Solutions – MDR – FAQ FAQ MANAGED DETECTION AND RESPONSE GENERAL What is Managed Detection and Response? Arctic Wolf Managed Detection and Response solution is delivered by the Arctic Wolf Concierge Security Team, built on the foundation of the industry’s only cloud native platform to deliver security operations as a concierge service. It provides 24×7 monitoring of your networks, endpoints, and cloud environments, along with a managed approach to detection, response, and recovery from modern cyber threats through managed triage and concierge services—guiding you along every step of your security journey. How is pricing determined? Arctic Wolf MDR takes a more predictable and understandable approach to providing you with security operations coverage. Unlike alternatives that charge based on event or log volume or license capabilities separately, foundational technologies such as endpoint agents, unlimited log retention and search, and external network scanning are included as part of the core MDR offering. The MDR approach is to provide coverage across your attack surface based on number of users, servers, and internet egress points —providing coverage that grows along with you as your organization grows. What do I need to install to get started? Security operations experts from your Concierge Security Team (CST) are paired with you to get you up and running quickly with the Arctic Wolf MDR service. Your CST works with you to learn your network topology, configure and deploy Arctic Wolf Sensors, Arctic Wolf Agents, and cloud connectors to monitor your cloud environment. Your CST also works with you to configure your external scans, alert thresholds, country whitelisting, and more to customize the service directly to your environment. DETECT What log sources can Arctic Wolf monitor? Arctic Wolf works with your existing IT and security infrastructure to monitor information from a growing number of available log sources across: Active Directory, Authentication, Endpoint, Firewalls, IDS/IPS, Mail Servers, SaaS/IaaS, SSL-VPN, UTM, WAP, Web Gateways, and more. Can I customize what Arctic Wolf monitors? Yes. Your security operations expert from the Concierge Security Team works directly with you to create custom rules unique to your environment, in addition to the included out-of-the-box detection capabilities. Alerts can be tuned based on threshold, criticality, and several other factors with your CST based on the unique needs of your organization. Can Arctic Wolf monitor cloud apps/infrastructure? Yes. The Arctic Wolf Cloud Monitoring solution works with Managed Detection and Response to collect telemetry and other insights from your SaaS applications such as Office 365 and IaaS cloud environments such as AWS and Azure. Is 24x7 Concierge Security standard with all Managed Detection and Response deployments? Yes. Security operations experts from the Concierge Security Team are paired with you to provide around-the-clock coverage so you can rest easy knowing Arctic Wolf has your back. RESPOND What happens when Arctic Wolf finds suspicious activity in my log data? When suspicious activity is observed by Arctic Wolf, an incident is automatically created by the Concierge Security Team (CST) to investigate further. Important details about the incident are included, such as the site(s) and system(s) affected, a description about the activity, when it was detected, etc. Resolution information about why this incident was created and how to remediate is also included and managed by the CST until the incident is closed. Can I customize how events are triaged? The Concierge Security Team (CST) works with you to tailor the Managed Detection and Response solution to the specific needs of your organization. They provide support at the initial deployment phase, as well as strategic guidance on creating new rules, adjusting existing configurations, alert thresholds and how incidents are triaged. How does Arctic Wolf minimize false positives? The Arctic Wolf Platform collects, enriches, and analyzes data from a broad array of sources across your networks, endpoints, and cloud environments. Leveraging several detection engines, various sources of threat intelligence, and machine learning, this broad dataset is further analyzed to identify suspicious activity to raise incidents that are further investigated by your security operations expert to eliminate false positives. Can Arctic Wolf help me contain threats? Yes. When a critical incident is discovered, your security operations expert from the Concierge Security Team works with you to initiate the Managed Containment workflow. This capability is designed to stop the spread of threats across your environment by isolating the threat at the network and host-level. RECOVER How does Arctic Wolf proactively mitigate security incidents? Due to significant alert fatigue produced by the multitude of security products, IT teams often find themselves stuck in a reactive state of responding to threats with no time to be strategic. The Concierge Security Team (CST) is your single point of contact for your Arctic Wolf Managed Detection and Response solution and serves as your trusted security operations expert, helping you to proactively mitigate security incidents through: 24×7 monitoring Alert triage and prioritization Custom protection rules Guided remediation Detailed reporting and audit support Ongoing strategic security reviews How does my Concierge Security team help if an issue is found? When an issue is found, personalized workflows trigger investigations that your security operations expert further analyzes to assess the severity of the threat. Tickets are created for critical events and the end-to-end workflow from detection to response is managed by your Concierge Security Team (CST). Not only does the CST work directly with you on detection and response, they provide remediation and validation that the threat has been neutralized and hasn’t returned.