Arctic Wolf Managed Detection and Response Reviews

We use the tool for managed detection and response. 

The tool's most valuable feature is its ease of implementation. 

Arctic Wolf Managed Detection and Response's analysis and remediation parts could be improved. It's not bad, but it needs improvement. 

I have been working with the product for eight months. 

I rate Arctic Wolf Managed Detection and Response's stability a nine out of ten. 

I rate the tool's scalability a ten out of ten. My company has around 450 users who use it 24/7. 

We were using a product from a local Danish vendor. We switched to Arctic Wolf Managed Detection and Response for cost and capabilities. It  offered more features and better support, including superior threat intelligence feeds. 

I rate the tool's deployment an eight out of ten, which took nine weeks to complete with two resources. Operational maintenance is relatively minimal and very easy to manage. However, functional maintenance requires a skilled resource like me. The extent of personnel needed depends on the size of the organization. As the organization is not very large, I can handle it independently in my current role. However, I anticipate needing at least five or six people for maintenance tasks in a larger company, such as my previous role. The resource requirement aligns with the company's size.

We did Arctic Wolf Managed Detection and Response's deployment in-house. 

I rate the tool's pricing a nine out of ten. 

Before choosing a security solution, it's crucial to conduct thorough due diligence. Consider factors such as the vendor's approach, strategy, and compliance with data protection regulations like GDPR. Assess the vendor's data centers, their capabilities for shifting data around in case of issues, and their approach to DLP (Data Loss Prevention) detection. Evaluate whether the services offered align with your company's strategy and needs.

Review the different agreements provided by the vendor, including Managed Detection and Response, vulnerability management, and incident response features. Check if your existing cyber insurance can be utilized to cover expenses in case of a breach. Consider whether your organization requires services like vulnerability management and incident response, and choose accordingly.

I rate the product a ten out of ten. 

We use them as our managed doc. Instead of hiring a security specialist, we'd rather pay for a solution and have them monitor our network for any intrusion detection, and geotagging, and that's our use case - to use it to protect our company.

For us, the best aspect is not having to hire someone. We have an appliance do the job for us and automatically notify us versus hiring a staff member who we then have to pay. For us, the benefit is it keeps us safe as well as integrates with our other products. For example, we use CrowdStrike as well, which it integrates with, and we use Azure, and Office 365, which also integrates with it. This solution just saves us time. It does all of the scanning and monitoring and lets us know what is going on versus having a staff member do it.

I love their portal and their communication style. They provide useful quarterly updates.

The solution is very stable.

It can scale just fine.

Support is helpful.

The initial setup is pretty straightforward. 

It's nitpicky; however, if it could integrate with more of our products, like our CRM, that would be ideal. They may only integrate with Salesforce. We use a different mid-market CRM. We'd like to see integrations with Marketo and other software. 

It can be a bit expensive. 

We've had this solution since 2020.

I haven't had any issues with the stability. It's reliable. There aren't bugs or glitches, and it doesn't crash or freeze. 

The solution can scale. We have a buffer built into the account as we are growing and intend to scale to cover more people. Our current user base ranges from 230 to 300 endpoints. 

We've dealt with technical support in the past, and they have been great.

Positive

While we have used an antivirus previously, we haven't used anything quite like Arctic Wolf. We chose Arctic Wolf as it integrated with our antivirus and had a strong global presence. 

In terms of deployment, they had sent two devices out to us. My network team installed them, and then we currently rolled them out by endpoint to each device. For every computer we set up, we put their product on it.

There were two of us that handled the deployment process. The implementation happened over a couple of days. However, the actual work may have only taken five hours. 

We don't have to maintain anything. they have a direct connection and can maintain it for us. 

The ROI is keeping our business up and running. We have not been down, nor have we had any ransomware attacks or any intrusion into our network in the past three years.

The pricing is a bit on the higher side. 

We have additional software to go along with it. We kept the logging for more than 90 days as well as integrated it with our Office 365.

We did evaluate other options before choosing this solution. 

While we have an appliance on-premies, it is available on the cloud as well. 

We are using the latest version of the solution. 

The solution does what they say. They don't overpromise and underdeliver. They actually do what their product's supposed to do, and I find that's very hard with vendors. When you deal with the salesperson and then you get the implementation, there are things missing. With Arctic Wolf, you get exactly what you're supposed to get, and it works. I have not had any downtime.

I'd rate the solution ten out of ten. They're one of the only vendors I would actually give references for.

Having Arctic Wolf sensors and the stand-alone traffic-mirroring appliance within our network provides secure copies of critical logs as well as rapid analysis and response when there is unusual behavior within our network. 

This service is our primary anomaly detection tool. In concert with our endpoint security and our frequent vulnerability scans, Arctic Wolf provides an active review of threat signatures and unexpected events that allows our operations and security team to sleep better at night. 

This service makes answering audits much easier since it covers so many security best practices. Therefore, any of the popular frameworks are covered by this managed detection and response service.

The real-time monitoring is very real-time. We usually get an alert from Arctic Wolf just as someone on our team says 'oops, I locked my admin account' or 'I just created the new admin account on our device'.

The customer service is excellent. They offer very quick responses to active tickets, and we get great responses from the account reps as well. In a world with thousands of startup security vendors offering various flavors of 'AI-enhanced' snake oil, Arctic Wolf provides an obvious security service well. 

The quarterly reviews provide an excellent cadence to help organize our security priorities and help set thresholds to improve our signal/noise ratio, as well as provide a quick overview of the entire threat landscape to our full team. 

The default emailed reports are great for building our audit defense and helping us to meet the requirements of both state and independent auditors. 

The ticketing system is adequate, although the formatting of the auto-generated ticket emails could be updated to a more modern and cleaner style. 

This product is very feature-rich. I would actually be interested in having fewer features at a lower price. The problem is that the active responses require a high level of technical staffing and I expect it's hard to scale that down.

I am also interested in the new features which allow the customer access to the raw log repositories and the analysis tools provided by AW, however, I cannot justify the expense or time of adding those features at this time. Overall it is a very appropriately sized product that does not try to do everything. 

My company has been using this for several years. However, I have only been here using it for one year. 

The solution is very stable. 

It's great for a company our size (~100 employees in total, some on-site IT services, and ~5 network/systems/helpdesk staff). 

Customer support and service are basically what you are paying for. The technical pieces of the solution are great, however, the ticket response and the quarterly reviews are where the real value is. 

Positive

I am not sure if something was used previously as I've only been in this role with this company for one year. 

I wasn't part of the setup. The maintenance and reconfiguration (from in-line to mirrored traffic capture of the hardware device) have been simple and well-supported. 

We would require around 0.75 technical FTE to do the work of this solution, which we could not do for the price. 

In general, it's worth it. If you have any regulatory compliance requirements or other external requirements on your information security approach and you do not have a massive internal team to handle log analysis and similar tasks, this is a great solution. 

I did not choose this solution. I came into the company and this product was already here. I will say that I have removed a number of products from our vendor list during my first year, and have not considered removing Arctic Wolf - despite it being one of our costlier contracts. 

We needed more eyes on the prize and Microsoft performance reporting is severely lacking for security compliance as geo blocking in the firewall can only address a small part of the attack grid. It's nice to know that people and machine learning are monitoring my environment for known assaults and unusual behaviors. 

Being a small business we just can't afford to have a full time security engineer and Arctic Wolf gives us the tools and services the big boys have at a reasonable cost. 

With the playing field always changing, it is nice to know our backs are covered.

We did not have any advanced tools in place for security monitoring. 

Personally, I love having Big Brother (Blue Eyed Wolf?) watching and it is nice to sleep well knowing 24/7 my network is being protected. 

After an easy onboarding, the monitoring started immediately. 

We also run AV on work stations. There was an instance when AWN notified us of a malware download before the end point monitors kicked in. We immediately shut down and reimaged the machine. 

We feel very strongly that we picked the best solution for our organization.

The weekly reports are great. I very much appreciate having a quick review of what occurred over the last seven days. I can't give enough kudos to the folks in the SOC. They are friendly, professional, and always available. Even tickets I put in for educational purposes are responded to quickly, and answers are specific. I enjoy not having to rephrase a question due to a generic response. 

The new dashboard is visually appealing, and I can drill down with just a couple of clicks for details. It offers great, easy navigation.

The service is fabulous. AWN is one vendor I don't mind having to call. It doesn't matter what urgency you put on the ticket - all I have entered have always received fast replies. Also, this solution offers huge peace of mind. I know I can pick up the phone and get a live person and not be trapped in a looping call tree. 

In the future, I would like to see a summary report. One of my bosses is on the distribution, and I spend time every Monday explaining what the reports mean. Graphs are nice visuals and would help communicate what's happening more effectively.

I've used the solution for 15 months. 

The solution is extremely stable. We have not had a single issue with any of the agents.

The solution is very scalable. Our environment is pretty stagnant, however, if I decided to add a server farm, it's just a click, and we pay a little more.

Technical support has been excellent. We haven't had a customer service issue; I have had a few tickets to ask questions, and they have been all handled with high urgency, even if they are not.

Positive

I did not previously use a different solution. I had been asking management and had a budget line item for security services for three years. My request was finally approved.

The setup is straightforward. The documentation was detailed, and the implementation team was available to explain and assist.

The implementation was done with the assistance of a vendor team. I was a bit sad when I was notified that I would be moving from the implementation to the account management team. However, every person I have worked with has been wonderful. 

We've witnessed an ROI after three years on software and five on hardware.

The setup was not hard. The implementation was very straightforward, and the team was knowledgeable and easy to work with. Compared to other vendors, licensing was a dream. The cost comes down to what people think their protection is worth. I have no qualms about approving AWN invoices for payment.

I did evaluate Sophos, Red Canary, Crowdstrike, and several others that only included monitoring without any security services.

I will be required to obtain additional quotes when our term is up. That said,  unless there is a sleeper that will be coming up in the field, I intend to negotiate a renewal.

The solution helps monitor our endpoints and network traffic. It alerts us whenever something's going down. It has been pretty helpful.

The product helps with visibility.

The agents that are installed help detect threats. The agents give pretty good visibility into what is happening at the endpoint. The response to threats is pretty quick. Depending on the severity, the team sends an email or gives us a direct call. The weekly and monthly reports through the dashboard are helpful.

It will be helpful if the dashboard is more granular. The vendor must allow us to see what they see on their end.

I have been using the solution for three months.

I rate the tool’s stability a nine out of ten. The product hasn’t gone down since we have had it.

We have around 1000 users.

We have 24/7 support. It’s like an extension of the department. The technical support is pretty helpful. Someone's always there to help us.

Positive

The initial setup is pretty straightforward. The documentation is pretty good. I rate the ease of setup an eight out of ten. It is a SaaS solution. Two network engineers can deploy the product. We have network engineers and analysts on our team. We make sure the agents are not degraded. Most of the maintenance is done by the vendor.

The pricing is pretty competitive.

I will recommend the solution to others. It provides more visibility into the environment. If the staff is pretty short-handed, it helps out. Overall, I rate the product a nine out of ten.

Arctic Wolf monitors all of the traffic through our firewall. It monitors events on each computer in our network using agents. We have detection and as many inputs as we can get, including inputs from our Sophos antivirus and from our duo two-factor authentication. They ingest and process all of those events. If anything looks like it might be a problem, they generate a ticket and we get an email.

We take a look at the ticket and tell them whether it's expected or unexpected, and whether we think it's serious. They also scan our network for critical updates that are missing on the exchange server and issue detailed instructions on how to get the patch and how to execute a workaround if necessary. Arctic Wolf gives very detailed information when they think there's a challenging threat.

Arctic Wolf is our eyes and ears 24/7 because we can't possibly watch all of our alerts. We may see all of these alerts, but our attention is distracted because we're working on other things. We're only working certain hours of the day, and we don't have the staff to look at alerts 24/7.

We get a lot of false alarms, but that's because they don't know our network in detail. I think that could be alleviated if we told them more about our network so they could create rules to skip some of those things. For instance, we've had alerts that people are coming onto the VPN from outside of Canada. If we told them that someone is going outside of Canada ahead of time, then they wouldn't alert us about it.

Our internal alerting systems generate 10 times as many false alerts, so they're actually doing pretty well.

It's very stable.

There are a couple of appliances that need to be used. It's somewhat challenging to set up because you need a special configuration in the network switches, which the firewalls are connected to.

I would rate this solution as nine out of ten. 

It's a good product. It covers us 24/7. It doesn't have nearly as many false alarms as our own internal alerting systems because they're weeding a lot of things out. There's a lot of proactive help if something important needs to be updated or if  there are workarounds that need to be applied.

We are basically using it to catch things that we are missing in terms of alerts and other things. We are also using it to provide 24x7 coverage, which we just can't do.

It has sensors that are on-prem, but the data is kept in the cloud. All the alerting and consoles are also in the cloud, but it obviously needs to see our infrastructure in order to see anything that is going on.

It has provided just a little bit more peace of mind in terms of not having to be constantly on our toes and wondering if something is going on while we're trying to enjoy our weekends.

It gives us prescriptive guidance regarding how exactly to install the updates, etc. It doesn't do it for you, but it gives you good heads up and collects good information to let you hit the ground running instead of having to do the research yourself and maybe miss things.

We have also subscribed to an additional feature that they offer for vulnerability management and risk management. It a little bit outside of the SOC. They scan daily for vulnerabilities, and they perform them by using agents. They scan for vulnerabilities on a daily, weekly, or monthly basis based on your preference. They also do a brute force scan of all your equipment, acting like a hacker with a scanner, and then in the risk management console, they list all of your current vulnerabilities that have been detected and what level of risk they present. You can kind of attack the high-level ones first and work your way down. It gives you kind of an action plan. It gives you a place in the console to manage it. This is an additional module that isn't part of the primary Arctic Wolf SOC. It is Arctic Wolf's risk management. It has the same agents and same equipment, but it is an additional feature.

Whenever there is a major thing like Exchange vulnerabilities, it scans our Exchange server for indicators of compromise. It then alerts us and points exactly where we need to go to check for ourselves if it is normal or not.

They focus on detecting administrator-level control compromises. Because they're focusing more on administrator-level compromise, they are less able to see if an individual user has been compromised. It is, admittedly, very difficult because they don't know what normal human behavior is. If a hacker compromises a human account and then acts just like the human, how are you ever going to notice, unless you have some inside knowledge of how the company works? For example, they overlook account lockouts on user accounts, whereas in our own alerting system, we do not. We review every account lockout, and if it is bad, we contact the person, whereas they think of that as noise because they're more focused on the administrator-level compromise. This is not their fault. I'm sure this is common with all SOCs. They can't look at everything, so they look at the important stuff.

I have been using this solution since February. It has just been a few months.

Its stability is good.

It is scalable. If you have particular things that you want them to watch, they'll basically accept an unlimited amount of these additional alerts. If you say, "This should never happen on my network.", they will detect it and tell you whenever it happens. They allow you to customize the kinds of alerts. Something normally might not have been on their radar, but we know that this should never happen. So, for us, that's a definite indicator that an intruder is inside. So, we tell them, "Look at this. Alert us, and call us in the middle of the night if you see this because it is something bad. It may happen all the time in other networks, but it won't happen here."

Their support is good. If you have questions, you can call them or submit a ticket. They're good to work with. They phoned us about the Exchange vulnerability to walk us through that.

We hadn't used anything before.

Its initial setup is fairly straightforward. They put in a couple of appliances, and we have to tie them to our firewall. That's the tricky part. 

If you're monitoring network traffic going out through the firewall, then you would have to tap into the firewall traffic. Some do this, and some don't. Some only have agents, and some have historically been traffic-only. Nowadays, most companies are trying to do both, but some still focus mostly on traffic, and some still focus mostly on agents. I'm sure some focus mostly on just detecting indicators of compromise that they're aware of. They are only looking for those. They are not looking at traffic or agents. So, there're many ways to skin the cat, and different companies are taking or have gotten really good at different approaches. Arctic Wolf's approach is primarily traffic-based, agent-based alerting, and a little bit of indicators compromise.

In terms of duration, if you had all your ducks in a row, it would take a week to wrestle the firewall resources, move cables around, etc.

In terms of maintenance, it doesn't take too much maintenance. The SOC is basically very low maintenance. When they alert you, they need someone to talk to who has administrator access and can deal with the problem. They'll help you deal with the problem, but they don't deal with it for you. They still need on-the-ground company staff to actually take the actions needed to shut down a breach. Normally, we don't have to do much unless they indicate that there has been a compromise, which is fairly rare. It is kind of an all-or-nothing thing. You either have it, or you don't. We may fine-tune it, but it is just there in the background almost invisible, and then they tell you if there is a problem.

We had a consultant for the firewall configuration and the switch configuration. Our experience with them was fine. They manage our Cisco switches and firewalls. They were good.

It is difficult to know. If they managed to stop a major breach that we evaluate as really bad, they might have saved us $4 million, but there is no way to know. Did we prevent something from happening because we were on our toes or because they have a good risk management solution that helped us figure out the vulnerability and be proactive and avoid it altogether? It is hard to know whether they prevented something or not. It is like insurance.

I would rate Arctic Wolf AWN CyberSOC a nine out of ten.

It is for 24-hour monitoring of the network. We have risk management and detection.

Its deployment is hybrid. They have their sensors here. We install it ourselves, and they help us along.

They prevented a couple of attacks and alerted us when there was a big vulnerability.

The integration between Cisco AMPs and the Windows servers is most valuable. So, they can also sandbox machines on which they see something suspicious.

They could probably expand on their integration tools. They can integrate with more security tools.

They can expand their Linux flavors. I believe they only have Ubuntu and one more flavor.

We've had Arctic Wolf for a little bit over a year.

It is stable.

It is scalable. It gets used almost every day. We have only four admins who actually log into the portal to check the network and information. Each one is assigned and looks at a certain aspect of the network.

Their support is good. They have 24-hour support, and they're always a call away.

This is the first MDR solution we are using.

It was straightforward. The initial deployment took about a month, and then getting the Arctic Wolf clients literally for 600 devices took about three months.

We installed it ourselves, and they helped us along. You don't need many people for its deployment. You don't need to do a lot of work to deploy the software, but you do need money to implement it.

For its maintenance, you don't need many people. One person should be enough. We're an organization with more than a thousand devices. We have one technician or engineer who looks into how to deploy the patches in the quickest way.

It is more expensive than CrowdStrike, but it also has more features. I don't remember the amount, but I do remember that it was on the higher side. 

I believe we have five sensors, and the sensors have a yearly cost. We don't have any additional costs, but I know that if we have more features, they will add to the cost.

We evaluated CrowdStrike, and we also evaluated a Cisco product. 

It is a straightforward solution. It is not complicated. Its deployment is also straightforward.

I would rate it a 10 out of 10. They alerted us when there was a big vulnerability, so we're happy with their solution.