Solutions – Managed Risk – FAQ

FAQ

MANAGED RISK

GENERAL

What is Managed Risk?

Built on the industry’s only cloud-native platform to deliver security operations as a concierge service, Arctic Wolf® Managed Risk enables you to define and contextualize your attack surface coverage across your networks, endpoints, and cloud environments; provides you with the risk priorities in your environment; and advises you on your remediation actions to ensure that you benchmark against configuration best practices and continually harden your security posture.

How is the Managed Risk solution different from Managed Detection and Response?

Arctic Wolf Managed Risk continuously scans your networks, endpoints, and cloud environments for risky software, assets, accounts, and misconfigurations beyond simple vulnerability assessment tools. Delivered as a concierge service, Managed Risk helps you take a more proactive approach to security by identifying gaps to harden your security posture over time. Arctic Wolf® Managed Detection and Response provides 24×7 monitoring of your networks, endpoints, and cloud environments to help you detect, respond, and recover from modern cyber attacks.

What's the difference between external scans performed by the Managed Detection and Response (MDR) solution and ones performed by Managed Risk?

There are three main differences in the external scans performed by Managed Risk when compared to MDR. The first is Managed Risk provides self-service access to the scanning configuration and the results are available in the Managed Risk dashboard. Second, the Managed Risk scan frequency can be set to execute weekly, whereas the default scan is monthly with MDR. Finally, Managed Risk uniquely performs web application scans, which provides a deeper granularity of exposure on any external facing applications such as portals or dashboards.

Does the Arctic Wolf Agent have to be installed in order to use Managed Risk?

Currently, installing the Agent is not a requirement — though it is recommended, as audit and alert data collected from supported devices assists in detecting potential threats, as well as uncovering known vulnerabilities and risks. The Agent is, however, required to be installed to address additional use cases, such as host-based vulnerability assessment and CIS benchmarking in Managed Risk, and managed containment — where a host device is required to be contained — in MDR.

How is the Arctic Wolf Agent deployed?

The Arctic Wolf Agent can be deployed using a deployment tool such as General Policy Object (GPO) for Windows environments, or Jamf for MacOS environments. Since the installer generates a unique ID upon startup, it is not recommended or supported to install the agent on a “golden image” in Virtual Desktop Infrastructure (VDI) environments.

How does an existing customer install the Arctic Wolf Agent?

Existing Arctic Wolf Customers should submit a ticket to their Concierge Security® Team (CST), who works directly with them to deploy the Arctic Wolf Agent in their environment. Existing customers can also contact their Customer Success Manager, which will trigger the same workflow of submitting a ticket to install the Arctic Wolf Agent with the CST.

DISCOVER

Does Managed Risk perform web application scans?

Yes, the web application scanning capability looks for risks such as cross-site scripting, SQL injection, and other OWASP Top 10 attack types.

Does Managed Risk have an audit trail of changes done in the web portal?

Audit trail information of changes made is recorded and can be requested from your security operations expert on the CST. Currently, this information is not visible in the Managed Risk Dashboard.

How often is the Account Takeover capability updated with new information about dark web exposures?

The Account Takeover capability is updated with new information obtained from dark and grey web sources weekly. These scans are completed on a monthly cadence to capture any corporate credentials or other critical personally identifiable information (PII) that may have been exposed as part of a publicly disclosed data breach.

Where does Arctic Wolf obtain its list of known vulnerabilities? How often are the feeds updated on the scanners?

The Network Vulnerability Tests (NVTs) arrive from the OpenVAS/Greenbone Commercial Feed. This feed is updated 4 times daily. Arctic Wolf polls for new NVTs on an hourly basis.

Can I use Managed Risk to scan vulnerabilities in my IaaS cloud environment (Amazon, Azure, Google, etc.)?

Yes, when combined with Arctic Wolf Cloud Detection and Response (CDR), Managed Risk features an additional Cloud Security Posture Management (CSPM) product that can scan for vulnerabilities and misconfigurations in SaaS and IaaS environments inside AWS, GCP and Azure.

Is the Arctic Wolf Agent data searchable in Log Search?

Yes, data from the Arctic Wolf Agent is searchable in Log Search. AWN-Agent is the type.

ASSESS

How is the criticality of a vulnerability determined?

For CVEs and those with known exploits, the criticality of vulnerabilities is obtained based on available CVSS information. For other risks that are not pure CVEs, we rely on the OpenVAS/Greenbone Commercial Feed. This feed is updated 4 times daily, and Arctic Wolf polls for new NVTs on an hourly basis.

How is the criticality of the asset determined?

Managed Risk has a proactive way of engaging with its customers with the Concierge Security delivery model. Our Concierge Security Team (CST) examines your environment and provides you with a list of assets which are already deduplicated and assign asset criticalities for you to quickly review. We also review your environment characteristics and requirements.

How is the overall customer risk score calculated?

The quantified risk score presented in the Managed Risk dashboard is calculated based on multiple factors. Get full details in Quantifying Cyber Risk: Calculating the Arctic Wolf Managed Risk Score Managed Risk Technology.
HARDEN

How does Arctic Wolf proactively mitigate digital risks?

Built on the Arctic Wolf Platform and delivered by security operations experts, Arctic Wolf Managed Risk is designed to help you discover, assess, and harden your environment against a greater number of digital risks beyond vulnerabilities. The Managed Risk solution produces easy-to-understand risk scores delivered through insightful dashboards and reports provided by your Concierge Security Team (CST). Your CST works directly with you to add context to identified risks, deliver insight on configuration gaps and account takeover (ATO) exposure, and provide strategic guidance so you gain clarity on what you should do next to proactively mitigate risk.

How does my Concierge Security team help if an issue is found?

The Concierge Security Team (CST) is your single point of contact for your Arctic Wolf Managed Risk solution to help you through remediation if a critical risk is found. Your CST serves as your trusted security operations expert and as an extension of your internal team. They help you:
  • Customize service to your needs
  • Continuously scan your environment for digital risks
  • Perform monthly risk posture reviews
  • Provide actionable remediation guidance
  • Deliver a customized risk management plan to prioritize remediation and measure progress