Is ArticWolf Watching out for You?
-
A few months ago I agreed to participate in a beta test program for Artic Wolf. They are a Spiceworks partner and have a really interesting product. They send you an appliance that just analyzes traffic on your network, nothing more than a passthrough device. But they have a security concierge service that actively watches and manages customer devices for threats. They've detected some threats that we did not even know existed (some that even VIPRE did not catch).
Today we got an alert from VIPRE about active protection and it blocking an attempt to run FileExtractorSetup.exe on someone's machine. That was good. We started scrubbing that machine pretty soon afterward. Then, only a few minutes later, we get the following message from Artic Wolf:
Nick,
A file was recently seen being downloaded to a workstation within your network that may have undesired results if installed. The file is called "FileExtractorSetupG.exe", and was downloaded to the following workstation: ipdaddress\WorkstationName.
I ran an analysis on the file and it came back with the following results:
SHA256: 6f8f317a612e1f20a5810210554ef24fb099a0b2263bef429c58cfd1f3723eac
File name: FileExtractorSetupG.exe
AV Detection ratio: 3 / 50
Analysis date: 2014-03-07 15:41:44 UTC ( 0 minutes ago )AV Agent Virus Signature AV Date
DrWeb Adware.Downware.1838 20140307
Norman FakeNSIS.A 20140307
VIPRE InstallCore (fs) 20140307
If you have any questions please let me know.
I must say I have been very impressed with their product, especially the security concierge service. They analyze traffic to see trends, if devices on your network might be attempting to access systems in other countries, etc. They do all of the analysis and log review that you wish you did. Definitely check them out if you get the chance.
Now I just need to try and convince management to keep their service for the next year (which will be a paid endeavor).
-
Very cool.
-
That is very cool - what was the cost of the appliance?
-
I'm sure the person who got the malware did it with the intention of testing the services... That's what i'm sticking to
-
Definitely keep us in the loop as to how the testing goes.
-
Cisco's "self defending networks" ads from years ago springs to mind. Good to know this is getting more mature, and prospectively withing fiscal reach to obtain. Cisco is a great ecosystem, however they do price in the "princely sum" range.
-
That's very cool! I agree with @bob-beatty. What's the cost of an average appliance?
-
Ah money. Everyone always wants to talk hard currency.
-
@scottalanmiller said:
Ah money. Everyone always wants to talk hard currency.
It's kind of a deciding factor in most decisions...
-
@scottalanmiller And technically, hard currency could likely go away for artificial/virtual currency via a nice plastic card...;)
-
I am happy to say we were able to continue with Arctic Wolf. Their service continues to prove its worth to us to be more pro-active when it comes to threats on our network.
-
At first I thought that you meant this.
-
@scottalanmiller said:
At first I thought that you meant this.
It would have been nice if they could have bundled in a video game to play as well. I envision it something along the lines of a wolf who goes around chomping on malware.
-
Here is their public pricing: http://arcticwolf.com/managed-security-packages/
It sounds like an interesting service and I can fairly easily justify 1k per year to the client I can see making good use of this. But it is confusing what type of data you get for their base package.
-
That's a pretty good piece of mind for $6k annually.
-
@alexntg said:
That's a pretty good piece of mind for $6k annually.
Not for the current clients I have, that is too much. The 1k price is solidly acceptable. the 3k would be a big maybe but likely not.
-
@JaredBusch said:
@alexntg said:
That's a pretty good piece of mind for $6k annually.
Not for the current clients I have, that is too much. The 1k price is solidly acceptable. the 3k would be a big maybe but likely not.
I looked down near the bottom line. @NetworkNerd , unless I'm missing something, the entry level one's manual reporting?
-
@alexntg said:
@JaredBusch said:
@alexntg said:
That's a pretty good piece of mind for $6k annually.
Not for the current clients I have, that is too much. The 1k price is solidly acceptable. the 3k would be a big maybe but likely not.
I looked down near the bottom line. @NetworkNerd , unless I'm missing something, the entry level one's manual reporting?
Manual report paid for by the hour it seems like.
-
@JaredBusch said:
@alexntg said:
@JaredBusch said:
@alexntg said:
That's a pretty good piece of mind for $6k annually.
Not for the current clients I have, that is too much. The 1k price is solidly acceptable. the 3k would be a big maybe but likely not.
I looked down near the bottom line. @NetworkNerd , unless I'm missing something, the entry level one's manual reporting?
Manual report paid for by the hour it seems like.
Yep - they have to generate the reports for you.
