Product Updates

Arctic Wolf

Product Updates

See the latest product feature releases, product improvements and bug fixes
   FILTERS
  CLEAR ALL
Jump to Specific Update:
 
Back to Top

June 2025 – ARCTIC WOLF PRODUCT UPDATES


Managed Detection and Response: Data Explorer Custom Alerts

Arctic Wolf MDR customers with Data Explorer have the flexibility to create their own custom alerts for their environment’s unique use cases. Custom alerts gives customers the ability to create notifications for use cases outside their current detections and alerting for operations and auditing.

Aurora Endpoint Defense: Agent Updates v3.4

Arctic Wolf is releasing an updated version (version 3.4) of its Aurora Endpoint Defense agents for Windows operating systems. Updates to the Aurora Protect agent began rolling out on May 27, 2025. Updates to Aurora Focus started on June 10, 2025.

What customers can expect:

  • Updated product names: CylancePROTECT → Aurora Protect / CylanceOPTICS → Aurora Focus
  • An updated look and feel to the Aurora Protect application UX and taskbar icon
  • Migration to .NET8 architecture offering improved stability and performance and future feature parity across platforms
  • Added support for latest versions of Windows 11 and Windows Server; dropping support for older Windows versions that don’t support .NET8
  • Improved security through Microsoft’s Trusted Signing as well as improvements in stability and performance
  • Interoperability with the Arctic Wolf Agent, enabling more cohesive MDR, endpoint, and SOC integration
  • Tighter integration with Windows Security Center, enabling improved interoperability with native OS security controls and enhancing overall multi-layered defenses

Aurora Endpoint Defense: Behavioral Detection Engine

The Behavioral Detection Engine brings the following advancements:

  • Refreshed content library focused on maximum coverage across MITRE ATT&CK techniques enabling high fidelity threat detection.
  • Automated tagging of events with MITRE tactics and techniques enabling faster, more targeted investigations and richer AI driven threat insights.
  • A new rule type, observations, that collects high value telemetry without raising alerts, enabling security analysts to have deeper visibility into suspicious activities.
  • AI- assisted workflows that simplify and streamline exception management, reducing administrative burdens.
  • Automated detection rule updates that are pushed out in monitor mode, ensuring organizations are resilient to emerging threats while giving admins control over enforcement.

Integration Release - Active Response: Firewall Add Deny Rule

Introducing Active Response: Firewall Add External Deny List - Arctic Wolf customers can now add malicious IP addresses to a deny list via the new Generic Firewall Denylist integration. “Generic” support means that this response action is applicable to any firewall vendor, so long as the third-party application supports an external denylist that can be accessed through a URL. This response action can be leveraged by firewalls from the leading vendors such as Fortinet, Palo Alto, Cisco, Sophos and more. To leverage this response action, customers must access the deny list file from an S3 bucket URL (i.e., this response action is ONLY for customers with AWS environments).

Integration Update - Active Response: Mimecast Delete Email

Mimecast v2 - To ensure ongoing compatibility and access to the latest capabilities, we’ve updated the Artic Wolf Mimecast integration from Mimecast’s v1 API to the v2 API. Mimecast has announced their deprecation of API v1 scheduled for June 25, 2025, so we are encouraging existing customers to adopt the newest updates as soon as possible. Existing v1 integrations are expected to continue functioning for the foreseeable future, new v1 integration setups will no longer be supported.

Integration Update - Active Response: Tanium Rewrite

We are excited to announce that we have updated our Tanium integration to provide a more stable and consistent experience to our customers. We regularly review our existing integrations to ensure that we are providing the best experience possible to our customers and leveraging the most up-to-date integration best practices for the supported vendors. The Tanium update is a sign of our commitment to proactively improving the quality of our integrations for our customers. This integration enables fast, precise response actions and ensures all activity is logged for audit and compliance purposes.

May 2025 – ARCTIC WOLF PRODUCT UPDATES


New $3 Million (USD) Warranty

Arctic Wolf is raising the bar on customer protection with an expanded Security Operations Warranty. Customers who purchase a Security Operations Bundle and Aurora™ Managed Endpoint Defense are now eligible for up to $3M (USD) in warranty coverage—the highest in the industry. This update reinforces Arctic Wolf’s commitment to reducing cyber risk and providing greater peace of mind.

Incident Response - Incident360 Retainers

Arctic Wolf’s new Incident360 Retainer offers a proactive, full-coverage approach to incident response (IR). Unlike traditional hourly IR retainers, Incident360 provides end-to-end coverage for one incident, along with built-in readiness activities like tabletop exercises, IR planning sessions, and security assessments. This retainer ensures customers are prepared before an incident and have guaranteed support during an event—without the need to guess at the number of hours needed.

Managed Detection and Response - Data Explorer Longer Search Retention and New Query Builder

Arctic Wolf is enhancing Data Explorer by offering customers the ability to retain and search security data for longer timeframes—14, 30, or 90 days. This update enables deeper investigations, better trend analysis, and improved reporting across extended periods, helping customers gain richer insights and drive more strategic security decisions.

Furthermore, Data Explorer has additional updates with a new query builder that provides more refined and sophisticated search capabilities, helping users get faster and more actionable insights.

Aurora Endpoint Defense Agent Update 3.4

Arctic Wolf is releasing an updated version (version 3.4) of its Aurora Endpoint Defense agents for Windows operating systems starting May 27, 2025. The Aurora Protect agent will release first in a rolling wave across global regions. Updates to the Aurora Focus agent will follow around the second week of June 2025.

What customers can expect:

  • Updated product names: CylancePROTECT → Aurora Protect / CylanceOPTICS → Aurora Focus and new look and feel to the Aurora Protect application UX.
  • Migration to .NET8 architecture offering improved stability and performance and future feature parity across platforms.
  • Added support for the latest versions of Windows 11 and Windows Server; dropping support for older Windows versions that don’t support .NET8.
  • Improved security through Microsoft’s Trusted Signing as well as improvements in stability and performance.
  • Interoperability with the Arctic Wolf Agent, enabling more cohesive MDR, endpoint, and SOC integration.
  • Tighter integration with Windows Security Center, enabling improved interoperability with native OS security controls and enhancing overall multi-layered defenses.

Managed Security Awareness – French Language Support and Language Tiers

Arctic Wolf now offers French language support with both subtitles and native voiceover options. This addition expands on our existing English, German, and Spanish offerings. Customers can now:

  • Deliver security awareness training that French-speaking employees will comprehend, retain, and pay more attention to.
  • Equip all employees – regardless of their native language – with the knowledge to identify and mitigate human-targeted threats, strengthening your organization's security posture.
  • Extend security awareness programs across multiple regions and languages with ease, ensuring consistent protection worldwide.

Agent Management and UI Updates

With this update, customers now have access to view and configure agent deactivation thresholds and set a maintenance window for Agent updates. If a customer does not make any changes to these configurations, the deployment will continue as it has historically in their environment.

April 2025 – ARCTIC WOLF PRODUCT UPDATES


Managed Detection & Response - CyberArk PAM Integration

Arctic Wolf is introducing an integration to enable detections from CyberArk PAM Privileged Threat Analytics (PTA). This is a direct integration meaning CyberArk’s PAM security alerts directly into our platform. This means, you will receive timely, vetted alerts on specific security cases involving privileged accounts, helping your organization stay one step ahead of potential threats.

Managed Detection & Response - Mimecast V2 Integrations

Mimecast has introduced v2 of their API and has indicated that they plan to begin the end-of-life process for v1 starting in April.
We have developed, tested, and are ready to release our MDR integration with the Mimecast API v2, but this integration change will require some action on the part of our MDR customers to configure. To ensure uninterrupted data flow, we recommend upgrading as soon as you are able.

Managed Detection & Response - Aurora Endpoint Defense Integration

Arctic Wolf is introducing an integration to enable detections from Aurora Endpoint Defense. Aurora Endpoint Defense with Arctic Wolf's Aurora Platform MDR solution enhances an organization’s security posture by leveraging AI-driven threat prevention and automated detection capabilities. Aurora Endpoint Defense provides proactive endpoint protection, and delivers endpoint visibility and forensic insights, helping security teams identify and contain threats faster. By combining these capabilities with Arctic Wolf's Aurora Platform MDR solution, organizations can offload security operations to experts who continuously monitor, analyze, and respond to threats, improving incident response times and reducing overall risk exposure.

March 2025 – ARCTIC WOLF PRODUCT UPDATES


Managed Security Awareness - Self-serve Configuration and Launch

Managed Security Awareness will offer self-serve configuration options, allowing customers to launch their security awareness program on their own.
Only new MA customers will see this capability. New customers can configure, schedule, and launch their Managed Security Awareness program on-demand.

This feature became available on March 13, 2025.

RMM/RAT Tool Use Detection

The Arctic Wolf agent can now observe Remote Monitoring & Management (RMM)/ Remote Access Tool (RAT) tool(s) on monitored systems. This new detection allows customers to define a list of expected/approved RMM/RAT tools used for legitimate purposes and generate an alert when unapproved/unexpected RMM/RAT tools are observed in their environment.

February 2025 – ARCTIC WOLF PRODUCT UPDATES


Managed Risk - Asset Page Release in Unified Portal (ADS Release)

The new Asset Page is designed to enhance your asset management capabilities and improve your overall risk management experience. By focusing on device-specific data and offering features like deduplication, sorting, and filtering, we aim to make it easier for you to access critical information and insights. This experience will be available only on the Unified Portal.

Learn more about this new experience by watching this highlight video.

Managed Risk - Disable NMAP Activity Outside Scan Schedule

Scan schedules are created to manage when scan activity occurs in an environment. The default behavior of the IVA host identification portion is to continually poll the network to identify devices.

With this new configuration option, you can more precisely control scan activities and minimize network disruptions.

This experience will only be available in the Unified Portal.

  • This capability will deliver a more efficient and predictable experience by providing improved predictability on scanner activities as well as new configuration options.
  • It will also provide a fewer device disruptions from aggressive scan activities.

Managed Risk - Port Scan Exemption

Port scan exemption suppresses the probe or test of specific ports with our Internal Vulnerability Assessment (IVA) scanner.

It allows specific IP addresses or ranges to bypass port scanning. This enhances network efficiency and reliability, minimizing disruptions for authorized users. It improves security by focusing on real threats, providing customers with a smoother and more accurate security experience.

This experience will be available in Unified Portal.

Warranty Status in the Unified Portal

A widget will be displayed with your warranty enrollment status in the unified portal. At this point in time, the widget will only display if you are eligible for the warranty, but have not yet enrolled.

January 2025 – ARCTIC WOLF PRODUCT UPDATES


Managed Security Awareness - CCP - New Course (GDPR)

Managed Security Awareness will provide a General Data Protection Regulation (GDPR) compliance course as part of the Compliance Content Pack Add-on.

Customers/partners who do business in the EU or with EU entities can leverage our GDPR compliance course to meet their requirements for GDPR compliance training.

This feature will be available on Jan 8, 2025.

Managed Security Awareness - Native German Dubbing

Managed Security Awareness solution will be offering a native German voiceover providing additional language support beyond subtitles.

German organizations will receive a more natural and immersive learning experience by having German-speaking actors perform the training dialogue.

Managed Detection and Response - Defender for O365 Integration

Arctic Wolf now integrates with Microsoft Defender for O365, Microsoft’s cloud-based security solution to protect against email-based threats. Customers using the Microsoft 365 (M365) integration will now benefit from additional insights and deeper context into email and collaboration threats that Defender for O365 offers. Combined, M365 and Defender for O365 enable more effective investigations, advanced correlation of attacks across platforms, and a more comprehensive response to security incidents.

Managed Detection and Response - Fortinet FortiGate Integration Update

We’re thrilled to announce an enhancement to our integration with FortiGate. This update introduces powerful new detections that will automatically escalate to the Triage Security Team for investigation, enabling faster and more precise threat remediation. These advanced detections offer greater visibility into malware and network-based threats, suspicious web activity, and unusual system configuration changes, strengthening your defense against evolving cyber risks.

December 2024 – ARCTIC WOLF PRODUCT UPDATES


Managed Security Awareness — On-demand Report Capabilities

Managed Security Awareness provides on-demand reporting capabilities. This capability makes it easy to quickly generate and access on-demand reports that is available for one year.

  • Security Awareness admins can quickly run and download the reports that they need on-demand.
  • Security Awareness admins can easily access past on-demand reports they generated for up to 1 year under a “Previously Generated Reports” tab.
  • This feature is available as of December 12, 2024. For more details, please see our video.

Managed Security Awareness — User Integration Sync and Visibility Enhancement

Managed Security Awareness solution continues to provide a better customer experience. With the enhanced User Integration experience, Security Awareness admins can easily gain visibility to their User Integration status.

  • Security Awareness admins can run a user sync on-demand (via the Sync Now button on the User Integration page).
  • User Integration enhancement is available for CSV, Microsoft Entra ID, and Google Workspace.
  • This feature is available as of December 12, 2024

November 2024 – ARCTIC WOLF PRODUCT UPDATES


Introducing Arctic Wolf Threat Intelligence

Arctic Wolf Threat Intelligence enables organizations to leverage the same intelligence that powers the Arctic Wolf SOC, delivering real-time data on emerging threats. With curated reporting and real-time threat campaign notifications, businesses can stay informed without needing to sift through vast amounts of information. Arctic Wolf Threat Intelligence leverages over 7 trillion weekly security observations across 6,000+ customers, spanning industries and geographies, and provides actionable insights in an easy-to-digest format. With the integration of IoC QuickLinks into Data Explorer, customers can rapidly check their environments for active threats and take swift action to mitigate risks.

Configure Sensors in the Unified Portal

We are excited to enable customers to configure sensors as they add new sensors and expand their fleet. With this update, customers will easily be able to track how many sensors are deployed, view sensor details such as device type and IP addresses, request additional sensors, and add, configure, ship, and install new virtual and physical sensors directly from the Unified Portal.

BEC Runbook

With the BEC Runbook, you will be able to respond to cyber attacks faster and ensure that you know the precise steps to take during a BEC event. You can also leverage the BEC Runbook for proactive readiness activities like tabletop exercises.

IR JumpStart Retainer in the Unified Portal

You can now view and track the status of your JumpStart IR Plan directly in the Unified Portal. You can also quickly access your IR Plan directly from the Unified Portal widget, instead of needing to open and login to the Cyber JumpStart portal.

October 2024 – ARCTIC WOLF PRODUCT UPDATES


New Active Response Capability for Network

We are excited to announce a new active response capability for Fortinet and Palo Alto Networks customers – add an IP address to a Deny List. The Arctic Wolf Security Team will be able to add an IP address to a deny list, providing an effective way to block known malicious traffic from accessing the network. This reduces the risk of intrusions and data breaches, and prevents bad actors from communicating with internal systems.

New Active Response Capability for Email

We are excited to announce a new active response capability for Mimecast and Microsoft 365 customers – Delete a Malicious Email. The Arctic Wolf Security Team now has the ability to delete an email from Mimecast and Microsoft 365 environments. Malicious emails may contain attachments or embedded links that deliver malware payloads to recipients' devices.

New SPiDR Library in the Security Focus Planner

Customers can now review a library of available Security Posture in-Depth Reviews (SPiDRs) in the Security Focus Planner. This allows visibility into available SPiDR options and helps facilitate prioritization with the Concierge Security Team (CST) to address the strategic priorities of their security team. Within the library, they’ll have access to the descriptions and expected outcomes of each SPiDR and which security category they align with for NIST CSF.

New Data Visualizations and Dashboard for the Unified Portal

Data Explorer customers can now leverage the Unified Portal to create custom dashboards, enabling rapid detection of anomalous activities. Users can monitor key events such as logins from restricted countries, authentication patterns, special privilege access, and more. These dashboards offer flexible, shareable visualizations in formats that best suit each customer's needs, including horizontal and vertical bar charts, multi-bar graphs, pie charts, area charts, map views, and more.

Invite a Collaborator to Cyber Resilience Assessment

Customers can now collaborate seamlessly with internal teams, third-party security partners, or insurance brokers to review and share their Cyber Resilience Assessment (CRA) status and results. By adding collaborators, customers can expedite the assessment process and ensure every question is thoroughly addressed. Collaborators can be granted tailored access permissions—either read-only or read/write—with the flexibility to revoke access at any time, providing enhanced security and control.

New Framework for Cyber Resilience Assessment – Essential 8

We're excited to announce a new feature in the Cyber Resilience Assessment that enables customers to map their security posture against Australia's Essential Eight Maturity Model. With this update, you can stack rank security improvements based on your Cyber Resilience Assessment security index, building a tailored security program blueprint aligned with government guidelines. The assessment can be distributed across your team, ensuring that the right subject matter experts contribute to its completion. Additionally, you can easily share detailed PDF reports with stakeholders to review your organization with the Essential Eight Maturity Model.

September 2024 – ARCTIC WOLF PRODUCT UPDATES


New Active Response Capability: Force Password Reset

We continue to expand our Active Response portfolio with the addition of force password reset for Okta and Entra ID. Forcing password resets for users helps Arctic Wolf contain an incident by invalidating potentially compromised credentials and prevents further unauthorized access or data exfiltration while investigations are underway.

New Active Response Capability: Block URL

We continue to expand our Active Response portfolio with the addition of block URL for Zscaler Internet Access. Many cyber threats originate from web-based sources, including malicious URLs embedded in emails or social engineering attacks. Blocking malicious URLs at the secure web gateway prevents these threats from reaching endpoints, reducing the likelihood of malware infections, data breaches, and other security incidents.

New Zscaler Internet Access (ZIA) API Integration

In addition to the Zscaler Internet Access Syslog integration, Zscaler Internet Access logs can now be directly streamed to Arctic Wolf via API using Cloud NSS. This new API integration with ZIA will give Arctic Wolf real-time visibility into threats in your ZIA environment, allowing the Security Teams to take faster action against potential threats.

August 2024 – ARCTIC WOLF PRODUCT UPDATES


New Zscaler Private Access (ZPA) Integration

Arctic Wolf is excited to announce a new integration with Zscaler Private Access (ZPA). This integration provides visibility into ZPA user activity, alerting on suspicious administration actions such as editing users, configuration changes, and restricted country logins. ZPA, along with your other security telemetry, is monitored 24x7 by Arctic Wolf for threats. Together, Zscaler and Arctic Wolf provide a comprehensive approach to securing an organization’s attack surface.

July 2024 – ARCTIC WOLF PRODUCT UPDATES


Introducing the Ability to Configure Three Alert Types in the Unified Portal

Restricted Country User Allowlist
Denied Login Locations
Approved Login Locations

Customers will now have self-serve capabilities to manage these alert types, but they can of course continue to request support from their Concierge Security Team to help manage these alert types.

New Active Response Capability: Add and Remove a User from a Security Group

We continue to expand our Active Response portfolio with the addition of add and remove a user from a security group for Okta, Cisco Duo and Entra ID. Security groups are often used to manage access permissions to various resources, systems, and applications within an organization. Arctic Wolf can now ensure that in the event a bad actor has gained access to a particular security group, their access is quickly revoked.

June 2024 – ARCTIC WOLF PRODUCT UPDATES


The Security Operations Warranty got even better

Our new industry-leading Arctic Wolf Security Operations Warranty provides up to $1.5M of financial coverage if you experience a covered security event. In the event of a cyber attack, the Security Operations Warranty will provide financial support for the recovery and repair of systems to return your organization to a pre-incident state. Not only that, you can also leverage the Security Operations Warranty to fund your cyber insurance deductible and significantly minimize your out-of-pocket expenses when a cyber event occurs.

Introducing the Security Focus Planner

We are excited to announce the launch of the Security Focus Planner, which unlocks visibility into your Security Focus and which Security Posture in-Depth Reviews (SPiDRs) are completed, underway, and planned with your Concierge Security Team (CST). You can leverage the dashboard to discuss and prioritize posture hardening activities with their Concierge Security Team, while capturing and sharing a record of the completed objectives in one easy-to-view dashboard and exportable assets.

New Endpoint Security Integration – ThreatDown

ThreatDown customers can now leverage their endpoint telemetry through every stage of attack, to better defend their entire network with the broad visibility of Arctic Wolf. By integrating telemetry from ThreatDown’s anti-virus and Endpoint Detection and Response tools, customers can gain consistent, vendor-agnostic security expertise from Arctic Wolf’s security teams. ThreatDown now joins other top EPP and EDR vendors supported by Arctic Wolf: Microsoft, Palo Alto, Crowd Strike, Broadcom & more.

New Active Response Capability for Identity

We are excited to announce a new active response capability for Entra ID, and Okta customers – close user connections. This capability will give the Arctic Wolf Security Teams the ability to quickly – and directly – neutralize a threat before it can advance. Terminating a connection can help prevent the unauthorized extraction or transmission of data and can be an effective defense mechanism against DoS attacks.

New iManage Threat Manager Integration

iManage, used by many of the world’s leading law firms, financial services providers, healthcare groups, and media organizations, helps users drive better document management in highly regulated industries or industries with high confidentiality requirements. Arctic Wolf now integrates with iManage Threat Manager to provide 24x7 threat monitoring and response. Click here for more information.

May 2024 – ARCTIC WOLF PRODUCT UPDATES


New Active Response Capability for Identity

We are excited to announce a new active response capability for Cisco Duo, Entra ID, and Okta customers – disable and enable a user. This capability will give the Arctic Wolf Security Teams the ability to quickly – and directly – neutralize a threat before it can advance. Disabling a user account can be a crucial security measure in response to potential threats, such as a compromised account or suspicious activity. By disabling an account, access to sensitive information or systems is immediately revoked, reducing the risk of unauthorized access or data breaches.

Log Collector for Hyper-V and Nutanix

Arctic Wolf now offers log collectors for Hyper-V and Nutanix, providing comprehensive support for both platforms and ensuring seamless integration for your virtual environments. These additional deployment options give customers the freedom to choose virtualization platforms and elevates infrastructure security with enhanced compatibility and support.

Introducing the new Arctic Wolf Cyber Resilience Assessment

We are thrilled to announce the release of the Arctic Wolf Cyber Resilience Assessment, an innovative risk assessment tool designed to help Arctic Wolf customers advance their cyber resilience and improve insurability by enabling organizations to easily map their security posture against industry standard frameworks, such as NIST CSF 1.1, 2.0 and CIS Critical Security Controls v8. Customers can then review and share reports of their cyber resilience assessment index, backed by an agnostic, transparent rating system, and their insurability rating, which is purpose-built to help customers identify how their security posture impacts cyber insurability.

April 2024 – ARCTIC WOLF PRODUCT UPDATES


Introducing the new Arctic Wolf Help Documentation Portal

We are excited to offer customers a new Docs portal as of May 1, 2024 to enable easy navigation to find Arctic Wolf documentation with integrated access to the Unified Portal and the Customer Community. Customers will now be able to: save search preferences, manage your own collections of topics to share or to create custom PDFs, get email notifications when topics on your watch list are updated, and more.

ITSM Admin Support in the Unified Portal

We are excited to enable customers to now manage ServiceNow and ConnectWise ITSM integrations in the Unified Portal. The new ITSM Integration Admin Management capabilities in the Unified Portal will enable customers and MSPs to enter and change their ITSM settings and update ServiceNow ticket Impact and Urgency which will determine the ServiceNow/ConnectWise Priority. MSPs, more specifically, will be able to use a customer list to find and sync to a specific customer and conduct sync tests which generate a test ticket sent to a user’s associated email address.

Managed Risk – Agent Vulnerability Evidence

Arctic Wolf continues to provide a better customer experience and broader visibility with streamlined remediation cycle. As part of this release, By surfacing additional information, users can quickly investigate with Agent Vulnerability Evidence. By providing this additional visibility, it accelerates remediation efforts and reduces remediation time from hours to minutes. Debug scans are no longer required. The scope of the release is Windows only.

Managed Security Awareness – Account Takeover UI Replaced with Account Takeover Report

Arctic Wolf continues to deliver a streamlined experience to our customers. With this release, the Managed Security Awareness solution delivers the account takeover (ATO) data as a report, the same as the rest of the business.

Managed Security Awareness – IP Addresses and Domain Update

Arctic Wolf will release an update to the Managed Security Awareness domain and IP addresses on May 15, 2024. Customers need to allowlist the new domain and IP addresses before May 15, 2024.

Manage Site Information in the Unified Portal

We are excited to announce that customers can now manage site information for their organization directly in the Unified Portal. Customers will now be able to create, clone, edit, and request to delete a site, as well as organize sensors and scanners by sites within the Unified Portal telemetry pages.

New Impossible Travel Detection for Okta

We’re excited to announce an integration update to Okta that will expand and enhance our detection capabilities of threats such as account takeovers, off-shore attacks, and person-in-the-middle attacks. With the new Impossible Travel detection, Arctic Wolf compares an Okta user’s last known location with their current location, assessing whether the trip is likely – or even possible. If the trip is deemed impossible, Arctic Wolf is notified and investigates to legitimize the user or mitigate the threat.

March 2024 – ARCTIC WOLF PRODUCT UPDATES


Managed Risk – Remediation Details

Arctic Wolf continues to provide a better experience and broader visibility with a streamlined remediation cycle. By surfacing additional information, users can quickly act on vulnerabilities with remediation details from all sources such as IVA, EVA or Agent. This additional visibility allows customers to gain access to accelerated remediation efforts and reduce remediation time from hours to minutes.he Managed Risk Portal.

Managed Risk – Agent Scan Schedule Improvement

We’re introducing new enhanced search capabilities in the Unified Portal for the Agent Scan Schedule feature. This release will improve the agent scan schedule to provide robust search capabilities, allowing customers to efficiently identify the agents or assets they need. These enhancements aim to simplify the scheduling process, making it more straightforward and accurate.

Managed Security Awareness - Arctic Wolf TruClick

Arctic Wolf’s goal is to deliver unparalleled data accuracy and reliability so you can best understand your users. TruClick is the industry’s first and only solution to separate real user clicks in phishing simulations vs false-positives created by automated inspection. It represents only real user interactions, which drives the data accuracy and reliability. Also, it would require less time and effort from the administrators, such as investing the clicks. This solution minimizes the need to investigate and address non-threatening issues – like training simulation emails – allowing your team to save time and only focus on real phishing threats.

Incident Response JumpStart Retainer – New UI

We’ve made the IR Planner in the IR Jumpstart Retainer (IRJS) better than ever by adding progress indicators, by allowing customers to add new fields and comments, and by providing a new homepage that’s easier to navigate. The progress indicators will instantly show customers which sections of their IR Plan still need to be completed and reviewed. Inserting extra comments or fields — like contacts or software — in to the IR Planner, will allow customers to tailor the IR Plan template to meet their needs. Lastly, the new homepage and IR Planner navigation will make it easier and faster for customers to find key information.

Incident Response JumpStart Retainer – Incident Runbooks

We’ve added even more incident readiness into the IR JumpStart Retainer (IRJS) by including an incident runbook for ransomware as well as one for any incident type. With our new incident runbooks, customers will know the precise steps to take as well as who to contact during cyber attack. Runbooks will also help customers follow the proper response and communication process to meet insurance or legal requirements. Practicing the workflows in the runbooks may also help customers qualify for cyber insurance discounts by demonstrating a higher level of incident readiness.

February 2024 – ARCTIC WOLF PRODUCT UPDATES


Managed Risk – UX Improvements

We are excited to announce various UX improvements for Managed Risk customers. To learn more about these new features and enhancements, view the Managed Risk Release Notes now available to you under the Resources section in the Managed Risk Portal.

Improved Agent Health Information in the Unified Portal

We are excited to announce that Managed Detection and Response or Managed Risk customers will have access to the improved Agent Health information in the Unified Portal, where you will be provided with health status information for both port 443 and port 1514. Now, you will have more discrete visibility into agent connectivity for health check heart beats and security logs, so you can quickly and easily take action to appropriately address the health of your agents.

January 2024 – ARCTIC WOLF PRODUCT UPDATES


Microsoft Defender for Identity Integration

We continue to grow our native capabilities and integration portfolio with Microsoft and are excited to launch an integration with Microsoft Defender for Identity to protect user identities and reduce your attack surface. This integration increases our visibility into your identity infrastructure for earlier detection of identity-based attacks and provides clearer incident information for quick triage of threats. To learn more about this integration and its capabilities, please reach out to your Customer Success Team or your Concierge Security Team.

New Integration - Trend Vision One – Endpoint Security

With Trend Vision One Endpoint Security (TVO ES), Arctic Wolf expands our integrations with the Top EDR providers on the market, including Microsoft, Crowdstrike, Broadcom, Palo Alto, and more. Not only can Trend Vision One Endpoint Security customers now defend their endpoints through every stage of attack, but they can also defend their entire network with the broad visibility of Arctic Wolf. To learn more about this integration and its capabilities, please reach out to your Customer Success Team or your Concierge Security Team.

10G Uplinks for the AWN202 Sensor

We are proud to announce that we can now offer bypass capable 10G uplinks for the AWN202 sensor. Specifically, you can now get the AWN202 sensor with 4 x 10G ports, providing more flexibility and support for customers with10G networking infrastructure, especially those leveraging high availability (HA) and port-channel configurations to support their firewall deployments. To learn more about this sensor and its capabilities, please reach out to your Customer Success Team or your Concierge Security Team.

Virtual Log Collector and Virtual Scanner for Azure

We are excited to announce virtual log collectors and virtual scanners for Azure. Virtual options within Azure provide a simplified and customized deployment experience to existing and new customers.

Managed Security Awareness - Language Diversity in Phishing Simulations

Our commitment to language diversity remains strong. While keeping the English and German options, we’re excited to introduce a new Spanish language alternative for phishing simulations, providing broader support for our Spanish-speaking users. It will be available for both Managed Security Awareness and Managed Security Awareness Plus with no pricing change. This feature was released on January 17, 2024.

Unified Portal – IVA Credential Scanning

Arctic Wolf continues to bring broader visibility in the Unified Portal. As part of this release, Managed Risk users can configure IVA credential scans and manage their scanners more efficiently and easily through a new tabbed interface in the Unified Portal, including the ability to configure IVA credentialed scans. Credentialed scans provide a deeper and more robust view of vulnerabilities on assets by first authenticating to the device before running the scan. The new tabbed interface makes interface easier and more efficient. This feature was released on January 17, 2024.

December 2023 – ARCTIC WOLF PRODUCT UPDATES


Managed Security Awareness - Admin Content Download Capability

As we stride into the new year, we’re thrilled to share some changes on the horizon regarding Managed Security Awareness solution. With the changes below, we empower administrators with even greater control over content and deliver an engaging language experience to our users.
What’s New:

  • Admin Content Download Capability: Admins can now download an MP4 or SCO of any session directly from our Content Library. Alternatively, admins have the option to copy a link for seamless streaming of sessions via a Learning Management System (LMS), enhancing accessibility and flexibility. This feature is available for Managed Security Awareness Plus and the Compliance Content Pack Customers as of December 13, 2023.
  • Session Controls - Introducing the Session Mass Mute Button: Arctic Wolf understands the importance of flexibility in managing sessions. To streamline this, a new Session Mass Mute Button is being introduced. This toggle allows admins to effortlessly turn off sessions in the platform, providing a quick and efficient way to control the session environment. This feature has been released on December 13, 2023.

New Insight Dashboards in the Unified Portal

We are excited to announce that we have launched new dashboards and data visualizations in the Unified Portal to help you identify security trends quickly. Easily compare recent Arctic Wolf investigation and alert trends up-to the previous 10 days against your annual averages. Quickly identify anomalous activity and new threats your organization may be facing at a glance by looking at trending alert breakdowns to monitor for spikes in, for example, powershell usage, foreign or restricted country login attempts, and more.


NOVEMBER 2023 – ARCTIC WOLF PRODUCT UPDATES


Managed Risk - Update on Asset Attributes

Arctic Wolf continues to invest in enhancing the capabilities as well as the performance of our Managed Risk solution. You can now create and manage Asset Tags. Arctic Wolf removed custom Asset Category values, promoting standardization. Changes to Asset Attributes include renaming "Last Verified IP" to "Last Observed" and deprecating the Notes section on the Asset Profile page in the Managed Risk Portal. These updates offer greater flexibility to customers, enabling them to manage their assets independently while ensuring consistency in asset categorization. Arctic Wolf Managed Risk customers have received an email about asset attributes on October 25, 2023. These changes took place on November 15, 2023.

Managed Security Awareness – CSV User Upload for Customers

Arctic Wolf continues to invest in a better customer experience with the Managed Security Awareness (MA) solution. With this release, we enable our MA customers to use CSV files to manage their user lists in the MA portal. MA customers can now update, add, and remove their user list with this simple approach. Although customers still preserve their right to reach out to CSM/CST to get their user list updated, we highly recommend that customers manage their user lists independently. This feature has been released on November 15, 2023.

Netskope Integration

Arctic Wolf is excited to announce a new integration with Netskope. Customers who utilize Netskope SSE can now integrate with Arctic Wolf via the integration. Together, Netskope and Arctic Wolf provide a comprehensive approach to securing an organization’s attack surface.

OCTOBER 2023 – ARCTIC WOLF PRODUCT UPDATES


Managed Risk - EVA Last Successful Scan Date

We continue to improve our Managed Risk portal. We added iVA Last Successful Scan Date in April 2023 and Agent Last Successful Scan Date in July 2023 into the Managed Risk portal. With this launch, we’re adding EVA Last Successful Scan Date into the Managed Risk portal. This provides better visibility to our customers on our EVA scanner status.
The date and time of the EVA Last Successful Scan is in UTC format, and it cannot be changed to local time, at the moment. EVA Last Successful Scan Date feature has been made available in the Managed Risk Portal as of October 18, 2023.

New Integration - Microsoft Defender for Endpoint in GCC

Arctic Wolf is excited to announce that we now integrate with Microsoft Defender for Endpoint in the Government Community Cloud (GCC). Our Microsoft Defender for Endpoint in GCC customers will benefit from new detections and response actions, such as host-containment, enabling the Arctic Wolf SOC team to detect suspicious activity and take appropriate action based on the threat at hand for Microsoft Defender for Endpoint in GCC customers.

Okta Integration – Detection Enhancements

Arctic Wolf has recently enhanced the Okta integration, adding six additional detections. These additional detections are active as of October 18th, 2023. There is no action required from customers utilizing the Okta integration to take advantage of these new detections. To learn more about detections for your Okta integration, please reach out to your Customer Success Team or your Concierge Security Team.

Cato SSE 360 Integration

Arctic Wolf is excited to announce a new integration with Cato SSE 360. Customers who utilize Cato SSE 360 can now integrate with Arctic Wolf via the integration to provide additional security telemetry for detection, correlation, and investigation by the Concierge Security Team.

SEPTEMBER 2023 – ARCTIC WOLF PRODUCT UPDATES


New Data Explorer Capabilities: Improved Search and Custom Column Sets

Arctic Wolf is excited to offer customers new ways to interact with their data in Data Explorer. We are introducing new and improved search capabilities and the ability to create custom column sets, which means that you can now not only search multiple targets at the same time, but you will also be able to filter the results, post-search, based on column sets. We are also introducing the ability to customize column sets, allowing you to better explore your points of interest.

Integration Updates for CylanceENDPOINT and Cisco Secure Email

We continuously improve our integration support and we are excited to announce that we’ve updated our integrations for CylanceENDPOINT and Cisco Secure Email. For CylanceENDPOINT we are ingesting additional context, providing additional data points for our security engineers to continue to streamline investigations and reduce noise. For Cisco Secure Email, a vendors improve their products, it can affect the process by which information is shared. Now, we’ve updated the integration ingestion mechanism to align with the new Cisco Secure Email integration protocols.

Cloud Data Source Management in the Unified Portal

We are excited to bring customers more self-serve capabilities via the Unified Portal. Introducing Cloud Data Source Management, so you can now manage the addition, removal, and updating of cloud data sources directly through the Unified Portal. If you want to expand the cloud data sources that you have, you can also request a quote in the Unified Portal.

Managed Security Awareness - Google Workspace Integration User Sync

The Google Workspace integration release gives Google Workspace customers the ability to automatically sync their users in Managed Security Awareness and Managed Security Awareness Plus, saving the customer from having to onboard and update users via CSV. Google Workspace Integration User Sync has been made available as of September 13, 2023.

Managed Security Awareness - Texas DIR Approval

Managed Security Awareness has been approved by the Texas Department of Information Resources (DIR).
Our new course, Security Foundations, is available for single user assignment (for MA customers) or group assignment in the Content Library (for MA+ customers). This long format course (~50 minutes) covers NIST and DIR topics.

AUGUST 2023 – ARCTIC WOLF PRODUCT UPDATES


Managed Detection and Response - New Uplink Option for AWN Sensor

Arctic Wolf is dedicated to continuous innovation — in our products, our industry, and our ability to service the security needs of our customers. We are proud to announce that we now offer mirror-only 40G uplinks for the AWN1000 sensor, more specifically, two 40G ports, offering another option to support sensor deployment for customers with 40G networking infrastructure.

Incident Response - Improvements to the Cyber JumpStart Portal

We know how important it is to have critical information at your fingertips when a major incident occurs. That’s why we’re excited to announce that the Cyber JumpStart Portal now includes a file repository that lets customers securely store up to 100 incident response planning documents outside of their network. This capability is now available to all customers who have the IR JumpStart retainer.


JULY 2023 – ARCTIC WOLF PRODUCT UPDATES


Managed Risk - Agent Last Successful Scan Date

Arctic Wolf continues to improve our Managed Risk portal to provide better visibility to our customers on our host-based scanner status. We added iVA last successful scan date in April 2023.  Recently, we have added Agent last successful scan date into the Managed Risk portal.

Agent last successful scan date feature has been made available in the Managed Risk Portal as of July 12, 2023.


Managed Risk - Agent Scan Schedule – “Once” Frequency Option

Arctic Wolf continues to work to help customers improve their risk mitigation process through more granular scanning options, so we have introduced the Once frequency option as part of the Agent Scan Schedule creation process. This provides more flexibility in assessing the risk posture of your customer’s Agent-based assets.

This feature has been made available in the Managed Risk Portal as of July 12, 2023.


Managed Risk - Tag Support for Asset Export/Import

Arctic Wolf continues to enhance the ability for customers to manage their attack surface more effectively and efficiently across their environment by providing more opportunities to add asset context. We introduced the ability to manage tags via the current Asset Export/Import feature allowing users to add or remove tags in a bulk fashion.

This feature has been made available in the Managed Risk Portal as of July 12, 2023.


Managed Security Awareness - Phishing Simulations

We are excited to announce a product update for Managed Security Awareness that will bring about an improvement to how our phishing simulations links are displayed. This update will remove the Arctic Wolf domain from phishing simulation links and instead utilize multiple domains, creating better training for end users by requiring them to be more observant and wary of suspicious links.

We have updated Managed Security Awareness configuration instructions (Step 3), current Managed Security Awareness customers are encouraged to update by Aug. 25 to avoid any possible disruption to the delivery of phishing simulations.

June 2023 – ARCTIC WOLF PRODUCT UPDATES


Standalone ESXi Host for AWN Virtual Appliances

Arctic Wolf is excited to announce that our virtual appliances can now be deployed on standalone ESXi hosts. If you are utilizing VMware, you are no longer required to deploy vCenter in your environment to deploy Arctic Wolf sensors, scanners, and virtual log collectors. ESXi standalone hosts provide a simpler deployment and setup process if you do not have vCenter deployed in your environment.

May 2023 – ARCTIC WOLF PRODUCT UPDATES


Microsoft Defender for Endpoint – Host Containment

Arctic Wolf is dedicated to continuous innovation — in our products, our industry, and our integrations. With that in mind, we are proud to advance our Host Containment capabilities through targeted integrations for our MDR solution, now including industry-leading EDR provider Microsoft Defender for Endpoint. This new integration capability is in addition to the Host Containment already offered via the Arctic Wolf® Agent. Providing our customers with dynamic Response Actions like Host Containment through third-party integrations helps accelerate our threat detection and response capabilities and end cyber risk.

Cisco Umbrella API Integration - Expansion

We are excited to announce an expansion of our Cisco Umbrella API integration. Customers who utilize Cisco Umbrella Secure Internet Gateway (SIG) can now integrate with Arctic Wolf via the Cisco Umbrella integration to provide additional security telemetry for detection, correlation, and investigation by the Concierge Security Team.

Cisco Meraki API Integration – Expansion

Arctic Wolf has expanded the existing integration with Cisco Meraki. We can now ingest Get Network Events via the Cisco Meraki API integration to provide additional security telemetry for the Concierge Security Team. Providing our customers with enhanced visibility into their Cisco Meraki environment helps accelerate our threat detection and response capabilities.

Managed Security Awareness – Arctic Wolf Report Phishing Button and Analytics

With the Arctic Wolf Report Phishing Button for Managed Security Awareness (MA) & Managed Security Awareness Plus (MA+) customers with O365, employees can report a suspicious email and automatically have it removed from their inbox in one action.

When suspicious emails are reported, the Managed Security Awareness admin dashboard will display helpful reported email details, giving admins the ability to take further action in their O365 environments.

Additionally, for MA+ customers, the Arctic Wolf Phishtel Engine will analyze and assign a threat level to reported emails. The threat level will appear in the MA+ dashboard, enabling admins to quickly protect their organization from reported malicious emails.

April 2023 – ARCTIC WOLF PRODUCT UPDATES


Managed Risk: iVA Last Successful Scan Date

We continue to improve our Managed Risk portal. With this launch, we’re adding iVA last successful scan date into the Managed Risk portal. To provide better visibility to our customers on our iVA scanner status.

Managed Risk: Agent Risk Rollup by Remediation

Arctic Wolf continues to enhance their risk workflow to ease customer experiences with our Agent risk rollup by remediation. With this enhancement, risk can roll up by remediation, which enables our customers to look at and sort their vulnerabilities by remediation activities for the Windows Operating System. This feature creates better visibility of the risk based on the CVEs associated with the monthly Microsoft “Patch Tuesday” release.

March 2023 – ARCTIC WOLF PRODUCT UPDATES


Managed Security Awareness: Deutsch Phishing Simulation Option

Managed Security Awareness is designed to send a monthly phishing simulation with an immediate lesson if it is clicked on. This release gives Customer Admins the ability to choose a Deutsch phishing simulation (tied to a Deutsch follow-up lesson) instead of an English phishing simulation and follow-up lesson.

iVA Scan Configuration in Unified Portal

With iVA Scan Configuration in the Unified Portal, we have deployed user experience enhancements designed to promote better efficiency. Users now have all the necessary resources in one convenient hub, making it easier to work within the Portal.

February 2023 – Arctic Wolf Product Updates


Managed Security Awareness: Security Awareness Program Maturity Self-Assessment

This new feature, available in the Admin Portal, will give customer admins the ability to perform a self-assessment of their organization’s security awareness and training program’s overall security maturity. The results of this self-assessment will utilize an established framework to highlight key areas of focus for customer admins as well as identify key areas of their security awareness program maturity that will be supported with participation in the Managed Security Awareness program. The customer admin will receive the results of their self-assessment via email.

January 2023 – Arctic Wolf Product Updates


SentinelOne Response Actions - Host Containment

We are proud to introduce Host Containment through our integration with industry-leading Endpoint Detection and Response (EDR) provider SentinelOne. This new integration feature is in addition to the Host Containment already offered via the Arctic Wolf® Agent. Providing our customers with dynamic Response Actions like Host Containment through third-party integrations helps accelerate our threat detection and response capabilities and helps end cyber risk.

December 2022 - Arctic Wolf Portal Updates


Managed Risk - EVA Stop Scanning

Arctic Wolf will release the stop scanning for EVA (External Vulnerability Assessment), which will enable our customers to have scan operation controls by stopping their EVA scanning without reaching out to their Concierge Security Teams in the Risk Portal and in the Unified Portal.

This feature will be available on December 14th, 2022.

November 2022 - Arctic Wolf Portal Updates


Managed Detection and Response – Active Directory Deception

Arctic Wolf has released its first deception detections targeted at Active Directory (AD). This enables decoy users to trigger high fidelity alerts for investigation by the Triage Team. These events, combined with our existing integration with Active Directory, provide an additional method of rapidly detecting attacks. If you are interested in leveraging Active Directory Deception, please contact your Concierge Security Team (CST).

Managed Risk – Consolidated Scan Scheduling

With Consolidated Scan Scheduling, our users will be available to see all scan schedules (Agent, iVA, and eVA) in Arctic Wolf Unified Portal. This is one of the first features that we are deploying the enhanced version of the existing feature over to the Unified Portal. Therefore, we are so excited about this launch. This feature will automatically appear on the Unified Portal on November 23, 2022.

October 2022 - Arctic Wolf Portal Updates


Managed Detection and Response Portal Updates

New Integration: Cisco Secure Email

Business email compromise continues to be a popular entry point for bad actors looking to defraud a company, its employees, customers or partners. Together, Cisco Secure Email and Arctic Wolf provide an efficient approach to advanced threat detection and response for your business email environment.

This integration will be enabled on October 19th, 2022. To learn more about this integration, please reach out to your Customer Success Team or your Concierge Security Team.

CrowdStrike Integration Update – Host Containment

Arctic Wolf is dedicated to continuous innovation — in our products, our industry, and our integrations. With that in mind, we are proud to introduce Host Containment through targeted integrations for our MDR solution, beginning with industry-leading EDR provider CrowdStrike. This new integration is in addition to the Host Containment already offered via the Arctic Wolf® Agent. Providing our customers with dynamic Response Actions like Host Containment through third-party integrations helps accelerate our threat detection and response capabilities, and helps you end cyber risk for your organization.

This integration capability is now generally available as of October 19th, 2022. To learn more about this integration capability, please reach out to your CST.

Microsoft Azure Integration Update – Detection Enhancements

Arctic Wolf has recently enhanced detections for Microsoft Azure, adding two additional detections.

  • Public Access Configured for Event Hubs
  • Event Hub Created or Updated

These additional detections are active as of October 19th, 2022. There is no action required from customers utilizing the Azure integration to take advantage of these new detections. To learn more about detections for your Azure integration, please reach out to your Customer Success Team or your Concierge Security Team.

Agent Updates

What’s New:

  • Additional Linux Support - Added support for the following Linux Distributions:
    • Oracle 8.5/
    • Linux Mint 20.3
    • Debian 11.2
    • CentOS Stream 9
  • Windows Agent Security Enhancements - Validation of Arctic Wolf distributed agent executables.
  • Linux Agent Security Enhancements - Validation of Arctic Wolf distributed agent executables for Linux.
  • Supports Managed Risk on German hosts
  • Agent audit language support includes:
    • English (all platforms)
    • German (Windows)
  • The latest version contains bug fixes and performance improvements.
  • To support the above new features, Windows endpoints will have new processes and agent services, more details please see the following:

This feature will be enabled on October 31st, 2022 to which updates are adopted over the course of a week. This update occurs automatically across all agents without any action on your part. If you wish to defer this update, please contact your Concierge Security Team or your Customer Success Manager by October 24th, 2022, for an exception.

Managed Risk

German Language Support

Arctic Wolf Managed Risk enables you to discover, assess, and harden your environment against digital risks by contextualizing your attack surface coverage across your networks, endpoints, and cloud environments. With the recent developments in Arctic Wolf’s Agent, Arctic Wolf Managed Risk can now support German-speaking countries’ data ingestion.

This improvement provides a holistic product set by supporting the local language and enables our customers to have a complete dataset in Europe.

This feature will be enabled on October 31st, 2022.

July 2022 - Arctic Wolf Portal Updates



Managed Detection and Response Portal Updates

Google Cloud Platform (GCP) Integration Update

We are excited to announce that Arctic Wolf’s integration with Google Cloud Platform now supports Google Compute Engine (GCE) as a source of security telemetry.

This enhancement is available as of July 13, 2022. Please contact your Concierge Security Team (CST) to learn more about this update.

Managed Risk Portal Updates

Arctic Wolf continues to invest in its solutions and technologies. The recent enhancements are on the Internal Vulnerability Assessment (iVA) and Agent, which allows our customers to have scan operation controls by starting, rescanning, and stopping the iVA and Agent.

This feature will be enabled on July 20,2022.

If you have any questions regarding iVA and Agent scan operation controls, please reach out to your CST (Concierge Security Team) at Security@arcticwolf.com.

Incident Response for Cyber Emergencies

Through our acquisition of Tetra Defense, Arctic Wolf offers full-service Incident Response (IR) to customers that experience major cyberattacks. Contact your Customer Success Manager if you have questions about IR or our Zero Dollar IR Retainers. Contact your CST (Concierge Security Team) if you need immediate assistance with an active cyberattack at Security@arcticwolf.com.

February 2022 - Arctic Wolf Portal Updates



Arctic Wolf continues to invest in its solutions and technologies. The recent enhancement, Switcher, allows you to switch between portals without logging in to multiple interfaces.

Portal Screenshot

This feature will be enabled on February 9th, 2022.
 

Managed Detection and Response Portal Updates

Arctic Wolf Detection and Response - Palo Alto Networks Cortex Integration

Arctic Wolf is excited to announce our Managed Detection and Response solution now supports Palo Alto Networks Cortex EDR as a source of security telemetry. Leveraging Cortex's endpoint analysis, we correlate events sent by Cortex with other telemetry sources, including network, cloud, and users. The Arctic Wolf Concierge Security Team ensures customers only receive the true positives from their Cortex deployments, saving time, reducing alert fatigue, and ultimately preventing breaches.

This feature was released on January 19th, 2022.
 

Arctic Wolf Detection and Response for Linux

Linux is a vital part of production environments for organizations of all sizes. Ingesting data from this attack surface and correlating it with sources including endpoint, network, cloud, and user data is critical to reducing cyber risk. That’s why Arctic Wolf now offers support for Linux-based Detection and Response via the Arctic Wolf Agent. The Arctic Wolf Agent is a lightweight software installed on endpoints to collect actionable intelligence from customer environments. Our Concierge Security Teams use this intelligence to triage and investigate suspicious events originating from Linux endpoints. The Arctic Wolf Agent supports the following Linux Distributions:

  • Ubuntu — Version 16.04, 18.04, and 20.04
  • Red Hat — Version 7 or 8 
  • CentOS — Version 7 or 8
  • Amazon Linux — Version 2

This feature was released on January 25th, 2022.
 

Managed Security Awareness Updates

Arctic Wolf is excited to announce the release of localization with Managed Security Awareness. As new content is created and sent to participants ongoing from Managed Security Awareness, each participant will be able to select the languages of US English, UK English, or Deutsch. This content is all uniquely created using actors who speak the chosen native language and will feature subtitles in the language of choice, as well as use localized examples and references when applicable.

This feature was released on January 19th, 2022.

November 2021 - Managed Risk Portal Updates



Upcoming User Interface Changes

Arctic Wolf’s Managed Risk recent enhancement allows you to gain additional asset context of your risk prioritization efforts with asset criticality and asset tagging features.

Asset criticality is a standardized labeling system with clear definitions of importance. The criticality of assets is initially Unassigned. After collaborative effort with your concierge security team on assigning criticality (Critical, High, Medium, or Low), you can have a deeper asset context on your risk. 

Asset Tagging helps with asset classification and organization efforts. Asset tags can be used to pivot and review assets as well as their risks during your vulnerability management and hardening efforts.

You will be able to see “Tags” and “Asset Criticality” fields on the Asset Filters and Risk Filters sections on your Managed Risk portal. 

This feature will be enabled on December 6th, 2021.

October 2021 - Managed Portal Updates



Managed Detection and Response Portal Updates

The Arctic Wolf Managed Detection and Response offering continues to expand their integration ecosystem. Microsoft Cloud Application Security, Microsoft 365 Compliance Center, Proofpoint Targeted Attack Protection (TAP), Cisco Umbrella, Azure AD Identity Protection and Infoblox DDI integrations will be available on October 20th, 2021.

Managed Risk Portal Updates 

Upcoming User Interface Changes

Arctic Wolf’s Managed Risk recent enhancement allows you to gain a thorough understanding of your risk, enables you to easily find data that you are looking for, and increase user overall productivity.

1. The “Risk Score” field will have dedicated buttons by risk criticality, enabling you to have easy and better risk prioritization and mitigation.

a. 0.1 - 3.9 will be represented by Low button

b. 4.0 - 6.9 will be represented by Medium button

c. 7.0 - 8.9 will be represented by High button

d. 9.0 - 10.0 will be represented by Critical button

Risk Score Screenshot

2. The "Age”, “Days to Resolution” and “Resolution Date” fields will be added to Risk table. You will be able to exclude these fields from the risk table by simply clicking the checkmark on the “columns” section in your risk table.

Risk Columns Screenshot

3. The “First Detected”, “Age”, “Days to Resolution”, “Resolution Date” and “Extra” fields will be added to “Risks Export” CSV file.

4. The “First Detected”, “Resolution Date” and “Extra” fields will be added to “Remediation Export” CSV file.
 

All listed features will be enabled on October 20th, 2021.

September 2021 - Managed Risk Portal Updates



Keeping up with the latest vulnerabilities can be a real challenge. Being able to proactively respond to these threats is now easier with our vulnerability feed enhancement.

Vulnerability feed enhancement in Managed Risk provides you with better protection against current and impending threats. It lets you react to critical, high, and named vulnerabilities quickly by enriching their vulnerability context.

Vulnerability feed enhancement provides vulnerability tests for enterprise products. It gathers security messages from 40+ new sources and provides timely updates on the new vulnerabilities.

Expected behavior is coverage increase in vulnerability detection.

Upcoming User Interface Changes

The foundation of an effective cybersecurity strategy is an understanding of what constitutes your entire attack surface. Asset management enables organizations to know what assets they have and where they are located, ensuring that all assets are tracked so they can be secured properly.

Arctic Wolf’s Managed Risk asset page enhancements allow you to find and sort through risks in their asset context, increase productivity and improve overall usability.

This feature enables you to navigate better between the risk and the asset page.

1. The current version has donut graphs for Asset Categories, Asset Actions and Asset Health Categories. These graphs will be removed from the asset page.

2. Donut graphs will be replaced with a new Filtering section.

Adding a Filtering section will enable you to find and sort through risks in their asset context. With this enhancement, you will be able to filter by >Source, Deployment ID, Asset Category, Action and Discovery Date Range.

3. Another visual enhancement will be in the Asset Catalog Section.

a. Source field will have not only the icon of the source but also the name of the source under asset catalog.

b. Risk field will have color coding according to risk severity.

i.0.0 - 3.9 will be represented by Green

ii.4.0 - 6.9 will be represented by Orange

iii.7.0 - 10.0 will be represented by Red

c. You will be able to exclude the columns that you don’t want to see by clicking the checkmark on the columns section in your asset catalog.

d. You will be able to update asset categories for multiple assets at once with bulk update capability. 

These features will be enabled on September 21st, 2021.

August 2021 - Managed Risk Upcoming UI Changes



Upcoming User Interface Changes

Filtering is one of the most common and important foundational features in helping users identify and prioritize risk inside their environment. Being able to easily find and sort through vulnerabilities is critical in patching as quickly as possible to mitigate risk. 

Arctic Wolf’s Managed Risk filtering enhancement allows you to easily find data, increasing user productivity and overall usability.

1. “Resolved date range” field will be added to MR filtering, enabling you to see all risks which have been mitigated in the time period that they would like.

2. “State” field will be changed from checkboxes to multi-select dropdown, enabling you to select multiple states at the same time.

3. “Status” field will be changed from radio button to multi-select dropdown, enabling you to select multiple statuses at the same time.

4. “Risk” & “Mitigated Risk” tables will be merged into one table, enabling you to have easy and better risk prioritization and mitigation.

This feature will be enabled on August 17th, 2021.

Back to top