Cybercriminals Target First Responders
The Sparks police department experienced a ransomware attack that could have crippled the department if not for the swift action of the IT team. Once the team was alerted to the attack, it sought to identify all compromised endpoints, and restore the systems from backups. Though a crisis was averted, the incident was hugely disruptive, and the team was not sure what changes to implement to protect the police department and the entire Sparks workforce from falling victim to future attacks.
Soon after the ransomware attack, cybercriminals targeted police officers through spearphishing email attacks. Leveraging social media and other publicly available information, the cybercriminals also launched attacks targeting the highest levels of city government. The IT staff realized that they lacked the expertise to investigate these security issues and respond to them in a timely manner.
What frustrated the IT team was that these attacks bypassed their existing defenses from leading firewall-, email security gateway-, and web security gateway-provider Barracuda Networks. It would have been manageable if the defenses were able to detect and contain the attacks, but multiple attacks got through. Each attack was highly disruptive, and the lean IT team was not able to absorb the disruption while still providing the high level of service expected by the city’s staff.
Build vs. Buy
The Sparks IT team compared the option of building their own security operations center (SOC) to purchasing a comprehensive service from Arctic Wolf. An internal security operations team would offer a better understanding of Sparks’ IT environment and be more responsive. On the downside 24×7 coverage required a team of several people with extensive security expertise, and a SIEM, which is notoriously expensive to purchase and maintain. Hiring a team of security analysts, purchasing the software, and then getting everything up and running could easily take six to 12 months.
Buying a SOC service was a much more attractive option since it could be deployed quickly and at far less cost than an in-house SOC. A SOC-as-a-service is a comprehensive solution that requires no purchase of software or hardware. It includes a SIEM, set up and managed by seasoned security experts who become an extension of the internal IT team. After careful evaluation, the Sparks IT team selected the AWN CyberSOC service from Arctic Wolf.
AWN CyberSOC with Hybrid AI Delivers
The time to value for AWN CyberSOC exceeded expectations, and the service delivered value within a week of installation. The Sparks IT team was notified of passwords transmitted to websites in the clear, as well as more phishing attacks on police and fire department personnel. The Sparks IT team was also provided specific endpoint mitigation recommendations to quarantine compromised laptops and desktops. This removed the guesswork from how the team addressed security lapses.
One of the key technologies of Arctic Wolf’s SOC-as-a-service is Hybrid AI, the combination of human intelligence and machine scale, that delivers 10X better threat detection with 5X fewer false positives. Great cybersecurity starts with data, and the volume of data that needs to be processed is now beyond the capacity of human beings. The key to AI is the data it uses to learn, but one of cybersecurity’s biggest challenges is handling false positives, i.e., bad data. Therefore, human involvement is critical when AI is used for cybersecurity.
The AWN CyberSOC™ service is more than just a detection and response service for the Sparks IT team. They work hand-in-hand with their Concierge Security™ team (CST), who is considered an extension of their internal IT team. The CST has helped them close up holes in their firewall and even provided the team data and information to fix an issue with their internet service provider. The CST is not just there for ransomware and phishing attacks, but for all matters related to cybersecurity.