Arctic Wolf engineers are elite professionals steeped in the practice of security, living and breathing the industry’s best practices. They are constantly on guard to protect companies from known and emerging threats.
Discovering security threats from the inside is much harder than identifying and stopping threats from the outside. The detection alerting appliance uses proven non-invasive scanning technology to dig deep into whatever computer network that it's attached to, and then digs even deeper into everything that is connected to it, whether physically or virtually. But it's not just on a random data-gathering mission. Each time these detectors execute a pre-scheduled scan, it's on the look-out for three classifications of internal security issues: Anomalies, Changes and Threats.
The detector is an appliance that combines machine learning and intelligent tagged to identify suspicious anomalies, changes and threats to the environment. In addition, the detector's powerful analysis engine examines multiple data points and notifies you of security issues caused by unusual user behavior and network configurations.
Alerts Sent to SOC (Security Operations Center)
All potential threats which are discovered are automatically sent to the team to gauge the impact of the potential threat 24x7. This includes anything going on inside the network that could represent an internal security issue. These alerts are received in the form of a ticket to ensure all activity is tracked and logged. The alerts aggregate the issues that were detected during the past 24 hours and sorted either by priority/severity (high, medium and low) of the threat, or by the type of issue (threat, anomaly, change).
Threat Evaluation & Response
The evaluation of potential threats are based on the principles around CVE (Common Vulnerabilities and Exposures). CVE is a dictionary of common names (i.e. CVE identifiers) for publicly known cybersecurity vulnerabilities. Assigned by CVE Numbering Authorities from around the world, use of CVE Identifiers ensures confidence among parties when used to discuss or share information about a unique software vulnerability, provides a baseline for tool evaluation, and enables data exchange for cybersecurity automation.
Once evidence of an attack is discovered, careful steps are taken to begin the remediation process. The remediation process includes 3 key components: communication of the identified threat, removal of the threat, and documentation of the entire remediation process.
Internal Vulnerability Scans
The Internal Vulnerability scan operates behind the business firewalls to identify and expose real and potential vulnerabilities inside the network. The Security Operations Center reviews a monthly report designed to prioritize and measure issues by their CVSS (industry standard for network vulnerabilities scoring) to ensure the Incident Response Team can patch the weaknesses and fix the holes quickly and effectively.
Quarterly Security Reporting
The Security Operations Center culminates information from all of the included scans and services for the quarter and combines them into a single detailed and informational report as to the overall health of the organization’s security, including any potential security vulnerabilities. The SOC will review the report with the client to determine if any remediation or additional efforts are required.
Monthly Vulnerability Assessment
Maintaining good security posture requires proactive measurement of unpatched vulnerabilities. However, this requires trained experts, regular updates on new threats, and involved monitoring processes. Each month we will receive a vulnerability assessment highlighting actionable steps that can be taken to eliminate known attacks that exploit new vulnerabilities.