Arctic Wolf enhances platform with identity threat detection
Global cybersecurity firm Arctic Wolf has introduced identity threat detection and response (ITDR) to its security operations platform. The addition aims to bolster defences against evolving cyber threats, particularly those targeting identity infrastructure through account compromise tactics.
Hackers are increasingly focusing on identity infrastructure using methods such as credential stuffing and business email compromise (BEC). In response, Arctic Wolf has integrated ITDR with Microsoft Defender for Identity and Okta. This integration is designed to enable businesses to detect and mitigate identity threats rapidly, thereby enhancing the protection of user identities and reducing attack surfaces.
Dan Schiappa, Chief Product and Service Officer at Arctic Wolf, commented on the new capabilities: "As adversaries increase the use of identity-based attacks, the ability to integrate robust ITDR capabilities into security operations is critical in building business resilience, as containment and mitigation extend beyond the endpoint alone." He emphasised that effective cybersecurity should focus on rapid threat detection and remediation to minimise impact, which the new ITDR capabilities aim to achieve.
According to Arctic Wolf, 39% of incidents investigated by its Incident Response team in 2023 were initiated via external remote access using compromised credentials. This statistic underscores the urgency of incorporating ITDR functionalities as a core component of security operations. Gartner Research supports this viewpoint, stating, "Identity threat detection and response (ITDR) is emerging as a security operations centre (SOC) function focus while IAM teams grapple with new tools to address enhancing detection of identity misuse."
The Arctic Wolf Platform updates incorporate several new features to enhance security and streamline response mechanisms. One of the key additions is Active Response for Identity, which enables immediate action against threats to the identity infrastructure. This capability allows the system to quickly disable compromised user accounts and revoke access to sensitive information or systems, significantly reducing organisational risk.
Another important update is the Microsoft Defender for Identity Integration, which aims to protect user identities and minimise attack surfaces by increasing visibility into identity infrastructure. This integration enhances detection capabilities, allowing for the early identification of identity-based attacks, such as Business Email Compromise (BEC), thereby strengthening overall security posture.
The platform also includes the improved Okta Impossible Travel Detection feature. This updated Okta integration enhances coverage across attack surfaces by utilising indicators of compromise (IOC) based on velocity alerts from Okta. This functionality significantly improves the detection of compromised accounts, offering better protection against sophisticated cyber threats.
Arctic Wolf highlights that its platform ingests, parses, enriches, and analyses more than 5.5 trillion security events per week from over 5,700 customers worldwide. Through numerous security and technology integrations available to customers, the Arctic Wolf Security Operations Cloud aims to deliver automated threat protection, response, and remediation capabilities.
In 2023, Arctic Wolf was named the fastest-growing vendor by revenue, according to Gartner's Market Share report on Security Services. The company has also been recognised by several industry accolades, including being named to the Forbes Cloud 100 and the CNBC Disruptor 50 lists. Additionally, Arctic Wolf was acknowledged as a Leader in the 2024 IDC MarketScape for Worldwide Managed Detection and Response Services.
The introduction of ITDR capabilities to Arctic Wolf's security operations platform aims to provide businesses with the tools necessary to fortify their cyber defences. As cyber threats continue to evolve, the ability to rapidly detect and respond to identity-based attacks becomes increasingly crucial for maintaining organisational security and resilience.