Arctic Wolf Incident Response

This guide provides an overview of the Arctic Wolf® Incident Response (IR) Retainer and IR JumpStart Retainer services and how to contact Arctic Wolf when your organization experiences a cybersecurity incident.

Arctic Wolf IR services enable organizations to quickly respond and recover from cyberattacks. During a cyberattack, a dedicated team of cybersecurity incident response experts work with your organization to:

• Eliminate threat actor access to the network environment.
• Analyze the cause and extent of the cyberattack.
• Restore the business to normal pre-incident operations.

The IR Retainer is available to eligible Arctic Wolf customers who have enrolled in this service and who meet all of the following criteria:

• New customers who have purchased the Managed Detection and Response (MDR) service with at least one year of Log Retention.
• MDR customers who are based in the United States or Canada.

Like the IR Retainer, the IR JumpStart Retainer also guarantees access to cybersecurity incident response experts during a cyberattack. However, the IR JumpStart Retainer provides additional benefits:

• The IR JumpStart Retainer SLA includes a faster incident response time. Arctic Wolf responds within one hour of receiving a cybersecurity incident report.
• Your organization pays discounted hourly and flat rates during a cyberattack.
• You have access to an IR plan builder, the JumpStart IR Planner, to enable an accelerated response timeline.
• Arctic Wolf reviews your IR plan to identify gaps.

Contact Arctic Wolf during a cybersecurity incident

• If you experience a cybersecurity incident and have an IR Retainer, call Arctic Wolf's Security Services at 1-888-272-8429 and dial 2.

  Tip: If you are an IR JumpStart Retainer customer, you can also click Contact in the navigation menu of the Cyber JumpStart Portal and submit details of the cybersecurity incident.

How Arctic Wolf responds to a cybersecurity incident report

After an organization reports a cybersecurity incident to Arctic Wolf:

1. The Arctic Wolf Security Services team investigates the incident and determines if it should be escalated to the Arctic Wolf IR team (formerly Tetra Defense).

2. If the cybersecurity incident qualifies, a member of the IR team contacts you to schedule a free scoping call. During this call, Arctic Wolf:

   • Reviews your incident.
   • Prepares a Statement of Work (SOW).

3. If you choose to work with Arctic Wolf by signing the SOW, the team works with you to remediate the security incident.

4. If you are enrolled in the Security Operations Warranty program, see Creating Arctic Wolf Security Operations Warranty Claims for instructions on making a cybersecurity event claim.