Vandis' CTO, Ryan Young, sat down with Chris Fielder, Field CTO at Arctic Wolf, to discuss how Arctic Wolf is providing 24x7x365 full visibility managed detection and response (MDR), while guiding customers through their Security Journey, in a mission to end cyber risk.
Ryan: Can you tell us about Arctic Wolf and your mission?
Chris: Arctic Wolf began over 10 years ago when our founder, Brian NeSmith saw an opportunity to fix the challenges surrounding cybersecurity by moving beyond the concept of adding another tool to the mix. As a serial entrepreneur in cybersecurity and former CEO of Bluecoat, he was familiar with the long-standing problem still being seen today; there are plenty of great cybersecurity tools to do the job but just not enough talented people to use them.
That was the basis for the founding of Arctic Wolf, to end cyber risk. Not with another tool or agent, but by providing 24x7x365 full visibility managed detection and response to any size organization independent of their technology stack or tool selection, all while guiding them on a proactive, ongoing security posture assessment and hardening process we refer to as the “Security Journey”. We staff our Security Operation Centers with advanced talent from the field of cybersecurity while also developing new talent to ensure that we are overcoming the skills shortage facing many organizations today. Through our culture and unique approach, we have become leaders in security operations and an organization many talented individuals seek out as their employer of choice.
Ryan: With several different Security “as-a-Service” offerings available today from MDR, to MSSP, to SIEM-as-a-Service, can you share any recommended guidance to organizations to find the best fit for their needs?
Chris: We recommend finding partnerships which enable your current and future success. It is always best practice to find a vendor who works with your current technology set, rather than crafting your technology to meet their requirements. The best service partners are the ones that will provide full coverage for your environment, while also moving past the simplistic “alert forwarding” process of traditional services. Instead, next generation vendors should focus on noise reduction, full visibility, faster time to value, and the ongoing, proactive work of continually improving their customers’ security posture. There are several aspects of the organization and technology Arctic Wolf has built which makes us uniquely well suited to accomplishing these goals for end users today.
Ryan: What sets Arctic Wolf apart from other vendors in the market?
Chris: Our approach is vendor agnostic. We work with what you have today, along with what you plan to include in the future. We do not limit the amount of data that you can send us, as we see all data as an opportunity to detect threats hidden within your environment. We also provide our security operations as a concierge service that asks the question “what can we do to help?” Our service is not limited to a single set of interactions and processes, but instead allows our analysts to learn each environment as if it were their own so they may provide strategic guidance and customized reporting based on the unique demands of each customer.
Ryan: Can you explain "alert fatigue" and how Arctic Wolf solutions aim to minimize it?
Chris: Cybersecurity tools have long been designed to alert on any suspicious activity. The idea behind these tools is simple and based off the old saying “if you see something, say something.” Unfortunately, defining suspicious activity in modern environments is a difficult task. Many sensitive tools are prone to generating a high volume of alerts based off any potential indicators of threats they may identify. This leads to already over tasked analysts having to work through large volumes of alerts to verify what is a true positive and what is simply noise.
Arctic Wolf solutions solve this problem by validating all alerts first through our platform, and then by our dedicated 24/7 SOC Triage Team before they reach the customer. We have reached a 99% true positive alert rate when we escalate to the customer. This ensures that customers trust that when they hear from their Concierge Security Team; they know it’s a real issue requiring their attention, and not another false positive.
Ryan: What is the number 1 risk for organizations who are migrating more of their infrastructure to the cloud?
Chris: The biggest risk we have seen is the speed at which cloud is being adopted without the proper security visibility and alerting processes being put into practice. Each cloud addition to an organization expands their attack surface and offers attackers new access points into their environment, along with exfiltration points out. If these cloud resources are not secured properly and monitored continuously, then the organization risks adding vulnerable areas to their environment which can l go undetected. That is why we actively monitor cloud as well as on-prem resources for threats, along with the option to identify cloud weaknesses through our Managed Risk and Cloud Security Posture Management services.
Vandis and Arctic Wolf hosted a webinar on how to improve cybersecurity coverage while also reducing costs. The speakers discussed the limitations of endpoint protection products alone, how to implement best practices for preventing, detecting, and mitigating cyber threats before a breach occurs, and how this can lead to improved insurability. Watch it On Demand.