The most effective security operations aren’t built by buying more tools. They’re built by making the tools you already have work better together.
We hear from our customers that their security teams need to extract maximum value from their technology while operating more efficiently than ever. This quarter, Arctic Wolf doubled down on three areas to support these efforts: smarter integrations, clearer visibility, and faster response.
We expanded our ecosystem with key partners across email, identity, and network infrastructure so you can extend coverage using what you already have. We improved alert and case clarity, so you can make decisions faster with better context. And we unified more workflows into a single portal experience, from endpoint management to incident readiness, so you can spend less time switching tabs and more time securing your environment.
But, before we dive into the latest updates, innovations, and integrations for our products and solutions, here’s a look at what’s new in the Arctic Wolf Aurora® Platform — the technology that makes it all possible.
The Aurora® Platform
Arctic Wolf’s Aurora Platform continues to demonstrate unmatched scale and precision to protect and defend our growing community of more than 10,000 customers globally. Between August and October 2025 alone, the Aurora Platform ingested over 116 trillion raw data points, transforming them into more than 20 trillion analyzed observations to uncover emerging threats with remarkable accuracy. From this telemetry, the Aurora Platform identified 784 billion security events — surfacing the signals that matter while filtering out the noise. This level of visibility and analytical depth underscores why organizations trust the Arctic Wolf Aurora Platform to strengthen their security posture every single day.
Security Operations Platform Metrics from Aug. – Oct. 2025
New Enhancements and Integrations
MDR Integration with Abnormal Security
Arctic Wolf’s Abnormal Security integration enhances our customer’s MDR visibility and response by bringing advanced behavioral AI detections from cloud email environments directly into the Aurora Platform. By ingesting telemetry that identifies business email compromise, phishing, malware, and insider account threats across Microsoft 365 and Google Workspace, customers gain faster, more granular detection-to-response workflows.
Combined with Active Response and guided remediation from the Arctic Wolf Concierge Security Team, customers gain unified insight into one of their most targeted attack surfaces — email — and can contain threats through coordinated response actions like deleting malicious messages. This results in tighter defense across user identity and communication channels, reduced dwell time for socially engineered attacks, and greater confidence that email-borne threats are stopped before they impact the business. Learn more about Arctic Wolf’s Abnormal Security integration through our solution brief with Abnormal AI.
Configuration of a new active response integration with Abnormal.
MDR Alert Enhancements
Arctic Wolf continues to innovate stronger case management capabilities to help customers move faster and with more clarity. Our Enhanced Security Alerts offer more streamlined tickets that tell you exactly what’s happening and why it matters — complete with clearer summaries, MITRE ATT&CK insights, and a no‑nonsense breakdown of how we spotted the threat.
Then, Investigation Context takes your visibility to the next level, surfacing the deeper intel (think automatic cross‑ticket correlations and process tree insights). The result? Faster decision making, fewer follow‑ups, and a more transparent MDR experience. This is security clarity, supercharged. See a demo of MDR and these enhancements:
Managed Risk ITSM Integration
Arctic Wolf is excited to introduce new ITSM integration for Managed Risk within the Unified Portal, giving organizations a faster and more seamless way to remediate vulnerabilities. As shown in this demo, enterprise customers can now automatically create ServiceNow or ConnectWise tickets directly from the Unified Portal, eliminating the need to manually fill out tickets.
This automation accelerates patching and remediation timelines while improving the accuracy and consistency of vulnerability response. The integration also enhances visibility by displaying ITSM ticket numbers in the Risks table and preventing duplicate ticket creation.
Together, these ITSM capabilities streamline risk-to-remediation workflows and help organizations respond to threats more efficiently.
Additional Integrations
As a vendor-agnostic platform, Arctic Wolf is always working behind the scenes with technology partners to extend and improve our integration capabilities. In addition to Abnormal, we have a number of additional developments this quarter.
A look at additional integrations to the Arctic Wolf platform
In terms of log ingestion, we updated our Ubiquiti UniFi integration to extend our MDR attack surface coverage within the networking layer and deliver enhanced detections of anomalous behavior and movements.
Similarly, we have developed a new integration with FortiEDR™. This enables the Arctic Wolf teams to reduce alert fatigue, respond faster, and initiate response actions through FortiEDR, including endpoint isolation when applicable.
In the world of network telemetry, we now ingest firewall, IPS and threat-prevention events from Checkpoint Quantum Security Gateways, allowing us to detect malicious traffic and correlate activity across the rest of the attack surface. We also updated our integration with pfSense for network edge and secure cloud networking.
In the identity space, we also introduced an MDR ingestion integration with PingOne Identity Cloud. This gives us expanded visibility in the identity attack surface and supports guided remediation around compromised identities, forced logouts, password resets, and MFA handling. Also, Arctic Wolf now integrates with CyberArk Privilege Cloud to strengthen detection and response for privileged access misuse. By ingesting audit events from CyberArk’s Privileged Access Manager, MDR can correlate high-risk admin behavior with activity across the environment, helping security teams quickly identify unauthorized elevation, credential abuse, and insider threats. In addition, we also integrate with the CyberArk Identity Security Platform to gain enhanced visibility and detection around workforce access.
Security Operations Updates and Upgrades
Additional Developments with Managed Detection and Response (MDR)
Beyond technology integrations and alert enhancements, we have made other improvements around the delivery of our MDR product. Within the Unified Portal, customers will now have access to case timelines — a chronological view of the work our Triage Team completes behind the scenes for investigations that did not result in a ticket.
Additionally, we’ve increased flexibility and control for how customers manage the upgrades to sensors, scanners, and log collectors. Directly from the Unified Portal, customers can now schedule their important upgrades and reduce downtime.
Updates to Managed Risk in the Unified Portal
In addition to the ITSM integrations now available with Managed Risk, we’ve also made numerous improvements to streamline the workflow, from identifying a risk all the way through to remediation.
Customers now have the ability to group risks by solution or patch. This capability helps determine the actions that will resolve the most vulnerabilities, and which actions will result in the most positive impact on an organization’s risk score.
We also added the ability to run targeted rescans on selected assets or risks to validate remediation efforts, as well as the ability to create, save, and manage filters to allow customers to build the workflows that meet their business needs.
Last of all, we added two new widgets to the Risk Exposure Overview dashboard. One gives you quick access to view impacted assets as they relate to recent security bulletins, helping you quickly manage Patch Tuesday releases or more specific critical vulnerabilities in your environment. The second new widget visualizes risks by severity and asset category (desktops, servers, etc.).
A look at top vulnerabilities, exploitable vulnerabilities, latest bulletins, and top risks by asset category.
Enhancing the Unified Portal Experience for Aurora Endpoint Security Customers
Over the past quarter, the Arctic Wolf team has enhanced the capabilities of the Unified Portal for Aurora Endpoint Security customers, enabling them to submit, manage, and review historical technical support cases directly through Unified Portal. Customers can also download Aurora Endpoint Security software, stay informed about threat events with Security Bulletins, and map their security posture with the Cyber Resilience Assessment. Most recently, we’ve added the ability to manage endpoint security tenants. See our documentation for more details.
The Unifed Portal viewing threat intelligence downloads and Aurora Endpoint software downloads.
We’re providing a seamless Arctic Wolf experience for our Aurora Endpoint Security customers and, by adding tenant management to the Unified Portal, we are one step closer to providing the same capabilities that customers would have formerly accessed via MyAccount.
Beyond Unified Portal updates, administrators of our managed endpoint solution can now directly download monthly and quarterly reports directly from the Aurora Endpoint Defense console.
New Functionality within Managed Security Awareness
Customers now have the option to customize the phishing simulations that their employees receive. Those messages can be created from a blank slate or by editing one of the existing Arctic Wolf simulations as shown in this demo. This gives customers a chance to focus on specific applications, user groups, or individuals with an approach that matches their daily workflows or interests.
Expansion of the Arctic Wolf Retainer and Warranty Programs
The Arctic Wolf® Incident360 Retainer provides fill-service coverage for one incident along with readiness tools to help organizations plan and prepare for incidents while minimizing impact. That end-to-end coverage is now available to customers in Japan.
Arctic Wolf Incident 360 Retainer customers can now access their IR Planner directly from the Unified Portal. This provides a consistent style and approach for those accustomed to working in that interface, as you can see in this demo.
Also, the Arctic Wolf Security Operations Warranty is now available for South African customers and prospects.
Thank you for your interest in Arctic Wolf. For a deeper look at these releases, along with some additional context and visuals, please view this on-demand webinar.
To stay informed of upcoming releases and updates, please subscribe to our newsletter through our online Resource Center. Customers can also stay informed via the Customer Community, while partners have access to the Partner Portal.
If you have questions regarding a specific product or service, or simply want to learn more, please contact Arctic Wolf to request a demo.
