“We had never bought a security product we didn't learn to hate. That all changed with Arctic Wolf. We developed confidence in the service pretty quickly.”
-Steve Roach, Senior VP and Chief Information Officer (CIO), Valley Strong Credit Union
Protecting Member Information
With over $1.7B in assets, Valley Strong Credit Union serves over 150,000 members in Kern County, located in the southern half of California’s Central Valley. Valley Strong’s 450 employees operate 13 physical branch locations with five more planned for 2020.
Valley Strong’s IT infrastructure includes over 600 workstations, nearly 200 servers, and a variety of IP phones, routers, switches, and access points. The 36-member information technology (IT) team engineers, maintains, and secures the IT infrastructure and includes a small team of security specialists. However, protecting credit union member data and overseeing the diverse environment provides an ongoing security challenge.
Valley Strong faces natural difficulties in locating, training, and retaining IT professionals. The technology hubs of Southern California and Silicon Valley are strong magnets for talent in the central portion of California. Out of necessity, Valley Strong looks for innovative ways to overcome the IT and cybersecurity workforce shortage.
The credit union has its network environment monitored to keep an appropriate security posture, meet compliance obligations, and—most importantly—ensure member data stays protected. After initially trying to monitor its environment internally, it engaged managed security service provider (MSSP) Dell SecureWorks. Over time, however, SecureWorks couldn’t satisfy the security requirements nor provide the business flexibility that Valley Strong needed.
Steve Roach, senior VP and chief information officer at Valley Strong explained: “The security results were underwhelming. The reporting was limited, and it proved difficult at times to get their attention to make key changes in a timely manner. We needed a new path forward.”
The Dual Goal: Improved Cybersecurity; Fulfilled Compliance Obligations
In terms of regulations, Valley Strong operates under multiple compliance regimes, including the National Credit Union Association (NCUA) guidance and Payment Card Industry Data Security Standard (PCI DSS) requirements. The credit union also performs regular, third-party risk assessments to evaluate business risks—with cybersecurity risks a key consideration. As a result, it needed detailed reporting to support and inform these governance and compliance requirements.
The credit union’s IT management team determined it needed a best-of-breed partner to deliver the required security and compliance requirements, and conducted a thorough search. “We looked at three different managed detection and response solutions to make certain we made the right choice,” Roach said.
Valley Strong wanted a security partner who was familiar with credit union environments. After evaluating the choices and hearing recommendations from other credit unions, the Valley Strong IT team decided to deploy Arctic Wolf™ Managed Detection and Response (MDR).
“When I came onboard a few years ago, we were getting ripped apart by the NCUA on our cybersecurity. There were multiple issues and dozens of findings,” Roach said. “In the last two years there hasn’t been a single issue. Additionally, we’ve only experienced good results from internal risk auditors and third-party consultants. Arctic Wolf played a significant role in that improvement.”
The credit union’s IT team enjoyed a smooth and rapid deployment, as Arctic Wolf’s Concierge Security™ Team customized the service to the credit union’s specific operational and security requirements.
As part of its MDR service, Arctic Wolf helps Valley Strong reach its compliance goals with custom reports. Said Roach, “Arctic Wolf provides a product that our auditors understand and approve of.”
Arctic Wolf MDR has also proven cost effective. According to Roach, “Arctic Wolf brings exponential benefits in terms of affordability. It saves us several times over on the cost of a full-time employee, and that savings more than pays for a comprehensive security service that monitors things24x7.”
While Valley Strong initially deployed Arctic Wolf MDR to monitor on-premises infrastructure, the credit union is the process of migrating to Microsoft Office 365 (O365). The credit union plans to maintain the consolidated security visibility by monitoring O365 through Arctic Wolf MDR.
The Arctic Wolf security operations center (SOC)-as-a-service had enabled Valley Strong to economize on its security spend, avoid the cybersecurity talent shortage, and adapt as the credit union’s infrastructure evolves. As Roach said, “I typically only hear about a relationship with a vendor when something is going south, and I subsequently need to intervene. I have never had that with Arctic Wolf. That means a lot. It allows me to focus on projects that help the credit union and our members.”