Incident360 Retainer

Incident360 Retainer

Arctic Wolf® Incident360 Retainer

No matter the incident, you’re covered.
It’s not a matter of if, but when an incident will occur. With the Arctic Wolf Incident360 Retainer, you’ll receive end-to-end coverage, regardless of the attack type.
Learn More
Experiencing a breach?
*View Terms & Conditions

Incident360 Benefits

Prepare for incidents without sacrificing the ability to respond to an event

In addition to providing full-service coverage for one incident, the Incident360 retainer also includes advanced readiness offerings to prepare organizations for cyber incidents and minimize their impact.

Coverage for One Incident

Receive end-to-end incident coverage for one event, no matter the incident type.

Cost Certainty

Receive flat rate incident coverage that’s up to 70% less than an emergency IR engagement.

Advanced Incident Readiness

Prepare for incidents with a customized tabletop exercise, and two readiness touchpoint meetings.

Access to an Insurance-Approved IR Firm
Trust that the IR services your organization receives will be high-quality and approved by your insurance provider.
Prioritized Response Time

Get your business back to a pre-incident state faster with a 3-hour response time SLA.

Security Posture Hardening

Map your security posture to industry frameworks to identify gaps and track improvements.

Incident Runbooks
Prepare for severe cyber attacks with battle-tested incident runbooks.
Secure IR Portal

Store all IR planning documents in a secure off-network portal that your team can easily access.

Partner Options

Already Working with an Arctic Wolf Partner?

Arctic Wolf has a global community of industry-leading technology partners. Working with an existing partner or MSP? Click the button below to explore preferred pricing.
Contact Us

Trust and Experience

Arctic Wolf’s Incident Response Team:
Trusted partner on 30-plus insurance panels around the globe
0 +
Completes over 1,000 incident engagements per year
0 +

Helped customers reduce their ransom demands by an average of 92% over the past 12 months

0 %
Customers recover 15% faster than the industry average*
0 %
View Source
*Statista reports that it takes 26 days on average to recover from a ransomware event (Q1, 2022). The Arctic Wolf restoration average is 22 days
Learn More About Incident Response

As named by global insurance carriers:

Arctic Wolf: Cyber Insurance Incident Response of the Year

Cyber Insurance Awards USA 2024

Incident Response Retainer Options

Arctic Wolf delivers a new approach to IR retainers that provides organizations with advanced incident readiness activities without having to sacrifice the ability to respond to a severe security event.
See what’s included in our IR retainer offerings.

JumpStart
Retainer

Features

  • 4-Hour Response Time SLA​
  • $325 Hourly IR Rate​
  • IR Planner​
  • Incident-Specific Runbooks
  • Cyber Resilience Assessment

Buy JumpStart Retainer

Incident360
Retainer

  • JumpStart ​Retainer

Features

  • Coverage for One Incident​
  • 3-Hour Response Time SLA​
  • Emergency Services Included:
    • Forensics, Containment, ​ Active Monitoring, Threat Actor Communication, Remediation, and Restoration*​
  • Threat Intelligence

*Up to 30 hours of Restoration is included

Incident360
Retainer Plus

  • JumpStart ​Retainer
  • Incident360 Retainer

Features

  • Incident Readiness ​
  • 3 Readiness Touchpoints
    • 1 Tabletop Exercise
    • IR Plan Review
    • Security Assessment Review

Rapid Response
Add-On

  • 1-Hour Response Time SLA​
  • $295 Hourly IR Rate

Incident Response

Frequently Asked Questions

About Incident Response



What is Incident Response?

Incident response (IR) is a set of processes and tools used to identify, contain, and remediate severe cyber attacks, and to restore the organization to pre-incident operations.

IR typically involves:   

  • SECURING an environment by eliminating the threat actor’s access
  • ANALYZING the cause and extent of the threat actor’s activities while inside the network
  • RESTORING the network to its pre-incident condition (including ransom negotiation, if required)



How is Incident Response different than Managed Detection and Response?

Managed Detection and Response (MDR) works off the Arctic Wolf Security Operations Cloud platform performing triage, containment, analytics, investigations, and guided remediation.

While Incident Response (IR) works inside of the client’s environment and can perform any action needed to respond to a severe cyber attack.

This includes everything from containment and remediation to forensic analysis, threat actor negotiations, business restoration services, or even deploying additional tools.

What types of incidents can Arctic Wolf help with?

Arctic Wolf’s incident response team can assist organizations with any incident type. Common examples include:

  • Severe data breaches
  • Business email compromise attacks
  • Ransomware encryption events
  • Active threat actors in your environment
  • Compromised domain controllers
  • Malware or malicious activity where you cannot find the root cause

Does Arctic Wolf offer threat actor negotiation services for ransomware attacks?

Yes. Arctic Wolf has vast threat actor experience and can negotiate with threat actors on your behalf. In certain cases, our IR team has successfully reduced ransom demands by 89%.

Does Arctic Wolf offer business restoration services?

Yes. Arctic Wolf will work side-by-side with your IT team to restore your environment so you can get back to business as quickly as possible and not worry about finding a 3rd restoration service. During an incident we’ll prioritize getting your critical systems up and running safely while working in parallel with our digital forensics and remediation teams.

Does Arctic Wolf provide digital forensics services?

Yes. Arctic Wolf offers advanced digital forensics services to determine both the root cause and full extent of the cyber attack. Arctic Wolf finds the root point of compromise in nearly 90% of our investigations.

Can I store additional IR-related documents in the secure file repository?

Yes. You can safely store up to 100 IR planning documents — JPG, PDF, PNG file formats — in the Cyber JumpStart secure file repository.

Are incident response services available 24-7?

Yes. Arctic Wolf’s incident response services are available 24-7. If you’re currently experiencing an incident click here.

Will Arctic Wolf’s Incident Response service be covered by cyber insurance?

Yes Arctic Wolf can work with all insurance carriers and is listed as a preferred vendor on over 30 panels. .

What is Managed Security Awareness?
Arctic Wolf® Managed Security Awareness is delivered by the Arctic Wolf Concierge Security® Team and is built on the industry’s only cloud-native platform to deliver security operations as a concierge service. Managed Security Awareness prepares your employees to recognize and neutralize social engineering attacks.
What does Managed Security Awareness+ (MA+) include?
Managed Security Awareness+ includes the features of Managed Security Awareness along with the option to choose an industry focus for all ongoing microlearning sessions, and a content library which can be used for sending additional content.
When does my 90-day trial begin?
Your trial begins on your date of transaction.
How do I get started?
Onboarding and security operations experts from your Concierge Security Team (CST) are paired with you to get Arctic Wolf Managed Security Awareness up and running quickly. Your CST works with you to track the progress of your program, identify areas that need improvement and help meet your organizational goals.
How many users can participate in the trial?
You can add as many team members as you’d like to participate in the trial.
Are there any limitations to how many users we can have after the trial?
The minimum amount of users is 30 and the maximum amount of users is 250.
What payment methods do you offer?
Upon checkout you will be prompted to enter a credit card. Your card will not be charged until the 90-day trial is complete. Prior to your trial ending, your customer success manager can work with you on an alternative payment if needed.
What happens when my trial ends?
If you do not cancel before the 90 days expire, the credit card on file will automatically be charged the full annual subscription price based on the user amount entered upon your original transaction.
How can I change my credit card information?
You can update your credit card information at any time through the self-service portal or contacting online-help@arcticwolf.com.
How can I change my user amount?
You can update your user amount at any time prior to the trial ending by working with your customer success manager or contacting online-help@arcticwolf.com.
When and how do I cancel?
You can cancel at any time through the self-service portal or contacting online-help@arcticwolf.com.
What do you mean by engage?
Employee participation, or engagement, is critical to your awareness program. Arctic Wolf provides no-friction awareness lessons designed to engage employees and maximize their learning and behavioral adoption.
What style of content does Arctic Wolf deliver?
Arctic Wolf uses the latest microlearning techniques, including short and memorable awareness content. Learn more about microlearning and how it is the preferred methodology for security awareness training in our white paper.
From where does Arctic Wolf source content?
Arctic Wolf has a full-time team of security training experts, designers, and production talent who are always creating fresh and new content delivered through your awareness program.
How does Arctic Wolf decide on training topics?
Arctic Wolf uses a combination of customer feedback, industry trends, and threat intelligence from real-world scenarios to inform your awareness content calendar. Our content team collaborates with our Concierge Security® Team and Cyber Threat Intelligence (CTI) team to identify current threat vectors and determine how threat actors design their social engineering attacks.
How does Arctic Wolf measure employee performance?
Employee participation and performance is directly tied to employee risk. Arctic Wolf uses quizzes, completed lessons, automated phishing tests, and report cards to measure employee performance and identify where your organization is most exposed to social engineering risks.
How does Arctic Wolf measure awareness program effectiveness?
Your overall awareness program is tracked and measured based on your employee participation and behavior scores. Your aggregated program performance is updated on your dashboard as your Culture Score.
What is peer-to-peer coaching?
Arctic Wolf Managed Security Awareness is delivered by your Concierge Security Engineer (CSE). Your CSE will help you kick off your awareness program, track progress, and identify areas for improvement. Along the way, your CSE will help you involve executives and engage employees to achieve your awareness goals.
What are the most common social engineering attacks?
Today, the most common social engineering attack is phishing. Other social engineering attacks include vishing (voice phishing over the phone), smishing (texting and SMS phishing), and a variety of other attacks that target and exploit human nature to gain access to sensitive data, corporate networks, and physical locations.
What types of human error do you help prevent?
At the core of Arctic Wolf Managed Security Awareness is the recognition that employees are people and people make mistakes. Examples of human error and mistakes include sending email to the wrong person, sharing your password, or simply holding the office door open for a threat actor disguised as a pizza delivery guy. What’s important is to encourage employees to report when they make a mistake so IT can minimize the fallout.

To contact Arctic Wolf for a non-emergency scenario, or to learn more about Incident Response please fill out the form.

Learn More