This means the members on that team can learn your world better than other MDR providers who may have people who are responsible for "all customers" depending on if they are on shift or not, or other MDR providers who may do higher ratios. Bottom line is, it doesn't give them more or better dataĭedicated Security Analyst - AW has Concierge Security Teams (CST) and they try to have any given CST only supporting 3-5 customers (this is what they told me at least). Does it actually make a difference in how good their MDR is versus others? No way to really know. Is them having an Agent a differentiation in MDR space? Yes, as I said, few people use it. Ultimately, AW decided they want an agent that gets all the data to them in a standardized way, since they support a bunch of EDR under their MDR platform. It does have network containment feature and does vulnerability scanning, If you have an EDR like CS/S1, you have all the same data the AW agent records, it's just going to CS/S1, although AW can hook into that data as well. AW's agent is hooked into the OS at very low level like other EDR products so that it can see everything going on at the system level, then send this data to AW's SIEM. Think of the agent like the way EDR software works but without the actual AV/EDR focus. ![]() I don't use Arctic Wolf but have spent some time in discussions and demos with them as I looked at MDR offerings (among other companies).Īgent - The agent is nothing special, they are just one of the few who installed their own dedicated agent (Rapid7 is another).
0 Comments
Leave a Reply. |