Latest Arctic Wolf Update    VIEW  
Arctic Wolf
Arctic Wolf

Solutions – Managed Risk – FAQ

FAQ

MANAGED RISK

General

What is Managed Risk?

Built on the industry’s only cloud native platform to deliver security operations as a concierge service—Arctic Wolf™ Managed Risk enables you to continuously scan your networks, endpoints, and cloud environments to quantify digital risks. Your security operations expert from the Concierge Security® Team works directly with you to discover risks beyond simple vulnerabilities, benchmark the current state of your environment, and implement risk management processes that harden your security posture over time.

How is the Managed Risk solution different from Managed Detection and Response?

Arctic Wolf Managed Risk continuously scans your networks, endpoints, and cloud environments for risky software, assets, misconfigurations, and accounts beyond simple vulnerability assessment tools. Delivered as a concierge service, Managed Risk helps you take a more proactive approach to security by identifying gaps to harden your security posture over time. Managed Detection and Response helps you detect, respond, and recover from active threats to neutralize their impact, while providing strategic guidance along your security journey.

What's the difference between external scans performed by the Managed Detection and Response solution and ones performed by Managed Risk?

There are three main differences in the external scans performed by the two solutions. The first is self-service access to the scanning configuration and results are available in the Managed Risk dashboard. The second is with Managed Risk—the scan frequency can be set to execute weekly, whereas the default scan is monthly with MDR. Finally, Managed Risk uniquely performs web application scans, which provides deeper granularity of exposure on any external facing applications such as portals or dashboards.

Does the Arctic Wolf Agent have to be installed in order to use Managed Risk?

Currently, installing the Agent is not a requirement—but it is recommended. Audit and alert data collected from supported devices assists in detecting potential threats, as well as uncovering known vulnerabilities and risks. The Agent is required to be installed to address additional use cases, such as Host-Based Vulnerability Assessment and CIS benchmarking (Managed Risk), and Managed Containment (Managed Detection and Response)—where a host device is required to be contained.

How is the Arctic Wolf Agent deployed?

The Arctic Wolf Agent can be deployed using a deployment tool such as General Policy Object (GPO) for Windows environments, or Jamf for MacOS environments. Since the installer generates a unique ID upon startup, it is not recommended or supported to install the agent on a “golden image” in Virtual Desktop Infrastructure (VDI) environments.

How does an existing customer install the Arctic Wolf Agent?

Existing Arctic Wolf Customers should submit a ticket to their Concierge Security Team (CST), who works directly with them to deploy the Arctic Wolf Agent in their environment. Existing customers can also contact their Customer Success Manager, which will trigger the same workflow of submitting a ticket to install the Arctic Wolf Agent with the CST.

Discover

Does Managed Risk perform web application scans?

Yes. The web application scanning capability will look for risks such as cross-site scripting, SQL injection, and other OWASP Top 10 types of attacks.

Does Managed Risk have an audit trail of changes done in the web portal?

Audit trail information of changes made is recorded and can be requested from your security operations expert from the CST. Currently, this information is not visible in the Managed Risk Dashboard.

How often is the Account Takeover capability updated with new information about dark web exposures?

The Account Takeover capability is updated with new information obtained from dark and grey web sources weekly. These scans are completed on a monthly cadence to capture any corporate credentials or other critical personally identifiable information (PII) that may have been exposed as part of a publicly disclosed data breach.

Where does Arctic Wolf obtain its list of known vulnerabilities to check for? How often are the feeds updated on the scanners?

The Network Vulnerability Tests (NVTs) arrive from the OpenVAS/Greenbone Community Feed. This feed is updated as needed but is generally updated daily. Arctic Wolf polls for new NVTs on an hourly basis.

Can I use Managed Risk to scan vulnerabilities in my Amazon, Azure, Google, etc. IaaS cloud environment?

Yes, when combined with Arctic Wolf Cloud Monitoring, Managed Risk features a Cloud Security Posture Management (CSPM) capability that can scan for vulnerabilities and misconfigurations in SaaS and IaaS environments such as AWS.

Is the Arctic Wolf Agent data searchable in Log Search?

Yes, data from Arctic Wolf Agent is searchable in Log Search. AWN-Agent is the type.   

Benchmark

How is the criticality of a vulnerability determined?

For CVEs and those with known exploits, the criticality of vulnerabilities is obtained based on CVSS information available. For other risks that are not pure CVEs, criticality is assessed based on factors such Network Vulnerability Tests (NVTs) that come from opensource feeds such as OpenVAS/Greenbone Community Feed.

How is the overall customer risk score calculated?

The quantified risk score presented in the Managed Risk is calculated based on multiple factors. Get full details in the Quantifying Cyber Risk: Calculating the Arctic Wolf Managed Risk Score Managed Risk Technology Showcase.

Harden

How does Arctic Wolf proactively mitigate digital risks?

Built on the Arctic Wolf Platform and delivered by security operations experts, Arctic Wolf Managed Risk is designed to help you discover, benchmark, and harden your environment against a greater number of digital risks beyond vulnerabilities. The solution produces easy-to-understand risk scores delivered through insightful dashboards and reports provided by your Concierge Security Team (CST). Your CST works directly with you to add context to identified risks, deliver insight on configuration gaps and account takeover (ATO) exposure, and provide strategic guidance so you gain clarity on what you should do next to proactively mitigate risk.

How does my Concierge Security team help if an issue is found?

The Concierge Security Team (CST) is your single point of contact for your Arctic Wolf Managed Risk solution to help you through remediation if a critical risk is found. Your CST serves as your trusted security operations expert and as an extension of your internal team. They help you:

  • Customize service to your needs
  • Continuously scan your environment for digital risks
  • Perform monthly risk posture reviews
  • Provide actionable remediation guidance
  • Deliver a customized risk management plan to prioritize remediation and measure progress