Solutions – MDR – FAQ

FAQ

MANAGED DETECTION AND RESPONSE
GENERAL

What is Managed Detection and Response?

Arctic Wolf Managed Detection and Response solution is delivered by the Arctic Wolf Concierge Security Team, built on the foundation of the industry’s only cloud native platform to deliver security operations as a concierge service. It provides 24×7 monitoring of your networks, endpoints, and cloud environments, along with a managed approach to detection, response, and recovery from modern cyber threats through managed triage and concierge services – guiding you along every step of your security journey.

How is pricing determined?

Arctic Wolf MDR takes a more predictable and understandable approach to providing you with security operations coverage. Unlike alternatives that charge based on event or log volume or license capabilities separately, foundational technologies such as endpoint agents, unlimited log retention and search and external network scanning are included as part of the core MDR offering. The MDR approach is to provide coverage across your attack surface based on number of users, servers, and internet egress points – providing coverage that grows along with you as your organisation grows.

What do I need to install to get started?

Security operations experts from your Concierge Security Team (CST) are paired with you to get you up and running quickly with the Arctic Wolf MDR service. Your CST works with you to learn your network topology, configure and deploy Arctic Wolf Sensors, Arctic Wolf Agents, and cloud connectors to monitor your cloud environment. Your CST also works with you to configure your external scans, alert thresholds, country allowlisting, and more to customise the service directly to your environment.

DETECT

What log sources can Arctic Wolf monitor?

Arctic Wolf works with your existing IT and security infrastructure to monitor information from a growing number of available log sources across: Active Directory, Authentication, Endpoint, Firewalls, IDS/IPS, Mail Servers, SaaS/IaaS, SSL-VPN, UTM, WAP, Web Gateways, and more.

Can I customise what Arctic Wolf monitors?

Yes. Your security operations expert from the Concierge Security Team works directly with you to tailor your service to your specific needs, in addition to the included out-of-the-box detection capabilities. Alerts can be tuned based on threshold, criticality, and several other factors with your CST based on the unique needs of your organisation.

Can Arctic Wolf monitor cloud apps/infrastructure?

Yes. The Arctic Wolf Cloud Monitoring solution works with Managed Detection and Response to collect telemetry and other insights from your SaaS applications such as Office 365 and IaaS cloud environments such as AWS and Azure.

Is 24x7 Concierge Security standard with all Managed Detection and Response deployments?

Yes. Security operations experts from the Concierge Security Team are paired with you to provide around-the-clock coverage so that you can rest easy knowing Arctic Wolf has your back.
RESPOND

What happens when Arctic Wolf finds suspicious activity in my log data?

When suspicious activity is observed by Arctic Wolf, an incident is automatically created by the Arctic Wolf team to investigate further. Important details about the incident are included, such as the site(s) and system(s) affected, a description about the activity, when it was detected, etc. Resolution information about why this incident was created and how to remediate is also included and managed by the CST until the incident is closed.

Can I customise how events are triaged?

The Concierge Security Team (CST) works with you to tailor the Managed Detection and Response solution to the specific needs of your organisation. They provide support at the initial deployment phase, as well as strategic guidance on tailoring rules, adjusting existing configurations, alert thresholds and how incidents are triaged.

How does Arctic Wolf minimise false positives?

The Arctic Wolf Platform collects, enriches, and analyses data from a broad array of sources across your networks, endpoints, and cloud environments. Leveraging several detection engines, various sources of threat intelligence, and machine learning, this broad dataset is further analysed to identify suspicious activity to raise incidents that are further investigated by your security operations expert to eliminate false positives.

Can Arctic Wolf help me contain threats?

Yes. When a critical incident is discovered, your security operations expert from the Concierge Security Team works with you to initiate the Managed Containment workflow. This capability is designed to stop the spread of threats across your environment by isolating the threat at the network and host-level.
RECOVER

How does Arctic Wolf proactively mitigate security incidents?

Due to significant alert fatigue produced by the multitude of security products, IT teams often find themselves stuck in a reactive state of responding to threats with no time to be strategic. The Concierge Security Team (CST) is your single point of contact for your Arctic Wolf Managed Detection and Response solution and serves as your trusted security operations expert, helping you to proactively mitigate security incidents through:

  • 24×7 monitoring
  • Alert triage and prioritisation
  • Custom protection rules
  • Guided remediation
  • Detailed reporting and audit support
  • Ongoing strategic security reviews

How does my Concierge Security team help if an issue is found?

When an issue is found, personalised workflows trigger investigations that your security operations expert further analyses to assess the severity of the threat. Tickets are created for critical events and the end-to-end workflow from detection to response is managed by your Concierge Security Team (CST). Not only does the CST work directly with you on detection and response, they provide remediation and validation that the threat has been neutralised and hasn’t returned.