Arctic Wolf Managed Detection and Response Reviews

I was subject to a malware attack and after it took us three full months to fully recover from that, I decided to make sure I was never in that position again.  Arctic Wolf was referred to me by my MSP who I have a long-standing relationship with. It was an excellent suggestion.  

It has improved my security position to where my business is now safe, and I don't have to constantly worry about another attack! That's invaluable to me. 

They have a portal where you can evaluate and mitigate any vulnerabilities that you and your network might have. This is a fantastic tool to help you secure your environment.

The only thing I would say is that if they gave some lessons on some risks and how to help mitigate those risks, that could be helpful. If you are not in the security field, this can be difficult to figure out from time to time.

I have been using Arctic Wolf for almost two years now and couldn't be happier with the service.  

The stability is very, very good. 

The scalability is very, very good. 

I did not have a previous solution. 

The initial setup is more complex than I would have liked. I wish I would have been able to do more myself instead of having outside IT guys do it.  

I had assistance from a vendor team. They were from my MSP so they were excellent. 

The solution provides excellent ROI. 

I'd advise others to weigh the ROI carefully with how much work they will have to do versus what the SOC does. In my case, I run multiple other businesses, so I knew I needed a solution that was more turnkey than most. 

I evaluated a dozen other potential solutions. 

Go with Arctic Wolf - you won't regret it. I just signed on for three more years after only signing for one year, then again for a second single year.  My experience has been so good that I signed up for three full years this time.  

We use the solution for SOC and SIEM.

The product has helped me eliminate the workload on my security team.

The product provides integrations with several different SaaS applications.

The implementation process could be a little more streamlined.

I have been using the solution for nine months. It is a SaaS-based service.

I rate the tool’s stability an eight or nine out of ten. I haven’t had any issues with the platform.

I rate the tool’s scalability an eight or nine out of ten. It is pretty easy to scale it.

The service team is responsive.

Positive

The deployment process is not highly complex but could be more streamlined and transparent.

I am beginning to see the return on investment because the tool saves me resources. On average, we get a 50% return on investment. We can't completely do away with your SOC team. However, I don't have to hire more people as I scale up. The solution’s service runs 24/7. It definitely takes a load off of me. I do not need a team 24/7.

The pricing is fair. It is not necessarily the most cost-effective, but it is not the worst.

We evaluated Red Canary and Rapid7. We chose Arctic Wolf because of its pricing and capabilities.

The industry chooses tools that have EDR. People should strongly consider buying the product. Overall, I rate the tool a seven out of ten.

I've had a lot of customers use Arctic Wolf AWN CyberSOC and love it. With Arctic Wolf AWN CyberSOC, they can save, in a lot of cases, hundreds of thousands of dollars by not hiring a security team.

What's valuable about Arctic Wolf AWN CyberSOC is the cost savings it provides for companies that no longer have to hire a bunch of security people and pay for a SIM.

Overall, it's a pretty good product.

We don't have many customers who complain about Arctic Wolf AWN CyberSOC. However, their new licensing model has room for improvement because of the limited user SKU. Many users do not necessarily use telemetry so they should not be charged for it.

I would like to see them build the ability to co-sell an EDR platform, manage an EDR or manage the actual response, potentially from the issues that are coming up from the security risks.

I have been using Arctic Wolf AWN CyberSOC for two to three years. 

Arctic Wolf AWN CyberSOC is very stable. 

Arctic Wolf AWN CyberSOC scales well unless you have a lot of locations and you need a lot of physical sensors. This is because Arctic Wolf AWN CyberSOC is hybrid and organizations have to put sensors on big telemetry sites. If you have a lot of locations, then the costs can be kind of high. But it's scalable because they don't charge for ingestion and things like that.

We currently have some 20 customers using it. Specifically, within organizations, IT departments work with Arctic Wolf AWN CyberSOC, in addition to CIOs, CISOs, directors of IT, and CFOs.

Our customers are happy with Arctic Wolf's tech support. 

Positive

Many of our customers did not use a different solution before deploying Arctic Wolf AWN CyberSOC.  

The initial setup is very easy. Their team helps you with it. 

Deployment usually takes about a week or two or a total of about 10 to 15 hours depending on the environment. 

It's one of the fastest growing technologies and services out there in the space. We will continue to use it.

You just need one person from your team to facilitate deployment, but Arctic Wolf will set it up for you.

Arctic Wolf AWN CyberSOC is not software, it's a service. How much it costs will depend on the number of users and the amount of data and servers. The price varies. For example, a 100-person shop might cost 40,000 a year.

The advice I would give to others looking into implementing this service is to strongly consider deploying with a MDR provider instead of in-house.

Overall, I would give Arctic Wolf AWN CyberSOC a nine out of 10. It is a good product. 

The solution helps monitor our endpoints and network traffic. It alerts us whenever something's going down. It has been pretty helpful.

The product helps with visibility.

The agents that are installed help detect threats. The agents give pretty good visibility into what is happening at the endpoint. The response to threats is pretty quick. Depending on the severity, the team sends an email or gives us a direct call. The weekly and monthly reports through the dashboard are helpful.

It will be helpful if the dashboard is more granular. The vendor must allow us to see what they see on their end.

I have been using the solution for three months.

I rate the tool’s stability a nine out of ten. The product hasn’t gone down since we have had it.

We have around 1000 users.

We have 24/7 support. It’s like an extension of the department. The technical support is pretty helpful. Someone's always there to help us.

Positive

The initial setup is pretty straightforward. The documentation is pretty good. I rate the ease of setup an eight out of ten. It is a SaaS solution. Two network engineers can deploy the product. We have network engineers and analysts on our team. We make sure the agents are not degraded. Most of the maintenance is done by the vendor.

The pricing is pretty competitive.

I will recommend the solution to others. It provides more visibility into the environment. If the staff is pretty short-handed, it helps out. Overall, I rate the product a nine out of ten.

We use them as our managed doc. Instead of hiring a security specialist, we'd rather pay for a solution and have them monitor our network for any intrusion detection, and geotagging, and that's our use case - to use it to protect our company.

For us, the best aspect is not having to hire someone. We have an appliance do the job for us and automatically notify us versus hiring a staff member who we then have to pay. For us, the benefit is it keeps us safe as well as integrates with our other products. For example, we use CrowdStrike as well, which it integrates with, and we use Azure, and Office 365, which also integrates with it. This solution just saves us time. It does all of the scanning and monitoring and lets us know what is going on versus having a staff member do it.

I love their portal and their communication style. They provide useful quarterly updates.

The solution is very stable.

It can scale just fine.

Support is helpful.

The initial setup is pretty straightforward. 

It's nitpicky; however, if it could integrate with more of our products, like our CRM, that would be ideal. They may only integrate with Salesforce. We use a different mid-market CRM. We'd like to see integrations with Marketo and other software. 

It can be a bit expensive. 

We've had this solution since 2020.

I haven't had any issues with the stability. It's reliable. There aren't bugs or glitches, and it doesn't crash or freeze. 

The solution can scale. We have a buffer built into the account as we are growing and intend to scale to cover more people. Our current user base ranges from 230 to 300 endpoints. 

We've dealt with technical support in the past, and they have been great.

Positive

While we have used an antivirus previously, we haven't used anything quite like Arctic Wolf. We chose Arctic Wolf as it integrated with our antivirus and had a strong global presence. 

In terms of deployment, they had sent two devices out to us. My network team installed them, and then we currently rolled them out by endpoint to each device. For every computer we set up, we put their product on it.

There were two of us that handled the deployment process. The implementation happened over a couple of days. However, the actual work may have only taken five hours. 

We don't have to maintain anything. they have a direct connection and can maintain it for us. 

The ROI is keeping our business up and running. We have not been down, nor have we had any ransomware attacks or any intrusion into our network in the past three years.

The pricing is a bit on the higher side. 

We have additional software to go along with it. We kept the logging for more than 90 days as well as integrated it with our Office 365.

We did evaluate other options before choosing this solution. 

While we have an appliance on-premies, it is available on the cloud as well. 

We are using the latest version of the solution. 

The solution does what they say. They don't overpromise and underdeliver. They actually do what their product's supposed to do, and I find that's very hard with vendors. When you deal with the salesperson and then you get the implementation, there are things missing. With Arctic Wolf, you get exactly what you're supposed to get, and it works. I have not had any downtime.

I'd rate the solution ten out of ten. They're one of the only vendors I would actually give references for.

Having Arctic Wolf sensors and the stand-alone traffic-mirroring appliance within our network provides secure copies of critical logs as well as rapid analysis and response when there is unusual behavior within our network. 

This service is our primary anomaly detection tool. In concert with our endpoint security and our frequent vulnerability scans, Arctic Wolf provides an active review of threat signatures and unexpected events that allows our operations and security team to sleep better at night. 

This service makes answering audits much easier since it covers so many security best practices. Therefore, any of the popular frameworks are covered by this managed detection and response service.

The real-time monitoring is very real-time. We usually get an alert from Arctic Wolf just as someone on our team says 'oops, I locked my admin account' or 'I just created the new admin account on our device'.

The customer service is excellent. They offer very quick responses to active tickets, and we get great responses from the account reps as well. In a world with thousands of startup security vendors offering various flavors of 'AI-enhanced' snake oil, Arctic Wolf provides an obvious security service well. 

The quarterly reviews provide an excellent cadence to help organize our security priorities and help set thresholds to improve our signal/noise ratio, as well as provide a quick overview of the entire threat landscape to our full team. 

The default emailed reports are great for building our audit defense and helping us to meet the requirements of both state and independent auditors. 

The ticketing system is adequate, although the formatting of the auto-generated ticket emails could be updated to a more modern and cleaner style. 

This product is very feature-rich. I would actually be interested in having fewer features at a lower price. The problem is that the active responses require a high level of technical staffing and I expect it's hard to scale that down.

I am also interested in the new features which allow the customer access to the raw log repositories and the analysis tools provided by AW, however, I cannot justify the expense or time of adding those features at this time. Overall it is a very appropriately sized product that does not try to do everything. 

My company has been using this for several years. However, I have only been here using it for one year. 

The solution is very stable. 

It's great for a company our size (~100 employees in total, some on-site IT services, and ~5 network/systems/helpdesk staff). 

Customer support and service are basically what you are paying for. The technical pieces of the solution are great, however, the ticket response and the quarterly reviews are where the real value is. 

Positive

I am not sure if something was used previously as I've only been in this role with this company for one year. 

I wasn't part of the setup. The maintenance and reconfiguration (from in-line to mirrored traffic capture of the hardware device) have been simple and well-supported. 

We would require around 0.75 technical FTE to do the work of this solution, which we could not do for the price. 

In general, it's worth it. If you have any regulatory compliance requirements or other external requirements on your information security approach and you do not have a massive internal team to handle log analysis and similar tasks, this is a great solution. 

I did not choose this solution. I came into the company and this product was already here. I will say that I have removed a number of products from our vendor list during my first year, and have not considered removing Arctic Wolf - despite it being one of our costlier contracts. 

Arctic Wolf monitors all of the traffic through our firewall. It monitors events on each computer in our network using agents. We have detection and as many inputs as we can get, including inputs from our Sophos antivirus and from our duo two-factor authentication. They ingest and process all of those events. If anything looks like it might be a problem, they generate a ticket and we get an email.

We take a look at the ticket and tell them whether it's expected or unexpected, and whether we think it's serious. They also scan our network for critical updates that are missing on the exchange server and issue detailed instructions on how to get the patch and how to execute a workaround if necessary. Arctic Wolf gives very detailed information when they think there's a challenging threat.

Arctic Wolf is our eyes and ears 24/7 because we can't possibly watch all of our alerts. We may see all of these alerts, but our attention is distracted because we're working on other things. We're only working certain hours of the day, and we don't have the staff to look at alerts 24/7.

We get a lot of false alarms, but that's because they don't know our network in detail. I think that could be alleviated if we told them more about our network so they could create rules to skip some of those things. For instance, we've had alerts that people are coming onto the VPN from outside of Canada. If we told them that someone is going outside of Canada ahead of time, then they wouldn't alert us about it.

Our internal alerting systems generate 10 times as many false alerts, so they're actually doing pretty well.

It's very stable.

There are a couple of appliances that need to be used. It's somewhat challenging to set up because you need a special configuration in the network switches, which the firewalls are connected to.

I would rate this solution as nine out of ten. 

It's a good product. It covers us 24/7. It doesn't have nearly as many false alarms as our own internal alerting systems because they're weeding a lot of things out. There's a lot of proactive help if something important needs to be updated or if  there are workarounds that need to be applied.

It is for 24-hour monitoring of the network. We have risk management and detection.

Its deployment is hybrid. They have their sensors here. We install it ourselves, and they help us along.

They prevented a couple of attacks and alerted us when there was a big vulnerability.

The integration between Cisco AMPs and the Windows servers is most valuable. So, they can also sandbox machines on which they see something suspicious.

They could probably expand on their integration tools. They can integrate with more security tools.

They can expand their Linux flavors. I believe they only have Ubuntu and one more flavor.

We've had Arctic Wolf for a little bit over a year.

It is stable.

It is scalable. It gets used almost every day. We have only four admins who actually log into the portal to check the network and information. Each one is assigned and looks at a certain aspect of the network.

Their support is good. They have 24-hour support, and they're always a call away.

This is the first MDR solution we are using.

It was straightforward. The initial deployment took about a month, and then getting the Arctic Wolf clients literally for 600 devices took about three months.

We installed it ourselves, and they helped us along. You don't need many people for its deployment. You don't need to do a lot of work to deploy the software, but you do need money to implement it.

For its maintenance, you don't need many people. One person should be enough. We're an organization with more than a thousand devices. We have one technician or engineer who looks into how to deploy the patches in the quickest way.

It is more expensive than CrowdStrike, but it also has more features. I don't remember the amount, but I do remember that it was on the higher side. 

I believe we have five sensors, and the sensors have a yearly cost. We don't have any additional costs, but I know that if we have more features, they will add to the cost.

We evaluated CrowdStrike, and we also evaluated a Cisco product. 

It is a straightforward solution. It is not complicated. Its deployment is also straightforward.

I would rate it a 10 out of 10. They alerted us when there was a big vulnerability, so we're happy with their solution.