One of the nation’s oldest health and social services organizations has served children and adults with intellectual and developmental disabilities for more than 100 years. Throughout its history, the organization has pioneered new service models and developed new programs to meet the changing needs of people with disabilities and help them reach their full potential. This non-profit organization has partnered with local governments and communities to provide services across multiple states. In the course of its business, the organization stores and transfers a good deal of confidential data related to patients and others. That’s why it deployed Arctic Wolf security operations to protect electronic patient health information (ePHI) and sensitive personal identifiable information (PII) across multiple service facilities.
“Arctic Wolf™ is far superior to anything offered by traditional MSSPs, and the level of service I get from my Concierge Security™ team is truly amazing. We selected Arctic Wolf because it provides a comprehensive package that included everything we needed at an affordable price. To build the equivalent of the service in-house would have cost 10X.
Healthcare IT Director
Lack of Cybersecurity Expertise Creates Need for a SOC-as-a-Service Solution
Like many midsized organizations, the healthcare services provider has a modest IT staff tasked with managing a complex IT environment. This means its engineers must assume several roles and have little time for hunting down security alerts generated by point security products deployed in the organization’s IT infrastructure. Cybersecurity was not their forte, but the need to secure patient and client data became increasingly important with the rise of newer threats such as WannaCry ransomware.
Recognizing the gap in their expertise, the team weighed adding a managed security service provider (MSSP) solution, such as FireEye, against managing it in-house with Splunk Enterprise Security for security information and event management (SIEM). Their analysis showed they could not feasibly get all the services they needed from a traditional MSSP or an in-house SIEM without significantly increasing their budget and staffing.
Arctic Wolf’s service met their needs by providing a dedicated Concierge Security™ team (CST) that works as an extension of their IT team. The Arctic Wolf CST is their singular point of contact, monitoring their network and directing response to all threats. With years of security experience to draw from, the organization relies heavily on the CST’s expertise in handling its security-related matters and ensuring its data stays safe.
Addressing Alert Fatigue
The IT team had a good perimeter defense architecture in place, including next-generation firewalls, web gateways, and a mobile device management solution. The challenge was that each of these point solutions generated thousands of alerts per day. The IT staff had no time to investigate and determine which were legitimate security incidents. With so many alerts, alert fatigue can set in, where IT staff become so desensitized to the noise they fail to respond to an actual threat.
Arctic Wolf ingests thousands of daily alerts from the organization’s wide range of security products and highlights only those few that require some sort of remediation. The service combines machine intelligence to correlate incoming alerts with network flow data, behavioral analytics and threat feed subscriptions, and a dedicated CST to perform validation and triage. Additionally, Arctic Wolf includes unlimited log collection, so daily triage and forensics are performed across the entire network.
Dedicated Security Expertise and 24/7 Monitoring
The organization’s IT team was impressed by the Arctic Wolf security operations solution and Arctic Wolf’s DNA, especially for the following reasons:
A dedicated Concierge Security™ team that acts as an extension of the organization’s IT staff, and is always available as a trusted security advisor
A predictable, fixed monthly service cost for continuous network monitoring with expertise for threat detection and response, which was far more cost-effective than deploying a SIEM
Arctic Wolf is an engineering-driven company that continually invests in its cloud-based security operations platform to meet customer demands
Arctic Wolf: A Trusted Cybersecurity Partner
This health and social services organization found Arctic Wolf to be a trusted security operations provider, with a dedicated security team that understands its specific business risks (protecting PII/ePHI data) and provides customized reports to meet its compliance requirements. As a midsized non-profit organization with a small IT team, Arctic Wolf brought it peace of mind through expert 24/7 monitoring that’s become essential for growing non-profit organizations.