with Arctic Wolf’s Concierge Security™ team to customize the service to fit its exact operational and security requirements. Bay Federal rapidly saw benefits from the Arctic Wolf service. The IT team:
Immediately discovered a potential phishing attack that could have compromised corporate credentials
Now receives prompt notification of potential unauthorized events like network scanning and privilege escalation
Employs reporting features that help maintain an optimal security and compliance posture
Arctic Wolf also helps Bay Federal reach its compliance goals. Reporting for senior management and compliance organizations is no longer burdensome with Arctic Wolf's standard and custom reporting capabilities. “The reporting with Arctic Wolf is top notch,” Roark said. “I previously had to fight for critical reporting only to receive poorly documented results. Arctic Wolf has the type of specific, in-depth reporting that we need, and their reports exceeded our expectations. We received 90% of what we needed out of the box with Arctic Wolf and were able to work with our dedicated Concierge Security team to generate the additional 10% through custom reporting.”
Arctic Wolf has enabled Bay Federal to adjust resources and accelerate IT projects that add the most value to its business. According to Roark, “The personalized relationship with the Concierge Security team is great. This enables our credit union to minimize and control the time we spend on compliance. Now we can focus on IT projects that add business value instead of spending our time triaging security alerts.”