Arctic Wolf Managed Detection and Response Reviews

I was subject to a malware attack and after it took us three full months to fully recover from that, I decided to make sure I was never in that position again.  Arctic Wolf was referred to me by my MSP who I have a long-standing relationship with. It was an excellent suggestion.  

It has improved my security position to where my business is now safe, and I don't have to constantly worry about another attack! That's invaluable to me. 

They have a portal where you can evaluate and mitigate any vulnerabilities that you and your network might have. This is a fantastic tool to help you secure your environment.

The only thing I would say is that if they gave some lessons on some risks and how to help mitigate those risks, that could be helpful. If you are not in the security field, this can be difficult to figure out from time to time.

I have been using Arctic Wolf for almost two years now and couldn't be happier with the service.  

The stability is very, very good. 

The scalability is very, very good. 

I did not have a previous solution. 

The initial setup is more complex than I would have liked. I wish I would have been able to do more myself instead of having outside IT guys do it.  

I had assistance from a vendor team. They were from my MSP so they were excellent. 

The solution provides excellent ROI. 

I'd advise others to weigh the ROI carefully with how much work they will have to do versus what the SOC does. In my case, I run multiple other businesses, so I knew I needed a solution that was more turnkey than most. 

I evaluated a dozen other potential solutions. 

Go with Arctic Wolf - you won't regret it. I just signed on for three more years after only signing for one year, then again for a second single year.  My experience has been so good that I signed up for three full years this time.  

I've had a lot of customers use Arctic Wolf AWN CyberSOC and love it. With Arctic Wolf AWN CyberSOC, they can save, in a lot of cases, hundreds of thousands of dollars by not hiring a security team.

What's valuable about Arctic Wolf AWN CyberSOC is the cost savings it provides for companies that no longer have to hire a bunch of security people and pay for a SIM.

Overall, it's a pretty good product.

We don't have many customers who complain about Arctic Wolf AWN CyberSOC. However, their new licensing model has room for improvement because of the limited user SKU. Many users do not necessarily use telemetry so they should not be charged for it.

I would like to see them build the ability to co-sell an EDR platform, manage an EDR or manage the actual response, potentially from the issues that are coming up from the security risks.

I have been using Arctic Wolf AWN CyberSOC for two to three years. 

Arctic Wolf AWN CyberSOC is very stable. 

Arctic Wolf AWN CyberSOC scales well unless you have a lot of locations and you need a lot of physical sensors. This is because Arctic Wolf AWN CyberSOC is hybrid and organizations have to put sensors on big telemetry sites. If you have a lot of locations, then the costs can be kind of high. But it's scalable because they don't charge for ingestion and things like that.

We currently have some 20 customers using it. Specifically, within organizations, IT departments work with Arctic Wolf AWN CyberSOC, in addition to CIOs, CISOs, directors of IT, and CFOs.

Our customers are happy with Arctic Wolf's tech support. 

Positive

Many of our customers did not use a different solution before deploying Arctic Wolf AWN CyberSOC.  

The initial setup is very easy. Their team helps you with it. 

Deployment usually takes about a week or two or a total of about 10 to 15 hours depending on the environment. 

It's one of the fastest growing technologies and services out there in the space. We will continue to use it.

You just need one person from your team to facilitate deployment, but Arctic Wolf will set it up for you.

Arctic Wolf AWN CyberSOC is not software, it's a service. How much it costs will depend on the number of users and the amount of data and servers. The price varies. For example, a 100-person shop might cost 40,000 a year.

The advice I would give to others looking into implementing this service is to strongly consider deploying with a MDR provider instead of in-house.

Overall, I would give Arctic Wolf AWN CyberSOC a nine out of 10. It is a good product. 

It is for 24-hour monitoring of the network. We have risk management and detection.

Its deployment is hybrid. They have their sensors here. We install it ourselves, and they help us along.

They prevented a couple of attacks and alerted us when there was a big vulnerability.

The integration between Cisco AMPs and the Windows servers is most valuable. So, they can also sandbox machines on which they see something suspicious.

They could probably expand on their integration tools. They can integrate with more security tools.

They can expand their Linux flavors. I believe they only have Ubuntu and one more flavor.

We've had Arctic Wolf for a little bit over a year.

It is stable.

It is scalable. It gets used almost every day. We have only four admins who actually log into the portal to check the network and information. Each one is assigned and looks at a certain aspect of the network.

Their support is good. They have 24-hour support, and they're always a call away.

This is the first MDR solution we are using.

It was straightforward. The initial deployment took about a month, and then getting the Arctic Wolf clients literally for 600 devices took about three months.

We installed it ourselves, and they helped us along. You don't need many people for its deployment. You don't need to do a lot of work to deploy the software, but you do need money to implement it.

For its maintenance, you don't need many people. One person should be enough. We're an organization with more than a thousand devices. We have one technician or engineer who looks into how to deploy the patches in the quickest way.

It is more expensive than CrowdStrike, but it also has more features. I don't remember the amount, but I do remember that it was on the higher side. 

I believe we have five sensors, and the sensors have a yearly cost. We don't have any additional costs, but I know that if we have more features, they will add to the cost.

We evaluated CrowdStrike, and we also evaluated a Cisco product. 

It is a straightforward solution. It is not complicated. Its deployment is also straightforward.

I would rate it a 10 out of 10. They alerted us when there was a big vulnerability, so we're happy with their solution.

We use the tool for managed detection and response. 

The tool's most valuable feature is its ease of implementation. 

Arctic Wolf Managed Detection and Response's analysis and remediation parts could be improved. It's not bad, but it needs improvement. 

I have been working with the product for eight months. 

I rate Arctic Wolf Managed Detection and Response's stability a nine out of ten. 

I rate the tool's scalability a ten out of ten. My company has around 450 users who use it 24/7. 

We were using a product from a local Danish vendor. We switched to Arctic Wolf Managed Detection and Response for cost and capabilities. It  offered more features and better support, including superior threat intelligence feeds. 

I rate the tool's deployment an eight out of ten, which took nine weeks to complete with two resources. Operational maintenance is relatively minimal and very easy to manage. However, functional maintenance requires a skilled resource like me. The extent of personnel needed depends on the size of the organization. As the organization is not very large, I can handle it independently in my current role. However, I anticipate needing at least five or six people for maintenance tasks in a larger company, such as my previous role. The resource requirement aligns with the company's size.

We did Arctic Wolf Managed Detection and Response's deployment in-house. 

I rate the tool's pricing a nine out of ten. 

Before choosing a security solution, it's crucial to conduct thorough due diligence. Consider factors such as the vendor's approach, strategy, and compliance with data protection regulations like GDPR. Assess the vendor's data centers, their capabilities for shifting data around in case of issues, and their approach to DLP (Data Loss Prevention) detection. Evaluate whether the services offered align with your company's strategy and needs.

Review the different agreements provided by the vendor, including Managed Detection and Response, vulnerability management, and incident response features. Check if your existing cyber insurance can be utilized to cover expenses in case of a breach. Consider whether your organization requires services like vulnerability management and incident response, and choose accordingly.

I rate the product a ten out of ten. 

We are basically using it to catch things that we are missing in terms of alerts and other things. We are also using it to provide 24x7 coverage, which we just can't do.

It has sensors that are on-prem, but the data is kept in the cloud. All the alerting and consoles are also in the cloud, but it obviously needs to see our infrastructure in order to see anything that is going on.

It has provided just a little bit more peace of mind in terms of not having to be constantly on our toes and wondering if something is going on while we're trying to enjoy our weekends.

It gives us prescriptive guidance regarding how exactly to install the updates, etc. It doesn't do it for you, but it gives you good heads up and collects good information to let you hit the ground running instead of having to do the research yourself and maybe miss things.

We have also subscribed to an additional feature that they offer for vulnerability management and risk management. It a little bit outside of the SOC. They scan daily for vulnerabilities, and they perform them by using agents. They scan for vulnerabilities on a daily, weekly, or monthly basis based on your preference. They also do a brute force scan of all your equipment, acting like a hacker with a scanner, and then in the risk management console, they list all of your current vulnerabilities that have been detected and what level of risk they present. You can kind of attack the high-level ones first and work your way down. It gives you kind of an action plan. It gives you a place in the console to manage it. This is an additional module that isn't part of the primary Arctic Wolf SOC. It is Arctic Wolf's risk management. It has the same agents and same equipment, but it is an additional feature.

Whenever there is a major thing like Exchange vulnerabilities, it scans our Exchange server for indicators of compromise. It then alerts us and points exactly where we need to go to check for ourselves if it is normal or not.

They focus on detecting administrator-level control compromises. Because they're focusing more on administrator-level compromise, they are less able to see if an individual user has been compromised. It is, admittedly, very difficult because they don't know what normal human behavior is. If a hacker compromises a human account and then acts just like the human, how are you ever going to notice, unless you have some inside knowledge of how the company works? For example, they overlook account lockouts on user accounts, whereas in our own alerting system, we do not. We review every account lockout, and if it is bad, we contact the person, whereas they think of that as noise because they're more focused on the administrator-level compromise. This is not their fault. I'm sure this is common with all SOCs. They can't look at everything, so they look at the important stuff.

I have been using this solution since February. It has just been a few months.

Its stability is good.

It is scalable. If you have particular things that you want them to watch, they'll basically accept an unlimited amount of these additional alerts. If you say, "This should never happen on my network.", they will detect it and tell you whenever it happens. They allow you to customize the kinds of alerts. Something normally might not have been on their radar, but we know that this should never happen. So, for us, that's a definite indicator that an intruder is inside. So, we tell them, "Look at this. Alert us, and call us in the middle of the night if you see this because it is something bad. It may happen all the time in other networks, but it won't happen here."

Their support is good. If you have questions, you can call them or submit a ticket. They're good to work with. They phoned us about the Exchange vulnerability to walk us through that.

We hadn't used anything before.

Its initial setup is fairly straightforward. They put in a couple of appliances, and we have to tie them to our firewall. That's the tricky part. 

If you're monitoring network traffic going out through the firewall, then you would have to tap into the firewall traffic. Some do this, and some don't. Some only have agents, and some have historically been traffic-only. Nowadays, most companies are trying to do both, but some still focus mostly on traffic, and some still focus mostly on agents. I'm sure some focus mostly on just detecting indicators of compromise that they're aware of. They are only looking for those. They are not looking at traffic or agents. So, there're many ways to skin the cat, and different companies are taking or have gotten really good at different approaches. Arctic Wolf's approach is primarily traffic-based, agent-based alerting, and a little bit of indicators compromise.

In terms of duration, if you had all your ducks in a row, it would take a week to wrestle the firewall resources, move cables around, etc.

In terms of maintenance, it doesn't take too much maintenance. The SOC is basically very low maintenance. When they alert you, they need someone to talk to who has administrator access and can deal with the problem. They'll help you deal with the problem, but they don't deal with it for you. They still need on-the-ground company staff to actually take the actions needed to shut down a breach. Normally, we don't have to do much unless they indicate that there has been a compromise, which is fairly rare. It is kind of an all-or-nothing thing. You either have it, or you don't. We may fine-tune it, but it is just there in the background almost invisible, and then they tell you if there is a problem.

We had a consultant for the firewall configuration and the switch configuration. Our experience with them was fine. They manage our Cisco switches and firewalls. They were good.

It is difficult to know. If they managed to stop a major breach that we evaluate as really bad, they might have saved us $4 million, but there is no way to know. Did we prevent something from happening because we were on our toes or because they have a good risk management solution that helped us figure out the vulnerability and be proactive and avoid it altogether? It is hard to know whether they prevented something or not. It is like insurance.

I would rate Arctic Wolf AWN CyberSOC a nine out of ten.

We host many of our customers on the Arctic Wolf subseries in order to manage security events. We receive notifications and take appropriate action in terms of particular proper authentication. We also notify users if there are issues related to their access. We can login remotely. I'm the senior manager in our company. 

The product increases security for any company by detecting malware and preventing access to risky websites. 

Security protection is the best feature of this product. We get alarms or notifications when unauthorized access occurs. It's the reason we subscribe to the service and it's a user friendly product. 

I think the response time could be improved. It can sometimes take up to an hour to get notification of a problem and that's a long time. We currently report to users directly from our own dashboard. It would be helpful if they'd include a feature that would go directly to reports which would reduce the time between detection and communicating to industry partners.

Stability is good. Once we deploy it, it just works. 

Technical support falls somewhere between average and good, but we haven't had any major event to be able to evaluate this fully. 

We previously used a different solution but that was a couple of years ago and I can't recall the name. It was a startup company and the solution was not good. Response time was very poor. 

The initial setup is somewhat complex and requires deployment of hardware and software. Deployment time depends on the number of elements involved. If we have to configure 50 elements to deploy one box it can take up to three weeks. It requires planning. 

I believe the ROI is a reduced risk and a smaller team required for monitoring security operations. It doesn't require skilled resources to manage configuration.

Licensing is paid monthly with an annual contract which we can upgrade as needed. It's based on the number of users and number of elements. It's a fixed monthly rate based on the number of elements. It's pay-per-use. There are no additional costs. 

The management of this product requires a specialized skill. There are many complexities around deploying that consume a lot of time and effort. However, if you're highly security conscious, Arctic Wolf does a good job detecting incidents that come to your notice through your MSP partners. It's a choice between how critical security is for you. For large companies with high security requirements, it would make sense to have it in the cabinet.

I rate this solution a seven out of 10.