“We wanted to better understand threats to our environment and collect information so we could quickly react to those threats, both on premises and in our AWS environment. Arctic Wolf helps us achieve needed visibility and the necessary responsiveness.
- Information Security Manager, Top Five Real Estate Company
The Need to Secure a Wealth of Corporate and Customer Information
This top five global real estate company has over 400 employees with multiple offices. The firm provides tools and support to thousands of franchisee agents.
The real estate company has more than 75 on-premises servers, as well as an extensive AWS server infrastructure with over 370 instances. Its IT team manages, secures, and monitors a diverse infrastructure that includes workstations, servers, firewalls, and network infrastructure comprised of switches, routers, and wi-fi access points. The team also must maintain compliance with regulatory regimes including the Sarbanes-Oxley Act (SOX) and the Payment Card Industry Data Security Standard (PCI DSS). The company has various applications handling sensitive financial and human resources data, and personally identifiable information (PII) in on-premises and cloud servers could trigger state data breach laws once compromised.
The Challenges of a Dynamic Cybersecurity Environment
Prior to considering a managed detection and response solution, the company had no comprehensive approach to holistically monitor infrastructure or glean security insights from log data generated by its various IT systems. Its IT team had a small set of internal monitoring tools to monitor specific systems, but knew it lacked visibility and risked missing significant threats. According to an information security manager for the firm: “We told the board we had to improve how we monitored the environment. In particular, we needed to be more responsive to threats and to the unique nature of AWS environments.”
The firm considered various options. The choices narrowed down to: (1) Establishing their own security operations center (SOC) on-premises using a LogRhythm security information and event management (SIEM) platform or (2) Leveraging a managed security service offering.
It didn’t take long, however, to realize that going the LogRhythm route and then needing to hire a dedicated staff to run an in-house SOC was cost-prohibitive. This remained true even when considering a LogRhythm SIEM co-managed through a third party. The firm then evaluated the managed security service provider (MSSP) model from AT&T, but found the AT&T offering lacked the “named” team provided by Arctic Wolf and might not provide the necessary attention to the company’s needs.
In came Arctic Wolf and its managed detection and response (MDR) service. The company’s IT team soon determined that Arctic Wolf’s MDR offering provided the best option to meet its ongoing challenges and ramp up its cybersecurity posture.
The information security manager for the firm explained the decision this way: “We appreciated the attention Arctic Wolf could provide to us with its Concierge Security model. We are still building out our cloud environment and needed a partner who could grow and learn with us, as well as offer advice on ways to achieve an optimal security posture.”
Arctic Wolf SOC-as-a-Service Elevates Cybersecurity
The Arctic Wolf SOC-as-a-service featuring Arctic Wolf™ Managed Detection and Response was initially deployed in early 2019 across the company’s on-premises environment, rolling out the AWS deployment over time. Today, Arctic Wolf provides the firm with visibility across both environments. This monitoring has helped it to better understand its environment and sustain compliance with SOX and PCI DSS mandates.
The Arctic Wolf Managed Detection and Response service has helped the firm’s IT team validate security changes, and notified the company when an unexpected—though legitimate—root login occurred. This is one of numerous examples where Arctic Wolf has raised the company’s capabilities and removed the burdensome load of cybersecurity off of its internal IT team.
“We have a lean team and our resources were fully booked with projects before taking on a SOC. However, Arctic Wolf enabled us to leverage the full advantages of SOC services without distracting from other IT security priorities,” the information security manager said.
The company’s AWS environment includes a variety of pieces, including Amazon EC2 instances, S3 buckets, ElastiCache, and RDS instances. The firm uses a microservices approach to its AWS applications with EC2 instances in Kubernetes. “AWS is a big focus of our development efforts given the value of the cloud, so we must ensure the same sort of protections around our AWS environment that we have on premises,” the information security manager said.
After consulting with the Arctic Wolf Concierge Security™ Team, the firm decided to deploy Amazon GuardDuty to better monitor its environment. GuardDuty monitors for malicious activity and unauthorized behavior in AWS accounts and workloads. Arctic Wolf MDR is now ingesting GuardDuty telemetry to obtain better visibility to the firm’s AWS environment. GuardDuty can generate a considerable volume of alerts, and Arctic Wolf MDR ingests and distils those alerts to arrive at actionable threat information. Looking forward, the company has plans to extend Arctic Wolf monitoring to its Salesforce infrastructure
The bottom line for the firm’s IT security manager is how “Arctic Wolf provides an independent set of eyes to watch our environment. Working directly with the Concierge Security Team has been a seamless experience and through our meetings allow us to consistently improve our security posture.”