Arctic Wolf Managed Detection and Response Reviews

We needed more eyes on the prize and Microsoft performance reporting is severely lacking for security compliance as geo blocking in the firewall can only address a small part of the attack grid. It's nice to know that people and machine learning are monitoring my environment for known assaults and unusual behaviors. 

Being a small business we just can't afford to have a full time security engineer and Arctic Wolf gives us the tools and services the big boys have at a reasonable cost. 

With the playing field always changing, it is nice to know our backs are covered.

We did not have any advanced tools in place for security monitoring. 

Personally, I love having Big Brother (Blue Eyed Wolf?) watching and it is nice to sleep well knowing 24/7 my network is being protected. 

After an easy onboarding, the monitoring started immediately. 

We also run AV on work stations. There was an instance when AWN notified us of a malware download before the end point monitors kicked in. We immediately shut down and reimaged the machine. 

We feel very strongly that we picked the best solution for our organization.

The weekly reports are great. I very much appreciate having a quick review of what occurred over the last seven days. I can't give enough kudos to the folks in the SOC. They are friendly, professional, and always available. Even tickets I put in for educational purposes are responded to quickly, and answers are specific. I enjoy not having to rephrase a question due to a generic response. 

The new dashboard is visually appealing, and I can drill down with just a couple of clicks for details. It offers great, easy navigation.

The service is fabulous. AWN is one vendor I don't mind having to call. It doesn't matter what urgency you put on the ticket - all I have entered have always received fast replies. Also, this solution offers huge peace of mind. I know I can pick up the phone and get a live person and not be trapped in a looping call tree. 

In the future, I would like to see a summary report. One of my bosses is on the distribution, and I spend time every Monday explaining what the reports mean. Graphs are nice visuals and would help communicate what's happening more effectively.

I've used the solution for 15 months. 

The solution is extremely stable. We have not had a single issue with any of the agents.

The solution is very scalable. Our environment is pretty stagnant, however, if I decided to add a server farm, it's just a click, and we pay a little more.

Technical support has been excellent. We haven't had a customer service issue; I have had a few tickets to ask questions, and they have been all handled with high urgency, even if they are not.

Positive

I did not previously use a different solution. I had been asking management and had a budget line item for security services for three years. My request was finally approved.

The setup is straightforward. The documentation was detailed, and the implementation team was available to explain and assist.

The implementation was done with the assistance of a vendor team. I was a bit sad when I was notified that I would be moving from the implementation to the account management team. However, every person I have worked with has been wonderful. 

We've witnessed an ROI after three years on software and five on hardware.

The setup was not hard. The implementation was very straightforward, and the team was knowledgeable and easy to work with. Compared to other vendors, licensing was a dream. The cost comes down to what people think their protection is worth. I have no qualms about approving AWN invoices for payment.

I did evaluate Sophos, Red Canary, Crowdstrike, and several others that only included monitoring without any security services.

I will be required to obtain additional quotes when our term is up. That said,  unless there is a sleeper that will be coming up in the field, I intend to negotiate a renewal.

For a company with one sole dedicated cybersecurity professional, Arctic Wolf provides invaluable managed detection and response plus cyber awareness services with a strong focus on customer support.  

I've worked at other companies and have experience dealing with other vendors.  Unlike those other vendors, Arctic Wolf engineers go above and beyond what is expected of them, from generating custom reports to providing guidance on a variety of security issues.  

I know of three other firms who've migrated their managed detection and response from other vendors to Arctic Wolf and are really happy with Arctic Wolf.

Arctic Wolf unburdened me from day-to-day alert monitoring.  

In addition to that, the regularly scheduled quarterly update meetings are invaluable. They provide a good review of events at my firm, provide suggestions for improving security and alert me of the latest trends and attack vectors and how best to mitigate them. This allowed me to focus on building and improving our cyber security program rather than spend my time troubleshooting endless alerts and ticket hunting. Arctic Wolf is also a key pillar in our risk reduction strategy.

Arctic Wolf is laser-focused on providing top-notch customer service. For a company with one dedicated cybersecurity professional, Arctic Wolf provides invaluable managed detection and response plus cyber awareness services. 

They have a strong focus on customer support. I've worked at other companies and have experience dealing with other vendors. Unlike those other vendors, Arctic Wolf engineers go above and beyond what is expected of them, from generating custom reports to providing guidance on various security issues.

Third-party vendor management is an ever-increasing risk vector. We hate sending these out, and we hate when other vendors send them to us. Companies spend a lot of time and effort reaching out to their vendors with time-consuming questionnaires and endless follow-ups. For a small company like ours, it's a challenge dedicating resources to ensure this gets done. It would be great if that burden could be offloaded and/or the whole process of determining vendor risk could be simplified by Arctic Wolf.

I've used the solution for four years.

We previously dealt with Secureworks.

I would advise others to negotiate and don't underestimate the quality of support, especially for smaller teams.

We also evaluated eSentire.

Arctic Wolf monitors all of the traffic through our firewall. It monitors events on each computer in our network using agents. We have detection and as many inputs as we can get, including inputs from our Sophos antivirus and from our duo two-factor authentication. They ingest and process all of those events. If anything looks like it might be a problem, they generate a ticket and we get an email.

We take a look at the ticket and tell them whether it's expected or unexpected, and whether we think it's serious. They also scan our network for critical updates that are missing on the exchange server and issue detailed instructions on how to get the patch and how to execute a workaround if necessary. Arctic Wolf gives very detailed information when they think there's a challenging threat.

Arctic Wolf is our eyes and ears 24/7 because we can't possibly watch all of our alerts. We may see all of these alerts, but our attention is distracted because we're working on other things. We're only working certain hours of the day, and we don't have the staff to look at alerts 24/7.

We get a lot of false alarms, but that's because they don't know our network in detail. I think that could be alleviated if we told them more about our network so they could create rules to skip some of those things. For instance, we've had alerts that people are coming onto the VPN from outside of Canada. If we told them that someone is going outside of Canada ahead of time, then they wouldn't alert us about it.

Our internal alerting systems generate 10 times as many false alerts, so they're actually doing pretty well.

It's very stable.

There are a couple of appliances that need to be used. It's somewhat challenging to set up because you need a special configuration in the network switches, which the firewalls are connected to.

I would rate this solution as nine out of ten. 

It's a good product. It covers us 24/7. It doesn't have nearly as many false alarms as our own internal alerting systems because they're weeding a lot of things out. There's a lot of proactive help if something important needs to be updated or if  there are workarounds that need to be applied.

Having Arctic Wolf sensors and the stand-alone traffic-mirroring appliance within our network provides secure copies of critical logs as well as rapid analysis and response when there is unusual behavior within our network. 

This service is our primary anomaly detection tool. In concert with our endpoint security and our frequent vulnerability scans, Arctic Wolf provides an active review of threat signatures and unexpected events that allows our operations and security team to sleep better at night. 

This service makes answering audits much easier since it covers so many security best practices. Therefore, any of the popular frameworks are covered by this managed detection and response service.

The real-time monitoring is very real-time. We usually get an alert from Arctic Wolf just as someone on our team says 'oops, I locked my admin account' or 'I just created the new admin account on our device'.

The customer service is excellent. They offer very quick responses to active tickets, and we get great responses from the account reps as well. In a world with thousands of startup security vendors offering various flavors of 'AI-enhanced' snake oil, Arctic Wolf provides an obvious security service well. 

The quarterly reviews provide an excellent cadence to help organize our security priorities and help set thresholds to improve our signal/noise ratio, as well as provide a quick overview of the entire threat landscape to our full team. 

The default emailed reports are great for building our audit defense and helping us to meet the requirements of both state and independent auditors. 

The ticketing system is adequate, although the formatting of the auto-generated ticket emails could be updated to a more modern and cleaner style. 

This product is very feature-rich. I would actually be interested in having fewer features at a lower price. The problem is that the active responses require a high level of technical staffing and I expect it's hard to scale that down.

I am also interested in the new features which allow the customer access to the raw log repositories and the analysis tools provided by AW, however, I cannot justify the expense or time of adding those features at this time. Overall it is a very appropriately sized product that does not try to do everything. 

My company has been using this for several years. However, I have only been here using it for one year. 

The solution is very stable. 

It's great for a company our size (~100 employees in total, some on-site IT services, and ~5 network/systems/helpdesk staff). 

Customer support and service are basically what you are paying for. The technical pieces of the solution are great, however, the ticket response and the quarterly reviews are where the real value is. 

Positive

I am not sure if something was used previously as I've only been in this role with this company for one year. 

I wasn't part of the setup. The maintenance and reconfiguration (from in-line to mirrored traffic capture of the hardware device) have been simple and well-supported. 

We would require around 0.75 technical FTE to do the work of this solution, which we could not do for the price. 

In general, it's worth it. If you have any regulatory compliance requirements or other external requirements on your information security approach and you do not have a massive internal team to handle log analysis and similar tasks, this is a great solution. 

I did not choose this solution. I came into the company and this product was already here. I will say that I have removed a number of products from our vendor list during my first year, and have not considered removing Arctic Wolf - despite it being one of our costlier contracts. 

I was subject to a malware attack and after it took us three full months to fully recover from that, I decided to make sure I was never in that position again.  Arctic Wolf was referred to me by my MSP who I have a long-standing relationship with. It was an excellent suggestion.  

It has improved my security position to where my business is now safe, and I don't have to constantly worry about another attack! That's invaluable to me. 

They have a portal where you can evaluate and mitigate any vulnerabilities that you and your network might have. This is a fantastic tool to help you secure your environment.

The only thing I would say is that if they gave some lessons on some risks and how to help mitigate those risks, that could be helpful. If you are not in the security field, this can be difficult to figure out from time to time.

I have been using Arctic Wolf for almost two years now and couldn't be happier with the service.  

The stability is very, very good. 

The scalability is very, very good. 

I did not have a previous solution. 

The initial setup is more complex than I would have liked. I wish I would have been able to do more myself instead of having outside IT guys do it.  

I had assistance from a vendor team. They were from my MSP so they were excellent. 

The solution provides excellent ROI. 

I'd advise others to weigh the ROI carefully with how much work they will have to do versus what the SOC does. In my case, I run multiple other businesses, so I knew I needed a solution that was more turnkey than most. 

I evaluated a dozen other potential solutions. 

Go with Arctic Wolf - you won't regret it. I just signed on for three more years after only signing for one year, then again for a second single year.  My experience has been so good that I signed up for three full years this time.  

The solution helps monitor our endpoints and network traffic. It alerts us whenever something's going down. It has been pretty helpful.

The product helps with visibility.

The agents that are installed help detect threats. The agents give pretty good visibility into what is happening at the endpoint. The response to threats is pretty quick. Depending on the severity, the team sends an email or gives us a direct call. The weekly and monthly reports through the dashboard are helpful.

It will be helpful if the dashboard is more granular. The vendor must allow us to see what they see on their end.

I have been using the solution for three months.

I rate the tool’s stability a nine out of ten. The product hasn’t gone down since we have had it.

We have around 1000 users.

We have 24/7 support. It’s like an extension of the department. The technical support is pretty helpful. Someone's always there to help us.

Positive

The initial setup is pretty straightforward. The documentation is pretty good. I rate the ease of setup an eight out of ten. It is a SaaS solution. Two network engineers can deploy the product. We have network engineers and analysts on our team. We make sure the agents are not degraded. Most of the maintenance is done by the vendor.

The pricing is pretty competitive.

I will recommend the solution to others. It provides more visibility into the environment. If the staff is pretty short-handed, it helps out. Overall, I rate the product a nine out of ten.

I've had a lot of customers use Arctic Wolf AWN CyberSOC and love it. With Arctic Wolf AWN CyberSOC, they can save, in a lot of cases, hundreds of thousands of dollars by not hiring a security team.

What's valuable about Arctic Wolf AWN CyberSOC is the cost savings it provides for companies that no longer have to hire a bunch of security people and pay for a SIM.

Overall, it's a pretty good product.

We don't have many customers who complain about Arctic Wolf AWN CyberSOC. However, their new licensing model has room for improvement because of the limited user SKU. Many users do not necessarily use telemetry so they should not be charged for it.

I would like to see them build the ability to co-sell an EDR platform, manage an EDR or manage the actual response, potentially from the issues that are coming up from the security risks.

I have been using Arctic Wolf AWN CyberSOC for two to three years. 

Arctic Wolf AWN CyberSOC is very stable. 

Arctic Wolf AWN CyberSOC scales well unless you have a lot of locations and you need a lot of physical sensors. This is because Arctic Wolf AWN CyberSOC is hybrid and organizations have to put sensors on big telemetry sites. If you have a lot of locations, then the costs can be kind of high. But it's scalable because they don't charge for ingestion and things like that.

We currently have some 20 customers using it. Specifically, within organizations, IT departments work with Arctic Wolf AWN CyberSOC, in addition to CIOs, CISOs, directors of IT, and CFOs.

Our customers are happy with Arctic Wolf's tech support. 

Positive

Many of our customers did not use a different solution before deploying Arctic Wolf AWN CyberSOC.  

The initial setup is very easy. Their team helps you with it. 

Deployment usually takes about a week or two or a total of about 10 to 15 hours depending on the environment. 

It's one of the fastest growing technologies and services out there in the space. We will continue to use it.

You just need one person from your team to facilitate deployment, but Arctic Wolf will set it up for you.

Arctic Wolf AWN CyberSOC is not software, it's a service. How much it costs will depend on the number of users and the amount of data and servers. The price varies. For example, a 100-person shop might cost 40,000 a year.

The advice I would give to others looking into implementing this service is to strongly consider deploying with a MDR provider instead of in-house.

Overall, I would give Arctic Wolf AWN CyberSOC a nine out of 10. It is a good product. 

We use them as our managed doc. Instead of hiring a security specialist, we'd rather pay for a solution and have them monitor our network for any intrusion detection, and geotagging, and that's our use case - to use it to protect our company.

For us, the best aspect is not having to hire someone. We have an appliance do the job for us and automatically notify us versus hiring a staff member who we then have to pay. For us, the benefit is it keeps us safe as well as integrates with our other products. For example, we use CrowdStrike as well, which it integrates with, and we use Azure, and Office 365, which also integrates with it. This solution just saves us time. It does all of the scanning and monitoring and lets us know what is going on versus having a staff member do it.

I love their portal and their communication style. They provide useful quarterly updates.

The solution is very stable.

It can scale just fine.

Support is helpful.

The initial setup is pretty straightforward. 

It's nitpicky; however, if it could integrate with more of our products, like our CRM, that would be ideal. They may only integrate with Salesforce. We use a different mid-market CRM. We'd like to see integrations with Marketo and other software. 

It can be a bit expensive. 

We've had this solution since 2020.

I haven't had any issues with the stability. It's reliable. There aren't bugs or glitches, and it doesn't crash or freeze. 

The solution can scale. We have a buffer built into the account as we are growing and intend to scale to cover more people. Our current user base ranges from 230 to 300 endpoints. 

We've dealt with technical support in the past, and they have been great.

Positive

While we have used an antivirus previously, we haven't used anything quite like Arctic Wolf. We chose Arctic Wolf as it integrated with our antivirus and had a strong global presence. 

In terms of deployment, they had sent two devices out to us. My network team installed them, and then we currently rolled them out by endpoint to each device. For every computer we set up, we put their product on it.

There were two of us that handled the deployment process. The implementation happened over a couple of days. However, the actual work may have only taken five hours. 

We don't have to maintain anything. they have a direct connection and can maintain it for us. 

The ROI is keeping our business up and running. We have not been down, nor have we had any ransomware attacks or any intrusion into our network in the past three years.

The pricing is a bit on the higher side. 

We have additional software to go along with it. We kept the logging for more than 90 days as well as integrated it with our Office 365.

We did evaluate other options before choosing this solution. 

While we have an appliance on-premies, it is available on the cloud as well. 

We are using the latest version of the solution. 

The solution does what they say. They don't overpromise and underdeliver. They actually do what their product's supposed to do, and I find that's very hard with vendors. When you deal with the salesperson and then you get the implementation, there are things missing. With Arctic Wolf, you get exactly what you're supposed to get, and it works. I have not had any downtime.

I'd rate the solution ten out of ten. They're one of the only vendors I would actually give references for.