Arctic Wolf offers SIEM in cloud

17.02.2016
Arctic Wolf Networks is trying to address the problem many security techs have of receiving too many false-positive incident alerts to respond to effectively.

The company is offering a security service made up of its home-grown SIEM in the cloud backed by security engineers who filter out the security-event noise and trigger alerts only when they come across incidents actually worth investigating further.

The company is four years old but just last year started serving up its service – AWN Cyber-SOC - that quickly analyzes security data from a range of other security devices.

The SIEM is backed by a staff of about 20 security engineers who keep an eye on the anomalies identified by the platform and sort out those that are security events worthy of on-site investigation by customers’ own security techs, says said Brian NeSmith, Arctic Wolf co-founder and CEO.

He says each customer is assigned to a particular engineer, so that person will develop an understanding over time of that customer’s unique challenges. The engineers also recommend tweaks to other security devices such as antivirus and firewalls in order to tighten up defenses.

The goal is to reduce false positives. “They claim zero false positives because of the human analyst attention prior to alerting the customers,” says David Monahan, an analyst with Enterprise Management Associates. “Since people make mistakes, let’s say 99% of false positives are isolated and removed before being passed on to the customer as an alert.”

NeSmith says the AWN Cyber-SOC service typically flags as few as one incident every few weeks from among thousands of detected events, drastically reducing the number of events to follow up with. AWB Cyber-SOC can take in feeds from customers’ existing security gear and sort through them as well with the same goal in mind.

The company is trying to make the service more attractive by requiring just month-to-month commitments from customers and charging no installation fee. Cost is a big factor in making the service attractive, Monahan says. The price is $3 to $7 per employee per month for the service, the company says, which might be attractive to mid-size companies that don’t have the resources to provide the same coverage in-house.

Rolled up into the monthly fee is threat intelligence analysis, vulnerability assessment, and security architecture and design services, says Monahan, as well as incident response services. “The scope of the engagement here is undoubtedly less than you would get from a FireEye Mandiant team but you also aren’t paying anything near that level of cost,” Monahan says.

The company claims customers can be up and running in less than an hour, and that’s “unheard of,” Monahan says, but the reason is it can offer the month-by-month contracts. He says on-site SIEMs take months to get configured and working, and require a lot of tuning in order to function properly.

AWN Cyber-Soc is a SIEM the company built itself and it’s hosted in the Amazon Web Services cloud.

Customers install a sensor appliance on the network exit point that collects HTTP and DNS. The device includes an IDS.

The company runs its security operations center in Waterloo, Canada, because it’s home to the University of Waterloo, where qualified tech graduates provide a reliable pool of prospective employees.

Before starting Arctic Wolf, NeSmith was CEO of enterprise security firm Blue Coat that had Fortune 500 clients. He says he recognized the need for similar protection for smaller companies that lack the budget to provide comprehensive security on their own.

Arctic Wolf has $27.5 million in venture funding, and claims more than 100 customers.

(www.networkworld.com)

Tim Greene