Arctic Wolf Managed Detection and Response Reviews

They function as our CISO, providing guidance and assistance in establishing our security practices as our Chief Security Officer.

They have been instrumental in setting up our security response, managing our firewalls, switches, cloud environments, and endpoints, and guiding us to ensure our users' safety with login and other security practices. Their expertise and support make them a valuable resource for all things related to security.

We can effectively manage the massive amounts of security data that we receive from various sources such as firewalls, switches, endpoints, and other log sources. They help us filter out the noise and extract meaningful insights that lead us to the necessary action points.

In the security industry, there is always room for improvement, and Arctic Wolf ensures that we are continuously updated on areas that require improvement.

They keep us informed about the latest security developments and suggest ways to enhance our security posture. 

It's challenging to identify areas where they could improve as they already do an excellent job of staying up to date with the latest security trends. However, the security landscape is constantly evolving, requiring significant energy and effort to keep pace with.

I can't think of any specific features that they need to add at the moment. As long as they continue to develop new solutions to support different operating systems and technologies, we are satisfied with their service. 

We appreciate the effort they put into adding new features and functionality to their service and believe they are doing a great job in providing us with all the necessary tools and resources to stay secure.

We are in our third year of using Artic Wolf Managed Detection and Response.

It is a Software as a Service (SaaS) that is constantly updated, and there is no versioning since it is the only solution we use.

I would rate the stability of Artice Wolf Managed Detection and Response a nine out of ten.

I would rate the scalability a nine out of ten. I never give anything a ten.

Their solution helps protect our entire company, which includes about 130 employees. However, only three of us directly interact with Arctic Wolf.

Although the IT team may expand in the future, the use of Arctic Wolf's solution is widespread across our company and protects everyone. 

While everyone in the company benefits from the protection it provides, only the three of us directly communicate with Arctic Wolf. 

However, the rest of the company uses the software and the protection without necessarily knowing it.

I would rate the technical support a nine out of ten.

We use both Artic Wolf Managed Detection and Response and Artic Wolf Managed Risk.

I have been using Artic Wolf Managed Risk for a little over a year.

We are working with the latest version.

We offer two products: one specifically designed for managing network security, and the other for providing training to your associates.

The initial setup was very straightforward.

They provided us with a seamless onboarding experience, and their team guided us through the process of setting up both cloud and on-premise equipment. 

They ensured that we had everything set up correctly and even conducted tests to confirm its efficacy. 

Their onboarding team did an excellent job of helping us move the project forward from its initial stages to where we are now in our security journey.

Calculating the return on investment can be challenging in this type of scenario because ideally, you don't want to experience any security incidents that would require the use of the service. It's similar to insurance in that it's something you pay for but hope to never have to use.

I find their pricing to be reasonable and competitive. While it may not be the cheapest option available, it is fair when compared to other solutions in the market.

Arctic Wolf is a partner of ours.

I highly recommend Arctic Wolf if you are searching for a partner to assist you in securing your network and if your company is not large enough to afford a full-time CISO on its own.

I would rate Arctic Wolf Managed Detection and Response a nine out of ten.

We use ArcticWolf as our security operations center (SOC) and managed detect and response (MDR) provider. The primary use case for us was to augment our existing team with additional resources. We did not have the tools or skillsets available, and outsourcing to someone who does makes the most sense. 

Our current environment consists of offices/staff around the globe, a few servers, lots of cloud applications, and devices always on the move. We rely heavily on Office 365 and various communication tools to keep our staff connected.

Before bringing on ArcticWolf, it was a guessing game as to the risks we were actually facing. Everyone knows it's a matter of when - not if. However, you can never be sure how it's going to happen. With a small internal team, you cannot be everywhere. We knew we had to do something. 

Bringing on AW allowed us to:

• Augment our existing staff without having to hire internally
• Gain insight into areas of the environment we didn't have before
• Identify areas for improvement in our processes/cybersecurity
• Add to our toolkit without having to acquire/support the technology (e.g. SIEM)
• Reduced our risk

The most valuable features for our organization and team are:

• System Information and Event Manager (SIEM) - we didn't have to research, select, or implement this unwieldy technology. 
  
• Security Operations Center (SOC) (helps us not to have to hire)
• Having quarterly meetings with the team to review the last 90 days and determine what if any changes need to be made
• Having regular reporting for the various systems that integrate with ArcticWolf systems
• Easily accessible/digestible dashboard that displays all of there pertinent information

While we truly enjoy working with ArcticWolf and have gained peace of mind from doing so, as with anything, there can be some improvements, such as:

• An easier way to audit and act on agents
• You shouldn't have to pay extra to view the logs you're storing (we can raise tickets to have them reviewed. That said, we would like both options without paying extra)
• Quicker responses when questions are asked
• Additional help with digging into alerts to resolve them

I've used the solution for two years.

It's stable. We haven't had any issues. 

The solution will scale as it's up to them to make sure they have the resources available. Keep in mind, since you need resources to "own" this part of your IT, you may need to scale as well (albeit on a much smaller scale).

We haven't had to work with technical support very much (a testament to the product). However, when we have, it's been good, responsive service. 

Positive

We did not have another solution in place. 

It was straightforward to set up. That said, we had someone who knew networking and was diligent in making sure things were done properly. Also, they knew enough to ask the right questions during deployment. 

We handled the setup in-house.

It is hard to calculate the ROI when dealing with most cyber security items as if threats don't get you, you don't really know about them. They've been there when we needed them. As far as I'm concerned, this is money well spent. Plus, we didn't have to go out and get our own SIEM and find someone to manage it. 

They've been pretty reasonable about pricing/licensing. I do advise, like any project, that new companies assign a dedicated resource and make sure to properly plan the deployment. There is a lot to do, and they cannot do it all for you. 

We looked at various SIEM solutions (e.g., Splunk) and a Crowdstrike partner. 

This is not a set-and-forget solution. You do need to make sure to pay attention to alerts and reports, and you will need to adjust things as you go along. They are an extension of your team, not one that stays on an island. 

The solution helps monitor our endpoints and network traffic. It alerts us whenever something's going down. It has been pretty helpful.

The product helps with visibility.

The agents that are installed help detect threats. The agents give pretty good visibility into what is happening at the endpoint. The response to threats is pretty quick. Depending on the severity, the team sends an email or gives us a direct call. The weekly and monthly reports through the dashboard are helpful.

It will be helpful if the dashboard is more granular. The vendor must allow us to see what they see on their end.

I have been using the solution for three months.

I rate the tool’s stability a nine out of ten. The product hasn’t gone down since we have had it.

We have around 1000 users.

We have 24/7 support. It’s like an extension of the department. The technical support is pretty helpful. Someone's always there to help us.

Positive

The initial setup is pretty straightforward. The documentation is pretty good. I rate the ease of setup an eight out of ten. It is a SaaS solution. Two network engineers can deploy the product. We have network engineers and analysts on our team. We make sure the agents are not degraded. Most of the maintenance is done by the vendor.

The pricing is pretty competitive.

I will recommend the solution to others. It provides more visibility into the environment. If the staff is pretty short-handed, it helps out. Overall, I rate the product a nine out of ten.

For a company with one sole dedicated cybersecurity professional, Arctic Wolf provides invaluable managed detection and response plus cyber awareness services with a strong focus on customer support.  

I've worked at other companies and have experience dealing with other vendors.  Unlike those other vendors, Arctic Wolf engineers go above and beyond what is expected of them, from generating custom reports to providing guidance on a variety of security issues.  

I know of three other firms who've migrated their managed detection and response from other vendors to Arctic Wolf and are really happy with Arctic Wolf.

Arctic Wolf unburdened me from day-to-day alert monitoring.  

In addition to that, the regularly scheduled quarterly update meetings are invaluable. They provide a good review of events at my firm, provide suggestions for improving security and alert me of the latest trends and attack vectors and how best to mitigate them. This allowed me to focus on building and improving our cyber security program rather than spend my time troubleshooting endless alerts and ticket hunting. Arctic Wolf is also a key pillar in our risk reduction strategy.

Arctic Wolf is laser-focused on providing top-notch customer service. For a company with one dedicated cybersecurity professional, Arctic Wolf provides invaluable managed detection and response plus cyber awareness services. 

They have a strong focus on customer support. I've worked at other companies and have experience dealing with other vendors. Unlike those other vendors, Arctic Wolf engineers go above and beyond what is expected of them, from generating custom reports to providing guidance on various security issues.

Third-party vendor management is an ever-increasing risk vector. We hate sending these out, and we hate when other vendors send them to us. Companies spend a lot of time and effort reaching out to their vendors with time-consuming questionnaires and endless follow-ups. For a small company like ours, it's a challenge dedicating resources to ensure this gets done. It would be great if that burden could be offloaded and/or the whole process of determining vendor risk could be simplified by Arctic Wolf.

I've used the solution for four years.

We previously dealt with Secureworks.

I would advise others to negotiate and don't underestimate the quality of support, especially for smaller teams.

We also evaluated eSentire.

We needed more eyes on the prize and Microsoft performance reporting is severely lacking for security compliance as geo blocking in the firewall can only address a small part of the attack grid. It's nice to know that people and machine learning are monitoring my environment for known assaults and unusual behaviors. 

Being a small business we just can't afford to have a full time security engineer and Arctic Wolf gives us the tools and services the big boys have at a reasonable cost. 

With the playing field always changing, it is nice to know our backs are covered.

We did not have any advanced tools in place for security monitoring. 

Personally, I love having Big Brother (Blue Eyed Wolf?) watching and it is nice to sleep well knowing 24/7 my network is being protected. 

After an easy onboarding, the monitoring started immediately. 

We also run AV on work stations. There was an instance when AWN notified us of a malware download before the end point monitors kicked in. We immediately shut down and reimaged the machine. 

We feel very strongly that we picked the best solution for our organization.

The weekly reports are great. I very much appreciate having a quick review of what occurred over the last seven days. I can't give enough kudos to the folks in the SOC. They are friendly, professional, and always available. Even tickets I put in for educational purposes are responded to quickly, and answers are specific. I enjoy not having to rephrase a question due to a generic response. 

The new dashboard is visually appealing, and I can drill down with just a couple of clicks for details. It offers great, easy navigation.

The service is fabulous. AWN is one vendor I don't mind having to call. It doesn't matter what urgency you put on the ticket - all I have entered have always received fast replies. Also, this solution offers huge peace of mind. I know I can pick up the phone and get a live person and not be trapped in a looping call tree. 

In the future, I would like to see a summary report. One of my bosses is on the distribution, and I spend time every Monday explaining what the reports mean. Graphs are nice visuals and would help communicate what's happening more effectively.

I've used the solution for 15 months. 

The solution is extremely stable. We have not had a single issue with any of the agents.

The solution is very scalable. Our environment is pretty stagnant, however, if I decided to add a server farm, it's just a click, and we pay a little more.

Technical support has been excellent. We haven't had a customer service issue; I have had a few tickets to ask questions, and they have been all handled with high urgency, even if they are not.

Positive

I did not previously use a different solution. I had been asking management and had a budget line item for security services for three years. My request was finally approved.

The setup is straightforward. The documentation was detailed, and the implementation team was available to explain and assist.

The implementation was done with the assistance of a vendor team. I was a bit sad when I was notified that I would be moving from the implementation to the account management team. However, every person I have worked with has been wonderful. 

We've witnessed an ROI after three years on software and five on hardware.

The setup was not hard. The implementation was very straightforward, and the team was knowledgeable and easy to work with. Compared to other vendors, licensing was a dream. The cost comes down to what people think their protection is worth. I have no qualms about approving AWN invoices for payment.

I did evaluate Sophos, Red Canary, Crowdstrike, and several others that only included monitoring without any security services.

I will be required to obtain additional quotes when our term is up. That said,  unless there is a sleeper that will be coming up in the field, I intend to negotiate a renewal.

Arctic Wolf monitors all of the traffic through our firewall. It monitors events on each computer in our network using agents. We have detection and as many inputs as we can get, including inputs from our Sophos antivirus and from our duo two-factor authentication. They ingest and process all of those events. If anything looks like it might be a problem, they generate a ticket and we get an email.

We take a look at the ticket and tell them whether it's expected or unexpected, and whether we think it's serious. They also scan our network for critical updates that are missing on the exchange server and issue detailed instructions on how to get the patch and how to execute a workaround if necessary. Arctic Wolf gives very detailed information when they think there's a challenging threat.

Arctic Wolf is our eyes and ears 24/7 because we can't possibly watch all of our alerts. We may see all of these alerts, but our attention is distracted because we're working on other things. We're only working certain hours of the day, and we don't have the staff to look at alerts 24/7.

We get a lot of false alarms, but that's because they don't know our network in detail. I think that could be alleviated if we told them more about our network so they could create rules to skip some of those things. For instance, we've had alerts that people are coming onto the VPN from outside of Canada. If we told them that someone is going outside of Canada ahead of time, then they wouldn't alert us about it.

Our internal alerting systems generate 10 times as many false alerts, so they're actually doing pretty well.

It's very stable.

There are a couple of appliances that need to be used. It's somewhat challenging to set up because you need a special configuration in the network switches, which the firewalls are connected to.

I would rate this solution as nine out of ten. 

It's a good product. It covers us 24/7. It doesn't have nearly as many false alarms as our own internal alerting systems because they're weeding a lot of things out. There's a lot of proactive help if something important needs to be updated or if  there are workarounds that need to be applied.

We use them as our managed doc. Instead of hiring a security specialist, we'd rather pay for a solution and have them monitor our network for any intrusion detection, and geotagging, and that's our use case - to use it to protect our company.

For us, the best aspect is not having to hire someone. We have an appliance do the job for us and automatically notify us versus hiring a staff member who we then have to pay. For us, the benefit is it keeps us safe as well as integrates with our other products. For example, we use CrowdStrike as well, which it integrates with, and we use Azure, and Office 365, which also integrates with it. This solution just saves us time. It does all of the scanning and monitoring and lets us know what is going on versus having a staff member do it.

I love their portal and their communication style. They provide useful quarterly updates.

The solution is very stable.

It can scale just fine.

Support is helpful.

The initial setup is pretty straightforward. 

It's nitpicky; however, if it could integrate with more of our products, like our CRM, that would be ideal. They may only integrate with Salesforce. We use a different mid-market CRM. We'd like to see integrations with Marketo and other software. 

It can be a bit expensive. 

We've had this solution since 2020.

I haven't had any issues with the stability. It's reliable. There aren't bugs or glitches, and it doesn't crash or freeze. 

The solution can scale. We have a buffer built into the account as we are growing and intend to scale to cover more people. Our current user base ranges from 230 to 300 endpoints. 

We've dealt with technical support in the past, and they have been great.

Positive

While we have used an antivirus previously, we haven't used anything quite like Arctic Wolf. We chose Arctic Wolf as it integrated with our antivirus and had a strong global presence. 

In terms of deployment, they had sent two devices out to us. My network team installed them, and then we currently rolled them out by endpoint to each device. For every computer we set up, we put their product on it.

There were two of us that handled the deployment process. The implementation happened over a couple of days. However, the actual work may have only taken five hours. 

We don't have to maintain anything. they have a direct connection and can maintain it for us. 

The ROI is keeping our business up and running. We have not been down, nor have we had any ransomware attacks or any intrusion into our network in the past three years.

The pricing is a bit on the higher side. 

We have additional software to go along with it. We kept the logging for more than 90 days as well as integrated it with our Office 365.

We did evaluate other options before choosing this solution. 

While we have an appliance on-premies, it is available on the cloud as well. 

We are using the latest version of the solution. 

The solution does what they say. They don't overpromise and underdeliver. They actually do what their product's supposed to do, and I find that's very hard with vendors. When you deal with the salesperson and then you get the implementation, there are things missing. With Arctic Wolf, you get exactly what you're supposed to get, and it works. I have not had any downtime.

I'd rate the solution ten out of ten. They're one of the only vendors I would actually give references for.

Having Arctic Wolf sensors and the stand-alone traffic-mirroring appliance within our network provides secure copies of critical logs as well as rapid analysis and response when there is unusual behavior within our network. 

This service is our primary anomaly detection tool. In concert with our endpoint security and our frequent vulnerability scans, Arctic Wolf provides an active review of threat signatures and unexpected events that allows our operations and security team to sleep better at night. 

This service makes answering audits much easier since it covers so many security best practices. Therefore, any of the popular frameworks are covered by this managed detection and response service.

The real-time monitoring is very real-time. We usually get an alert from Arctic Wolf just as someone on our team says 'oops, I locked my admin account' or 'I just created the new admin account on our device'.

The customer service is excellent. They offer very quick responses to active tickets, and we get great responses from the account reps as well. In a world with thousands of startup security vendors offering various flavors of 'AI-enhanced' snake oil, Arctic Wolf provides an obvious security service well. 

The quarterly reviews provide an excellent cadence to help organize our security priorities and help set thresholds to improve our signal/noise ratio, as well as provide a quick overview of the entire threat landscape to our full team. 

The default emailed reports are great for building our audit defense and helping us to meet the requirements of both state and independent auditors. 

The ticketing system is adequate, although the formatting of the auto-generated ticket emails could be updated to a more modern and cleaner style. 

This product is very feature-rich. I would actually be interested in having fewer features at a lower price. The problem is that the active responses require a high level of technical staffing and I expect it's hard to scale that down.

I am also interested in the new features which allow the customer access to the raw log repositories and the analysis tools provided by AW, however, I cannot justify the expense or time of adding those features at this time. Overall it is a very appropriately sized product that does not try to do everything. 

My company has been using this for several years. However, I have only been here using it for one year. 

The solution is very stable. 

It's great for a company our size (~100 employees in total, some on-site IT services, and ~5 network/systems/helpdesk staff). 

Customer support and service are basically what you are paying for. The technical pieces of the solution are great, however, the ticket response and the quarterly reviews are where the real value is. 

Positive

I am not sure if something was used previously as I've only been in this role with this company for one year. 

I wasn't part of the setup. The maintenance and reconfiguration (from in-line to mirrored traffic capture of the hardware device) have been simple and well-supported. 

We would require around 0.75 technical FTE to do the work of this solution, which we could not do for the price. 

In general, it's worth it. If you have any regulatory compliance requirements or other external requirements on your information security approach and you do not have a massive internal team to handle log analysis and similar tasks, this is a great solution. 

I did not choose this solution. I came into the company and this product was already here. I will say that I have removed a number of products from our vendor list during my first year, and have not considered removing Arctic Wolf - despite it being one of our costlier contracts.