Security teams are being asked to operate at machine speed while still making decisions they can trust. Attackers move faster. Exposure changes continuously. Manual workflows struggle to keep up.
Following the recent announcement of the Aurora® Superintelligence Platform and Aurora® Agentic SOC, Arctic Wolf continues to advance its portfolio with new capabilities that help teams see risk clearly, prioritise what matters, and act with confidence.
This quarter’s updates focus on three areas: reducing exposure before it becomes risk, extending protection to attack surfaces that are increasingly targeted, and giving practitioners faster and more precise ways to investigate and respond. Together, these updates continue to evolve the Arctic Wolf portfolio so security teams can keep pace with today’s threat environment without adding operational burden.
Reduce Exposure Before It Becomes Risk
Launch of Aurora® Exposure Management
Operating at the pace modern environments demand requires more than finding vulnerabilities. Security teams need to understand which exposures matter, prioritise them based on real risk, and reduce them before attackers have an opportunity to exploit them.
Aurora Exposure Management is a new product family designed to support a continuous and operational approach to proactive security. It brings together Aurora® Vulnerability Management and Aurora® Attack Surface Management, giving teams complementary capabilities that can work together as part of a broader exposure management program or be adopted independently based on maturity, priorities, and existing investments.
Aurora Vulnerability Management helps teams identify and prioritise vulnerabilities using real threat context and remediation workflows. With the new Resolve patch management add-on, teams can also take action directly from the Aurora Vulnerability Management console by executing patches for third-party applications.
Aurora Attack Surface Management continuously works to discover assets, identify missing or misconfigured controls, and highlight unmanaged exposure across internal, external, cloud, and end-user environments.
Together, these capabilities help teams move from fragmented visibility to coordinated action. They provide a clearer view of where risk exists, which issues matter most, and whether remediation efforts are reducing exposure over time.
Extend Protection to More Attack Surfaces
Aurora® Mobile Threat Defense for iOS and Android Devices
Mobile devices have become a primary access point to enterprise data, cloud services, and identities, yet they remain one of the least protected parts of the endpoint attack surface. As work continues to move across personal devices, corporate-owned devices, and unmanaged networks, security teams need better visibility into the risks that follow users wherever they work.
Aurora Mobile Threat Defense extends the Aurora® Endpoint Security portfolio to iOS and Android environments with dedicated, mobile-first protection designed to rapidly detect and respond to mobile threats while preserving user privacy.
The solution includes mobile attack defense, rogue and unsafe network detection and response, identification of malicious or non-compliant applications, and cross-platform coverage across corporate-owned and Bring your own devices (BYOD). As part of the growing endpoint portfolio, Aurora Mobile Threat Defense helps organisations close a critical visibility gap and protect users as mobile devices become a more important part of the enterprise attack surface.
Wiz Integration Adds Cloud Risk Visibility and Response
Cloud environments continue to grow in scale and complexity, and many teams struggle to connect cloud risk findings to effective security operations. Visibility alone is useful, but security teams also need a clear path from posture insight to investigation and response.
The integration combines Wiz cloud visibility with Arctic Wolf security operations workflows, helping teams understand cloud misconfigurations, vulnerabilities, and runtime risks in context. It also supports guided investigation and response, so teams can move from cloud insight to operational action more efficiently.
Identity remains a primary attack path, and visibility across identity signals is critical for faster investigation and response. Recent new or enhanced integrations expand identity and access visibility across the Aurora Superintelligence Platform including CrowdStrike Identity Protection, JumpCloud Directory Insights, PAN Prisma Access, and SentinelOne Singularity Identity.
These integrations help teams connect authentication activity, directory changes, secure access signals, and identity-adjacent telemetry with the broader evidence needed to detect and investigate threats. By correlating identity signals with endpoint, network, and cloud telemetry, Arctic Wolf helps analysts understand activity in context and respond more effectively when identity risk becomes part of a broader attack path.
Investigate and Respond Faster
Aurora® Threat Intelligence Adds Dynamic Block Lists and Standalone Availability
Threat intelligence creates value when teams can apply it quickly and consistently across their security environment. When indicators remain disconnected from the tools security teams use every day, intelligence can be difficult to operationalise at the speed required.
Aurora Threat Intelligence Plus now includes Dynamic Block Lists, which make it easier to apply curated indicators of compromise across security controls such as firewalls and endpoint tools. This helps teams move from intelligence to action faster, without relying on manual processes to apply each new indicator.
Threat Intelligence Plus is also now available as a standalone offering and no longer requires the purchase of Arctic Wolf® Managed Detection and Response. This gives more organisations access to Arctic Wolf threat intelligence and allows them to apply it within their existing security operations programs.
Speed also depends on access to clear answers. Security teams work more efficiently when they can quickly find the information they need, understand what action to take next, and navigate product workflows without unnecessary friction.
Aurora Security Assistant is now generally available to all customers, giving practitioners a faster way to navigate the Unified Portal and understand Arctic Wolf products, services, and support tickets.
By reducing the time teams spend searching for information, Aurora Security Assistant helps practitioners move from question to action more quickly. This is especially useful for teams that do not work in the Unified Portal every day and need a simpler way to find the information that supports their next step.
Several updates improve how teams investigate security data and move from signal to understanding. Data Explorer now supports RegEx operators in the Query Builder, giving practitioners more precise and flexible ways to search across security data.
The adds saved queries, alias fields, and drill-downs from dashboards into Data Explorer, making it easier to reuse investigations and move from dashboard insight to deeper analysis.
Updates to Data Explorer Lite also add access to events and observation data, along with self-service reporting and custom dashboards that help teams visualise security data and create the views they need faster.
Together, these improvements reduce friction during investigations and help teams work with security data more efficiently. They also make it easier for practitioners to ask better questions of their data, preserve useful workflows, and move faster when context matters.
Helping Security Teams Move with Clarity and Control
Security operations at machine speed require clarity, context, and consistency. These updates continue to evolve the Arctic Wolf portfolio around that operating model by helping teams reduce exposure, extend protection, and investigate with greater precision.
Just as important, these capabilities are designed to help teams move faster without giving up control. Whether the goal is reducing exposure, improving cloud and identity visibility, operationalising threat intelligence, or helping practitioners find answers faster, each update supports a more coordinated approach to security operations.
Want to Go Deeper?
To see how these updates work together in practice, watch the replay of our May What’s New, What’s Next webinar. It highlights several of these innovations and showcases how security teams can apply them in their day-to-day operations.
To learn more about how to operate at machine speed, download A Guide to Security Operations at Machine Speed. It outlines the operating model, workflows, and capabilities that help teams move faster while maintaining clarity and control.
