Tech Check-In February 16, 2023 - Arctic Wolf

• Arctic Wolf 
  • Tony Mosey / SMB Account Representative
    612-201-9489 / This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://arcticwolf.com
  • Minneapolis based company.
  • 24x7 network monitoring may be the next Cyber Insurance requirement.
  • Managed Detection and Response solution - They will use what the school has for software currently.  AV/MFA/Firewalls, etc…
  • CST (Concierge Security Team) Team assigned to each school district.  Each school will work with specific staff, Schools will know who they are talking to. (9-5 M-F)
  • Triage Team - 24x7 team available for rapid response to an event.
  • Team is all North American Based.
  • Managed Risk - Vulnerability Scanning Service.  They are “Consultants” not actually fixing issues.
  • Managed Security Awareness - Via Micro-Videos 2-3 minutes each.
  • Incident Response Team when an event happens.  
  • Zero Dollar for 1 year logging 
  • Installs a physical system on-site to collect network info
  • Endpoint Agents for Windows, Mac and Linux based threat detection.
  • Cloud Connectors.
• ISASP Testing discussion
• Restoring a failed Veeam server
• ECF Chromebooks.
• MFA discussion

Welcome everybody to the February sixteenth edition of Technology Check-in. Thanks everyone for showing up today. And today we have, we'll start off day with a vendor presentation Marjor Wall. So just go straight them. Lou Keith is the. I'll turn it over you, and you can introduce your team, from there, so you. Sure. Yeah. Nice meet everyone, virtually here. My name Keith. I'm one sales representatives here at our tech wolf help cover in Iowa, specifically helping out, obviously educating guys around Arctic best practices. how about security strategy 3 solutions that provide market today, out lot K through 12 industry. Midwest, general. But couple people room me. I got Tony Mills. You can't see him on camera. He's he covers smaller side things school districts. That's his forte. then colleague, Joel as well Systems engineer, kind more brains behind actual engine. realistically, figured what would do give high level understanding some offer, maybe that'll get good gauge on. Maybe strategy. schools structure have built strategies might be looking build today's threat landscape it's ever evolving world guess quick show hands. Anybody heard article before. Nope! Okay. Got? Scott? Hello! Well, cool. no worries there. Essentially share my screen don't too many slides, but think helpful picture use cases. Our strengths industry really where customers. are northern Minnesota or Central Minnesota, should say, north operations center essentially manage detection, response. that's core bread butter companies act an extension their team. smaller, organizations bodies internally actually alerts they could generate all tools wanna come filter white noise is, sometimes generated having environment. we're known for. put this slide because always great place sense Main cases why someone look managed sock maze text Tool manage, SIM. They're similar outcomes, they're shooting want buckets customers usually fall into number incident breach lot. Of these been news, sure. quite few news. know Des Moines Public district was hit month ago, which those like wants bucket, trying proactive make sure bucket. mentioned second bucket The resources. This goes hand hand, think, next most K. Through 12. Don't budget funding hire 2 full time individuals outside it, Gardner industries saying engineer analyst monitor environment true coverage environment, implementing staff constraints. also agree could. We little bit hours back focus other topics, there's fire shows left right something else need dragged takes staff, constraints another. Another huge thing encounter ton. 24, 7 monitoring. yet 7, 3, 65 instant response plan. So, if happens middle night, who team going there deal issues arising you're using people's answer morning. When office hear, cyber insurance. guessing this, here, schools, insurance Okay, sounds like, yeah, everyone's same page. big things, saw by years Mfa. Multifact authentication. They wanted implemented, still process doing now already implemented new true. monitoring It not depending provider vary renewal. Coming year, will vary, realistically within year. 2. Most likely probably checkboxes gonna play. act. In check box well. Sam sock. spoke earlier, tool based approach. Is anyone familiar sandwich, Sam? Anything that? Does any today? mute. No chime not. If uses anything heads. Jacen, now. another avenues. A providers people. Basically way aggregate logs invested standpoint, 360 view, say bird's-eye view guy spaces. visibility attack surfaces bad actors second. giving paint. swath cases, standpoint. leave with. that, first foremost, service first-base organization. That goal. priority, case differentiator without part organization, where's hat? shift fundamental thought comes stronger implement tools. add That'll me secure, security. Tools fantastic, insight strong posture. downside is. There's operational outcome leaves year alerts, generate, becomes when this. did What's important? important we' delineate easier platform detection. Response. names you'll SIM, sock, Xdr. With tons accomplish different model concierge-based delivery engineers analysts end whatever you've firewall endpoint anti virus Edr tool, across factors network cloud users, Google Workspace, what's provided avenue won't identity. Mfa These sources attacks gain. Visibility entire 7,365 open Xdr architecture. questions anything. far. kinda talking before keep moving forward dive further No. take yes. There, break further, hoplight Mdr. Solution architecture moment, how. describe standpoint access resources side. You'll hear bit. CST. Consiers Security butter, our. qualify named analysts. Thread experts operations, titles Css. Certified, hunting throughout organization so. Essentially. We'll work parse human eyes only notify importance. reality, send notification, tell who, what, when, where, why, specifics each know, tells upon this? Because seems here's details alert. noise. getting peppered notifications it. resource alerts. Think them name. Trusted advisors. desk line call let's last relationship very comfortable mean extension. Your Bill, Shirley Steve, phone quickly certain arise speak message ticketing service. It's communicate individuals. journey personalized. Not as. 9 5. during hours. office. true? approach play triage are. round clock. True, 65, threats risks times. Now us, space sheer volume have. almost pushing 600 us socks. One largest socks Mdr solution solution. fastest slas responding critical events. rapid we'd spot night 30 min less notification fast. average 10 that. Obviously essence. forte stuff extremely fast quick. North American base. headquarters Minneapolis. main Provo, Utah, top talent recruit San Antonio, Texas, X military, Waterloo Ontario, were found University Waterloo, pull students maintain top-town industry, biggest hardest resources, around. try top-town. possibly can. I, coming do. What I've hitting used called Manage Risk. vulnerability. Scanning annually. supposed They'll pick vulnerability scan. It'll vulnerabilities living applications. patch accordingly. problem aren't consistent enough. Reality scans long periods time. catch nothing spreading cost Team kick continuous internal external ones prioritize gets spent saying, 100 vulnerabilities. start? Apache. save well, prioritization Shirley, Here's steps Patch note hands keyboard. keys kingdom deemed risk. trusted advisor. Approach sky per se was. Describe boots ground, third offer security, awareness, training. end-users backs, practices crucial, weakest link educate. users phishing email simulations training videos pieces small microw learning end. Users retain information they've seen. current trends landscapes. months ago Uber one, multi factor authentication pushbombing actor sending hundreds multi-factor till user clicked in. emails, tests, aware to. consolidation vendors. organizations, makes difficult renewals, working separate teams onboarding nice one-stop shop just. Add-on solutions. response, full-blown. Ir. Ir retainer fan, forensics keyboard, laptops, hard drives ransomware now, hope arctic doesn't let stage, full-blown, scenarios So. $0 ir choose year's worth log retention us. obtained 0, irr compliance, perspectives required For case. addition unique breaking down process. gain environment? earlier being agnostic caring house Whatever consciers tax services. agent application physical appliance, sensor mining aggregation install network. helps handful perspective. invisibility. agent, agent. piece 8 endpoints themselves. containment. Am. Or sleeping, prioritization. able machines, offline containment machines spread wildfire amongst completely optional. Some concerned fatigue installed cloud. Do Workspace Yup. heading mostly There. monitor. accounts, employees, teachers, faculty tie suspicions, activity happen Workspace. No! said, dashboard side, goal none daily basis, spend dashboard, though, easy tickets CEO. interact reporting features specific reports pass along leadership, highlights, vulnerability, scanning. There merge together unified interface between these, manning your. highlight about. does like? interaction? So? Excuse breaks timeline see, C hide person was, customer real-life CST interacted occurred. 5, 23 am. Active Directory, multiple notified accounts begin logging systems. Notified itself suspicious power, Powershell activity. triggered investigation. later, 5 triggering full-on investigation Then within. 1 pieces. they'll remediation things. whole Here, boy, severity varied, took remediate instant, then, full. journey. Aspect recommend scenario again potential logins, shouldn't designed paint CST, Any questions. mean, nutshell. strengths, concierge believe best, set stone Csts. unlimited amount extra really, had. Scott. hopefully, gives tick help. after depth wolf. Oh, assuming active, sorry, azure, directory integration Cause. said set. Yes, azure active We're eventually, everywhere, Directory Google, student Sis everything video surveillance based. obviously, know. question ask cost? limited budgets are, even afford, analysts, Dollar wise bring company support struggling districts dealing declining enrollment cuts back, superintendent Hey, dollar didn't charge student. Good. determine district? Great question. essentially, quote off, ton items. gotcha throw students, skew. students. staff. servers additional scoping saensors 90 days standard retainer. dollars. fairly job arming proper never, never $10,000 $100,000. sorry You, yourself somewhere close afford simply point directions, with, 100% partner-based channel-based local resellers Iowa component services pricing something. Philip, interested quoted idea I'd than happy conversation way. total guys's environments. Right, came Look, 500 $15,000, realm possibility of, at? feasible? Alright, lie $15,000 you'd over, 1,000 No, said. faculty, faculty. different. Joe ballpark, because, before, channel pricing. it'd relatively competitive. not, any? Are outrageous eyes? Because? sit $30. 1,500 $45,000, mentality thinking Yeah, okay. utilize for? pretty swap higher end, universities. whole. prominent country serious path potentially selecting process, writing reference calls speak, kind. figure. Out, obtain funding? them? guess. get? comparable size use, making feel move direction. Sarah? guessing. definitely one-off conversations. everyone. accurately conversations, Joel, mission Scott gladly reach Happy continue conversation, How you? thank Problem. Philip. did. cause login talk Everything background configure firewalls switches equipment, agents windows collect Login logging? Where? devices have? Send to, forensic. Sure Joe. Let's sporte. he's fourteenth. Jo, yeah. terms ingestion capability, wolf, charging collect. much telemetry possible performing tag surface gathering Physical Clients place. directly trustees course switch. pre-configured discussions plug-in exercise connection type provide. models host base desktops, servers. Msi file software deployed endpoints. Less MB 1% CPU. lightweight, system. Volunteer, wireless networks connected do? approved applications installed, sort thing. configuration. needs done deploy Mac Windows Linux devices. several taken advantage Sax version crowds right? Falcon, also, 40 edr. Liquid Networks, Would to? access, switch else? crowd strikes cell phones web route. got, added layer perform. Investigations. testing run site? scan manager detector included targeting, malicious Ips past, sensitive data dark gray exposed credentials risk taking scanner would. sensor, scanner. options, supported hypervisor virtual misconfigurations hardware. utilized detection external, risk, weekly basis rather once detective about, it? alla card thing? Say, basically sign everything. car. want. Mdr, core. You. later AD weariness time, benefits starting some, better bundling sentence Sidehouse, pick, works Alright. being, means retention. buy $0. He goes. saying. retainer! All right. 15 $20,000 Retainer, teams. Should use. It. lose Ours meetings Stored itself, pay inexpensive line, too. item, parts Yep, yep, Absolutely. question, meaning. beforehand District Cyber Insurance cyber-urance own already? provides company, care deem replacing services? compete up. Alright! stepped away moment. forgive has answered. worries. basically, Mac. client computers. absolutely, definitely, cross-platform. assumption chromebook. Plugin Schools chromebook but. flavor Linux, send? contact information, notes meeting people, look, watching recorded sessions notes, too, discovery call. guess, appreciate Scott, thanks guys, forum Everyone day, shout. me, jump Eric! Thank Thanks, everybody, Luke, then. Appreciate Alrighty! or? through. Round Table drowned. screen. Phil. customized felt blanketed, rate wouldn't discouragement bit, price unit. especially cost, understand again. so! Staff stupid, set, better, discount get, 500. P. versus. larger mine. mine, quantity larger. And. hopefully Gabe. gave ball ball, medium compromise isn't significant suspect price. isn't. Probably Gonna protecting? clients site. seen, capable running? Megabit throughput gig throughput, throughput. difference hardware fact logging, figure out. roll own? cheap enough logins. Solution, remote. I. chromebooks non-existent. outs Right. logs, server types necessarily individual would! sorry. wasn't, from. schools. contacted hoping thought, since priority! Minneapolis, Minnesota. We've fine, weird. mentioned, $15,000? willing invest, lines, wait minute. every sitting school. Every $3,500 assessments, Great. cheapest, quarter vendors Martin, Martin? overall. remember cheaper statewide. state wide ae source, Vaz assessment free. job. out? Martin Yard Bro. Wouldn't mind sharing, Ryan Come differences them, Mya seemed 15,000 entry level, 15,000. went cybersecurity. Someone beginning month, presenters Iowa? themselves O. CIO, $98 device list. readily available point. Really Ocio growing pains offering free, company. Eastern had licenses ran licenses. respond. strike Solution. sat deal. offered public school, Sac member free join, equivalent $65 Msi. Sac, 30,000 endpoints, installation part. apologies Phil, group? Just Rsp. wondering. Daniel, no, cruise control we've 4 gate. Firewall. decide fourteenth strike, Heart Wolf, may be. Seeio promising, pains, reevaluate But. her gals card, reached her, forget Government personal email, her. government. Services. she list sitting. Edr, liquid ago? text, $36 whether windows. Mac, started implement. running agency $35 reasonable blocking behavior. twice anything's happening, admin, console. Check what's. called? purchase party networks, 12, tech.plaea.org website. Click archives. networks. single license. An license mode weeks turned blocks. mode, happens, prevent happening. Even learning, there? Had Florida net integrates monitoring, Well. Edr. Software. it'll detects particular public. IP address. configured automatically blacklist integrate gate block haven't. Sophos, fortunate sophos conjunction want, multiple. AV. As needed. instead of. cell. Phones say. dropped folks sixtyr product switched machines. is? Max School. macbook errors client, machines? edr products. expensive they. first, site, administration People run, payroll systems infected ruin Kind antivirus end-user devices, determination. worthwhile student's machine ransomware, connector protected, Sure! image outweigh re image. box. terribly important. drop ocean. We, worried else, corrupt rights careful those. field. fear computers reckoned somewhere. Isas, day. reimaged machine. read matter mean. kept ransing rare other's server, rent, wearing clients. just, rights. admin administrative server. worry home. home, home advance parents? Machine? parents machine, maybe, don't. bunch Hmm! Start protected behalf Miss pronounce apologize. sapps. Hi sap! we, brand Internet campus. setting custom documentation, export campus imported software. available? needed wouldn't. myself expert, Honestly, Jmc. system, imports ice aspect. import me? assume. considerably bigger than. IC, Csv into, lets respect. watched error Csv. Here! through, adjustments kids special accommodations, screen, monochrome specialized stuff, iep's 50. Fours. whatever. export. testy generates, least passwords, codes, environments, new. seen somebody inventid Campus. Have some. assign passwords Well Allah Nebraska. Awesome. ticket Jason, Jason T. R. map experience. directly, perfect. interface, horrible. doing? documents. ticket, Rei, looks late nineties. Early thousands. shoehorned sense. terrible. find amazing, Daniel Jac Jca. J. mc! Mc, automatic built-in Which switching IC. From James. secure. Correct. counselors configuration works, sets tests stuff. either. instructional coaches look. shoulder watch around, roaming halls issue, generally coming. building, h guys. hard. correct, counselor, those? Counselor. prints sheet strips, chromebook? click app log. kiosk bottom. What? secure app. fine. Okay? prevents Googling answer, Got starts, micro Kiosk mode. testing. boot. key boot normally, General testing, unless Then, kiosk. Go Admin panel range Ol. for, 101 one. 8, older chrome. Books range, Some. Only, updates 98. Those test Eea. contacts resume issues, great. second, boss Let him. Yep. Mike, Sarah. on? You're muted. hardly though above far unmuted beam, backup choke. happened. happened, course, over. on, yesterday, recreating perfectly backups night. lesson bother beam can't. restore anyway. until anyway, business, bought. 700 Chromebooks Ecf. Money, Emergency Connectivity Fund, summer fall, early finally setup, trading classes chrome books old feels God! gotta plans yesterday. 71. good. nervous Hey? Talking Venn backup? backup. regime instant. repositories, download real, safe, immutable, helped double hockey sticks. file, huh! At immutable accessible, backups. 100%. restore. Tell copy Disconnect cable works. does, delete restored? backing machine? virtual. location. options says connect restored location, quick, actually, itself. up, correctly. upgraded Enterprise beam. automatically. community addition. real haven't box, recommending repository. backed deleted change duration encrypt Fy setup noticed off. mutable Turn ahead. turns Well! ducks row, mine fail eventually ended sent parts, both server's current. past date purged whatever? date. made reverse incremental runs h. seem reasonable? new, something, protection. continuously write overhead jobs, unfortunately, incrementals gone future being. anymore. workflow. X, M. reset Matt. all. versed Did super busy lately. wrong knock wood. lucky problems Alrighty, saying? birthday? child's birthday. Here Sounds nightmares having. nightmare thinking, man, months. oh, backups, go, nothing. will. spear-fished confident, campaign unusual superintendent, administrator has, looks, there's, unusual. investigate agency, impersonating superintendent. address Gmail address, superintendent's looked fairly, suspicious, district. campaign. contacts. jumping So! Kinda related enabling drive Admins secretaries shortly. students? factor. Authentication. option, kids, maybe. considered phones, Like told consider kids. complicate Staff, Authentication 6 codes superintendents, principals print desk, reception forever. numbers, Once cross should. only, useful. apologies. Yup! terrible signal, authenticator phone. surprised get. pushback, prepared. anybody yes, work. nobody complained, argument. complain step, account. amazing no. walk who's flipping realize personally. Moines, hack factor, immediately. period, Grace picked week emailed, emailed periodically remind cut cut-off fixed done. what? fix? It? misunderstanding couldn't fix Then? ahead, sir. so, codes. initialize code initiates prompted code. Hey! Huh? Do? short will, require activated. groups Admins, silly copy, Factor group. idea. do, listen aren't. factored wasn't signed fact, at. under reporting. Mr. Foley. require? assuming, steps, phones? Now, Nope, flirting Ivan, any. crystal! Last she, Crystal e-ate. After tying good, stay e-rate? want? Alrighty. wonderful enjoy. hey, Matt, Foley? up? Matt's meeting? hearing joining Stay warm Thursday.