Solutions – Cloud Detection and Response – FAQ FAQ Cloud Detection and Response GENERAL What is Cloud Detection and Response? The Arctic Wolf Cloud Detection and Response solution provides 24×7 monitoring of your Infrastructure as a Service (IaaS) and Software as a Service (SaaS) platforms, providing awareness of your risks, misconfigurations, and threats across your cloud environments. Arctic Wolf Cloud Detection and Response is delivered by the Arctic Wolf Concierge Security Team, built on the foundation of the industry’s leading cloud native platform. How is pricing determined? Cloud Detection and Response is priced based on the number of user accounts and cloud servers protected—simplifying budgeting and offering a predictable approach to scoping and purchasing, and scaling security as your organization grows. How does Cloud Detection and Response integrate with other Arctic Wolf security operations solutions? Cloud Detection and Response is built atop the same Arctic Wolf Platform and delivered by the same Concierge Security Team as all Arctic Wolf security operations solutions, providing seamless security integration. Cloud risks are visible alongside on-premise risks in the Managed Risk portal, and threats and attacks are detected by the same Concierge Security Team. This integration allows for more effective security operations, detecting attackers that move back and forth between cloud and on-premise systems, and prioritizing the most serious risks regardless of location. IDENTIFY Can Cloud Detection and Response identify unsecured cloud resources? Yes. Cloud Detection and Response can detect unsecured cloud resources, such as S3 buckets—a key vulnerability commonly exploited by malicious actors. Can Cloud Detection and Response detect unauthorized cloud applications? Yes. Through its integration with Arctic Wolf Managed Detection and Response, Cloud Detection and Response can identify unauthorized cloud applications, or “shadow IT”, allowing organizations to mitigate the risk of data breach or loss associated with such services. MONITOR Can Arctic Wolf monitor for security issues in my cloud infrastructure? If so, what sources can you ingest? Yes. Cloud Detection and Response monitors for security issues in IaaS platforms and performs inventory reporting, environment benchmarking, and remediation recommendations. This monitoring allows Arctic Wolf to discover cloud risks and detect suspicious behavior. Cloud Detection and Response integrates with major IaaS platforms, including AWS and Azure. Can Arctic Wolf monitor for security issues in my SaaS applications? If so, which sources can you ingest? Yes. Cloud Detection and Response can detect key SaaS indicators of compromise, including suspicious logins or administrative activity, and malicious integrations. These alerts allow Arctic Wolf to detect serious attacks such as business email compromise, data breach, and more. Cloud Detection and Response integrates with major SaaS platforms including Office365, Gsuite, Salesforce, and Box. Is 24x7 monitoring included with Cloud Detection and Response? Yes. Cloud Detection and Response provides 24×7 security monitoring, with alerts on attacks or risks delivered in minutes. SIMPLIFY Is Cloud Detection and Response a security product or service? Cloud Detection and Response is a security operations solution. That means that it is a service delivered by our Concierge Security Team. Unlike security products, which often require extensive training and setup and ongoing maintenance and monitoring, Cloud Detection and Response simplifies cloud security by providing actionable outcomes from security operations experts. Who delivers the Cloud Detection and Response solution? Cloud Detection and Response is delivered by your Concierge Security Team, two dedicated security operations experts. What is required to deploy Cloud Detection and Response? Cloud Detection and Response is simple and easy to deploy. Once the solution is scoped and purchased, Arctic Wolf will collect the necessary cloud credentials through our secure portal. Then our security operations experts will activate and configure the service and begin monitoring. Can I customize monitoring under Cloud Detection and Response? Yes. Your Concierge Security Team can customize alerting rules, reporting cadences, and risk priorities, to ensure you are receiving actionable security information and ongoing guidance to improve your cloud security posture. What happens if an issue is identified in my cloud infrastructure or applications? If an issue is identified in your cloud environment, your Concierge Security Team will verify the issue and alert you as per your previously determined escalation policy. This can include ticketing, emails, or emergency phone calls. The Concierge Security Team will manage the end-to-end workflow of detection and response, and then provide remediation and validation guidance to ensure the issue is resolved.