The Pennsylvania Housing Finance Agency (PHFA) is a quasi-government agency in the state of Pennsylvania, which assists low and moderate income families so that they can achieve home ownership. It also provides rental apartment options for senior citizens and people with special needs through counseling and administration of U.S. Department of Housing and Urban Development (HUD) contracts.
PHFA’s headquarters is located in Harrisburg with satellite offices in the Pittsburgh and Philadelphia areas. A small IT staff of just 10 team members is responsible for protecting the sensitive financial data and personal identifiable information (PII) of thousands of tenants stored in multiple databases in PHFA’s data center.
PHFA’s key infrastructure includes several web portal interfaces that make it possible for customers (tenants) to interact with mortgage lenders, and for attorneys to approve loans and rental agreements. All these web applications are exposed to the internet and are potential attack surfaces for hackers to get in and steal sensitive tenant PII data, such as social security numbers, pay stubs, and W2 tax statements that can be used for identity theft and fraud.
“Arctic Wolf® provides a far superior service than what an MSSP can offer. The Arctic Wolf solution is personalized, and the Concierge Security™ team is truly an extension of my internal team. I have peace of mind knowing they are focused on threat detection and response, 24/7.”
Kris Clymans, Manager, IT Infrastructure, Pennsylvania Housing Finance Agency
SecureWorks: Expensive and Unable to Meet Expectations
For more than 10 years, PHFA’s limited IT staff monitored its internet-facing network and servers using products such as intrusion detection/prevention sensors (IDS/IPS), email security gateways, and universal threat management firewalls. The team realized they needed to do more to address today’s threat landscape, but they did not have the knowledge or expertise internally.
Since a security operations center (SOC) is a fundamental element of any modern cybersecurity strategy, PHFA chose to work with a managed security services provider (MSSP) to gain the immediate benefits of a SOC. The agency chose SecureWorks for the company’s reputation and advanced capabilities. However, once a customer, it realized that SecureWorks’ security operations center did not provide a personalized level of service. Whenever IT team members called with a security issue, they had to move through tiers of support, and it seemed like a different person was helping them each time. The overall service experience was difficult and frustrating.
Arctic Wolf Becomes the First Line of Defense
After carefully re-evaluating their specific needs, PHFA selected Arctic Wolf for its security operations, and has now been a very satisfied customer for over two years. Among the reasons are:
Responsiveness: Arctic Wolf provides a personalized experience with a focus on actionable threat detection and response. And the PHFA IT team likes knowing a dedicated point person is always available for answering any technical questions
Regular Vulnerability Assessments: Arctic Wolf’s security engineers provide monthly vulnerability scans that help prioritize which systems to patch. This adds great value, and is a large reason PHFA remains happy with the service
24/7 Monitoring: PHFA relies on Arctic Wolf as the first line of defense 24/7 to stop any threats until the agency can determine a permanent fix
According to Kris Clymans, “No other solution over the last 16 years would notify us when a user entered credentials into a phishing site. That said, we only get notified of a very limited number of security incidents that need our attention. Either the automated rules address it or Arctic Wolf’s Concierge Security team handles it without getting us involved. We go months without having to intervene on many incidents.”
Delivering Peace of Mind to PHFA
The dedicated Concierge Security Team that anchors Arctic Wolf security operations has provided tremendous value to Pennsylvania Housing Finance Authority. The team reviews reports with business and IT leadership on a monthly basis, and provides an assessment of PHFA’s overall security posture, alerting the agency only about security incidents that matter, high-priority vulnerabilities that need to be patched, and outstanding security incidents that need to be closed. Arctic Wolf has delivered peace of mind to PHFA.