Data Security

Arctic Wolf Security Operations Cloud Reaches Massive Scale and a Global Footprint

-Arctic Wolf®, a leader in security operations, today announced the global expansion of its industry-leading cloud-native platform, the Arctic Wolf Security Operations Cloud, to provide customers and partners with unified visibility, protection, and automation, through a growing number of technical integrations. With the establishment of a European Security Operations Center (SOC) in Frankfurt, Germany, Arctic Wolf customers in any location, will have full flexibility in how their native security solution data is stored and accessed to aid in their compliance with local and international data governance regulations.

Built on an open XDR architecture, the Arctic Wolf Security Operations Cloud has scaled to ingest, parse, enrich, and analyze over 1.6 trillion security events and 1.3 petabytes of data each week from over one million licensed users at 2,000 global customers. By leveraging machine learning and artificial intelligence the Arctic Wolf Security Operations Cloud now processes events at an equivalent or greater rate than that of other market-defining cloud platforms. This momentum is driven by a strong uptick in demand for the technology in the enterprise market, demonstrated by Arctic Wolf’s 510% year-over-year large enterprise ARR growth in the first quarter of the fiscal year.

Unlike the rest of the industry that is just now starting to parse solutions to integrate data from multiple attack surfaces, Arctic Wolf’s platform was built from day one on a cloud-native architecture that seamlessly ingests data from endpoint, network, identity, and cloud sources to deliver automated threat detection and response at scale. This unification of an organization’s security data ensures only verified security incidents are escalated to customers, effectively eliminating alert fatigue, and ensuring internal security resources have the time needed to focus on hardening their overall security posture.

Powering Security Operations at a Global Scale

To further support Arctic Wolf’s ongoing global expansion, the company has leveraged the scalability and extensibility of the AWS public cloud infrastructure, providing new customers the ability to have their native security solution data hosted within the Arctic Wolf Security Operations Cloud in their choice of the United States, Germany, or Canada.

With five SOCs spread across North America and Europe, as well as a growing team of remote security analysts, organizations within Arctic Wolf’s global customer base can have confidence that the Arctic Wolf Concierge Delivery Model aligns with the needs of their compliance requirements on their security journey to end cyber risk.

Delivering Critical Outcomes Across the Entire Security Operations Framework

The massive growth in the power and scale of the Arctic Wolf Security Operations Cloud has been pushed by explosive market demand for security operations, which has resulted in the company doubling its sales for eight consecutive years and achieving a $4.3B valuation as part of a $150M Series F funding round in July.

In addition to the business expansion driving the momentum of its cloud-native platform, Arctic Wolf has also made aggressive investments in ecosystem integrations, resulting in the Arctic Wolf Security Operations Cloud adding support for dozens of new security data sources over the last year. Arctic Wolf’s universal and unlimited approach to data ingestion allows customers to gain visibility and control over historically disparate security solutions, while removing the need for security leaders to choose which data sources are important or cost-effective to monitor.

Supporting Quotes:

“While every other aspect of the modern technology stack has a category-defining platform —think Salesforce, ServiceNow, and Workday— no one in cybersecurity has managed to unify the market and produce a true platform that serves all security operations use cases for midsize and enterprise customers,The Arctic Wolf Security Operations Cloud delivers exactly that – the unified security operations experience that owns the outcome for the customer, and our new global footprint makes it easier than ever for organizations to have full control over where their native security solution data is stored.”

Nick Schneider, president and chief executive officer of Arctic Wolf

“Accelerated digital transformation and the shift to cloud-based solutions require organizations to rethink data protection strategies and upscale their data security infrastructures to meet the ever-evolving privacy and data compliance landscape,” said Duncan Brown, vice president, European Enterprise Research, IDC. “This trend is global in nature and in Europe, in particular, we are seeing a rapid movement to adopt cloud environments. The vendors who will lead the market in that change will need to demonstrate a proven track record in delivering a mature, global cloud model that meets data sovereignty requirements without compromising speed and scalability.”

With the Security Operations Cloud, Arctic Wolf is the first to deliver a cloud-based platform that gives organizations the protection, resilience, and guidance they need to defend against cyber threats, including Managed Detection and Response (MDR), Managed Risk, Cloud Security Posture Management (CSPM), and Managed Security Awareness —each delivered by the unique concierge delivery model.



About Arctic Wolf:
Arctic Wolf® is a global leader in security operations, delivering the first cloud-native security operations platform to end cyber risk. Powered by threat telemetry spanning endpoint, network, and cloud sources, the Arctic Wolf® Security Operations Cloud ingests and analyzes more than 1.6 trillion security events a week across the globe, enabling critical outcomes for most security use cases and optimizing customers’ disparate security solutions. Now deployed to more than 2,000 customers worldwide, the Arctic Wolf® Platform delivers automated threat detection and response at scale, and empowers organizations of any size to stand up world-class security operations with the push of a button.

Spotlight

Spotlight

Related News

Platform Security

OpenText Cybersecurity Nastiest Malware of 2023 Shows Ransomware-as-a-Service Now Primary Business Model

PR Newswire | October 26, 2023

OpenText (NASDAQ: OTEX), (TSX: OTEX), today announced the Nastiest Malware of 2023, an annual ranking of the year's biggest malware threats. For six consecutive years OpenText Cybersecurity threat intelligence experts have analyzed the threat landscape to determine the most notorious malware trends. Ransomware has been rapidly ascending the ranks, with ransomware-as-a-service (RaaS) now the weapon of choice for cybercriminals. This year four new ransomware gangs, believed to be the next generation of previous big players, topped the list. Newcomer Cl0p takes the prize for this year's nastiest malware after commanding exorbitant ransom demands with its MOVEit campaign. Cl0p's efforts helped skyrocket the average ransom payment which is rapidly approaching three quarters of a million dollars. Black Cat, Akira, Royal, Black Basta also made their debut, joined by the always present, Lockbit. A key finding this year is the RaaS business model is another win for the bad guys. Profit sharing and risk mitigation are top contributors to RaaS success along with the ability to easily evade authorities, said Muhi Majzoub, EVP and Chief Product Officer, OpenText. There is a silver lining as research shows only 29% of businesses pay ransom, an all-time low. These numbers indicate people are taking threats seriously and investing in security to be in a position where they do not need to pay ransom. This year's list highlights the tenacity of cybercriminals as they continue to reinvent themselves, coming back stronger each time (often with new names). Their scrappy mentality allows them to go beyond the norm to find new ways to invade their target. 2023 Nastiest Malware Cl0p, a RaaS platform, became famous following a series of cyberattacks, exploited a zero-day vulnerability in the MOVEit Transfer file software developed by Progress Software. MOVEit victims include such notable organizations as Shell, BBC, and the United States Department of Energy. Black Cat, recognized in our 2021 Nastiest Malware report, believed to be the successor to REvil ransomware group, has built their RaaS platform on the Rust programming language. They made headlines for taking down MGM Casino Resorts. Akira, presumed to be a descendant of Conti, primarily targets small to medium sized businesses due to the ease and turnaround time. Most notably, Akira ransomware targeted Cisco VPN products as an attack vector to breach corporate networks, steal, and eventually encrypt data. Royal, suspected heir to Ryuk, uses Whitehat penetration testing tools to move laterally in an environment to gain control of the entire network. Helping aid in deception is their unique partial encryption approach that allows the threat actor to choose a specific percentage of data in a file to encrypt. Lockbit 3.0, a main stain on the list and last year's winner, continues to wreak havoc. Now in its third epoch, Lockbit 3.0 is more modular and evasive than its predecessors. Black Basta is one of the most active RaaS threat actors and is also considered to be yet another descendant of the Conti ransomware group. They have gained a reputation for targeting all types of industries indiscriminately. To learn more about the findings of this year's Nastiest Malware analysis, visit the OpenText Cybersecurity Community, as well as tune in to our Nastiest Malware Webinar.

Read More

Software Security

IBM Announces New AI-Powered Threat Detection and Response Services

PR Newswire | October 06, 2023

IBM (NYSE: IBM) today unveiled the next evolution of its managed detection and response service offerings with new AI technologies, including the ability to automatically escalate or close up to 85% of alerts,1 helping to accelerate security response timelines for clients. The new Threat Detection and Response Services (TDR) provide 24x7 monitoring, investigation, and automated remediation of security alerts from all relevant technologies across client's hybrid cloud environments – including existing security tools and investments, as well as cloud, on-premise, and operational technologies (OT). The managed services are delivered by IBM Consulting's global team of security analysts via IBM's advanced security services platform, which applies multiple layers of AI and contextual threat intelligence from the company's vast global security network – helping automate away the noise while quickly escalating critical threats. Security teams today are not just outnumbered by attackers, but also by the number of vulnerabilities, alerts and security tools and systems they're tasked with managing on a day-to-day basis, said Chris McCurdy, General Manager, Worldwide IBM Consulting Cybersecurity Services. By combining advanced analytics and real-time threat intelligence with human expertise, IBM's new Threat Detection and Response Services can augment organization's security defenses with a capability that is scalable, continuously improving and strong enough for tomorrow's threats. Intelligently Adapting Threat Defenses The new TDR Services are underpinned by a set of AI-powered security technologies that support thousands of clients across the world, monitoring billions of potential security events per day. It leverages AI models that continuously learn from real-world client data, including security analyst responses, engineered to automatically close low priority and false positive alerts based on a client-defined confidence level. This capability also automatically escalates high risk alerts that require immediate action by security teams and provides investigation context. IBM's TDR Services are designed to provide: Crowdsourced detection rules, Optimized alerts. Leveraging real-time insights from IBM's threat management engagements, the new services use AI to continuously assess and auto-recommend the most effective detection rules – helping to improve alert quality, and speed response times. This capability helped reduce low-value SIEM alerts by 45% and auto escalate 79% more high-value alerts that required immediate attention2. Organizations can approve and update detection rules with just two clicks through its co-managed portal. MITRE ATT&CK assessment. To stay prepared for ransomware and wipe-out attacks, organizations will be able to see how their environment is covering MITRE ATT&CK framework tactics, techniques, and procedures as compared to their industry and geography peers. By applying AI, the new services are designed to reconcile the multiple detection tools and policies currently in place at an organization, providing an enterprise view into how to best detect threats and assess gaps to update within an ATT&CK framework. Seamless end-to-end integration. With its open API approach, the new services can quickly integrate with a client's enterprise-wide security assets, whether on premise or in the cloud. Organizations can continue to access their ecosystem while also having the option to connect and collaborate and define their own response playbooks through a co-managed portal. This provides a unified enterprise view, precise remediation capabilities, and consistently enforces security policies across IT & OT. 24x7 global support. Organizations will have access to more than 6,000 IBM Cybersecurity Services professionals across the globe 24/7 x 365 to help augment security programs. IBM Consulting Cybersecurity Services' vast global network serves more than 3,000 clients around the world – managing more than 2 million endpoints and 150 billion security events per day. "Security leaders today are trying to escape the vicious cycle of staff shortages, increased threats, and rising demands from the C-Suite to mature their cyber program without breaking the bank. For many organizations the old playbook of swapping out their tools for a vendor's preferred platform does not work, as they cannot afford to write off prior SOC investments," said Craig Robinson, IDC Research VP of Security Services. "A service like IBM's Threat Detection and Response offering can provide an off-ramp to these concerns, without requiring a full rip-and-replace of their prior security investments and help shift their human capital in the SOC to more of a proactive mode." To support continuous improvement for security operations capabilities, IBM's TDR Services, which are now available, include access to IBM's X- Force Incident Response Services along with the option to include additional proactive security services from IBM X-Force, such as penetration testing, adversary simulation or vulnerability management. X-Force will also provide guidance to help clients improve their security operations over time, based on the current threat landscape, clients' evolving IT environment, and insights gleaned from engagements with thousands of IBM Cybersecurity Services clients around the world.

Read More

Network Threat Detection

Kyndryl Announces Strategic Global Alliance with Palo Alto Networks to Provide Industry Leading Network and Cybersecurity Services

PR Newswire | October 04, 2023

Kyndryl (NYSE: KD), the world's largest IT infrastructure services provider, today announced a strategic global alliance with Palo Alto Networks to provide end-to-end network and cybersecurity services, including the launch of a new service offering, powered by Prisma SD-WAN for enterprises and Industry 4.0 customers. The alliance brings together Palo Alto Networks industry-leading platform security capabilities with Kyndryl's advanced network security services expertise to design, build, manage, and modernize mission-critical networking for customers across industries. The companies are joining forces to capitalize on emerging opportunities in the SD-WAN infrastructure market that IDC estimates will grow at a compound annual growth rate of 10.1% through 2027. As the demands of enterprise mobility accelerate, enterprises are looking for greater operational agility to support their digital transformation. Businesses need to support the growing number of devices used to access the corporate network and cloud-based applications, while also meeting evolving security and compliance requirements. Kyndryl and Palo Alto Networks are partnering to help businesses deliver consistent security and an enhanced user experience for customers everywhere, and across industries such as services, manufacturing, energy, healthcare, and retail. Kyndryl's new SD-WAN offering, powered by Prisma SD-WAN, will enable customers to transform and modernize their networks and meet the growing bandwidth demands of the proliferation of devices and cloud traffic. The new approach to network connectivity will provide a single pane of glass management to their networks, and simplifies deployment to branch-offices and edge services. By helping customers transition into a flexible and scalable network, Kyndryl will be able to help enterprises build a roadmap and incorporate new security paradigms such as SASE with Kyndryl Consulting services. At Kyndryl, we are at the forefront of helping enterprises with their network transformation to meet the growing trends of remote work, multi-devices usage, and cloud and data access. As organizations move away from traditional hardware-centric models to OPEX consumption models, the need for agile, highly secure and reliable networks is imperative, said Stephen Leonard, SVP of Global Strategic Alliances, Kyndryl. We are delighted to partner with Palo Alto Networks to provide robust and versatile network security services that will provide many benefits to our customers. "Together with Kyndryl, we are enabling enterprises to digitally transform confidently and innovate securely, while reaping the benefits of consolidating disparate security solutions into an integrated, best of breed platform," said Prem Iyer, SVP of Global Ecosystems for Palo Alto Networks. "We are committed to helping our joint customers achieve better security outcomes while protecting the modern connected organization from increasingly sophisticated attacks." The global partnership between Kyndryl and Palo Alto Networks builds on the companies' established collaboration around security services and solutions. In July Kyndryl launched its new Security Operations as a platform (SOaap) solution leveraging Palo Alto Networks Cortex technology to drive operational savings and time-to-value through automation and orchestration. Earlier this year, Kyndryl and Palo Alto Networks, together with Nokia, established an innovation lab in support of joint enterprise customers. By the end of the year, customers will be able to view innovative industrial edge use cases running on cloud, 4.9G/LTE and 5G private wireless connectivity. This will include remote manufacturing process control and real-time analytics on factory production sites, provisioning and management of mobile devices to improve the employee and frontline worker experience for onboarding and communication, and IT and OT security integration for worker safety and operational efficiencies. Kyndryl's industrial edge platform will be integrated with a multi-factor zero trust model built on Palo Alto Networks next-generation firewalls, run on Nokia's MXIE Industrial edge as part of Nokia Digital Automation Cloud (DAC)'s solutions, and with end-to-end managed services provided by Kyndryl. About Kyndryl Kyndryl (NYSE: KD) is the world's largest IT infrastructure services provider, serving thousands of enterprise customers in more than 60 countries. The company designs, builds, manages and modernizes the complex, mission-critical information systems that the world depends on every day. For more information, visit www.kyndryl.com.

Read More