Arctic Wolf offers SIEM in cloud

Engineers sort through security events to flag the incidents that need investigation

Arctic Wolf Networks is trying to address the problem many security techs have of receiving too many false-positive incident alerts to respond to effectively.

The company is offering a security service made up of its home-grown SIEM in the cloud backed by security engineers who filter out the security-event noise and trigger alerts only when they come across incidents actually worth investigating further.

The company is four years old but just last year started serving up its service – AWN Cyber-SOC - that quickly analyzes security data from a range of other security devices.

brian nesmith

Brian NeSmith

The SIEM is backed by a staff of about 20 security engineers who keep an eye on the anomalies identified by the platform and sort out those that are security events worthy of on-site investigation by customers’ own security techs, says said Brian NeSmith, Arctic Wolf co-founder and CEO.

He says each customer is assigned to a particular engineer, so that person will develop an understanding over time of that customer’s unique challenges. The engineers also recommend tweaks to other security devices such as antivirus and firewalls in order to tighten up defenses.

The goal is to reduce false positives. “They claim zero false positives because of the human analyst attention prior to alerting the customers,” says David Monahan, an analyst with Enterprise Management Associates. “Since people make mistakes, let’s say 99% of false positives are isolated and removed before being passed on to the customer as an alert.”

NeSmith says the AWN Cyber-SOC service typically flags as few as one incident every few weeks from among thousands of detected events, drastically reducing the number of events to follow up with. AWB Cyber-SOC can take in feeds from customers’ existing security gear and sort through them as well with the same goal in mind.

The company is trying to make the service more attractive by requiring just month-to-month commitments from customers and charging no installation fee. Cost is a big factor in making the service attractive, Monahan says. The price is $3 to $7 per employee per month for the service, the company says, which might be attractive to mid-size companies that don’t have the resources to provide the same coverage in-house.

Rolled up into the monthly fee is threat intelligence analysis, vulnerability assessment, and security architecture and design services, says Monahan, as well as incident response services. “The scope of the engagement here is undoubtedly less than you would get from a FireEye Mandiant team but you also aren’t paying anything near that level of cost,” Monahan says.

The company claims customers can be up and running in less than an hour, and that’s “unheard of,” Monahan says, but the reason is it can offer the month-by-month contracts. He says on-site SIEMs take months to get configured and working, and require a lot of tuning in order to function properly.

AWN Cyber-Soc is a SIEM the company built itself and it’s hosted in the Amazon Web Services cloud.

Customers install a sensor appliance on the network exit point that collects HTTP and DNS. The device includes an IDS.

The company runs its security operations center in Waterloo, Canada, because it’s home to the University of Waterloo, where qualified tech graduates provide a reliable pool of prospective employees.

Before starting Arctic Wolf, NeSmith was CEO of enterprise security firm Blue Coat that had Fortune 500 clients. He says he recognized the need for similar protection for smaller companies that lack the budget to provide comprehensive security on their own.

Arctic Wolf has $27.5 million in venture funding, and claims more than 100 customers.

Join the CSO newsletter!

Error: Please check your email address.

More about Amazon Web ServicesAWBCustomersEnterprise Management AssociatesFireEye

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place