Johannesburg, 04 Jul 2023
Jason Oehley, regional manager, Arctic Wolf South Africa.
Arctic Wolf’s Incident Response (IR) JumpStart Retainer, launched in the US in January, is now available in EMEA to help customers manage cyber attacks.

Designed to fill the gap between inadequate internal incident response planning and a full 24/7 managed detection and response (MDR) service, Arctic Wolf’s IR JumpStart Retainer gives customers an incident response plan, support and preferential rates for support in the event of an attack.

Jason Oehley, Regional Manager at Arctic Wolf South Africa, says this service should not be confused with guided remediation, which is included in Arctic Wolf’s MDR service. “Incident response is more reactive and applied after a breach when systems are down. Our IR JumpStart Retainer package is more reactive. It is purchased annually at a nominal fee and includes a one-hour response SLA, with support available 24/7 from our team of over 100 IR engineers in the US.”

The service includes immediate ‘secure, analyse and restore’ services, including negotiations with threat actors.

Oehley notes that it differs from other incident response services generally available in that it also includes an IR plan and customers do not have to pre-purchase IR service hours they may never use.

“Often there’s no planning assistance, but organisations need an IR plan that they can share with staff and their insurers. In addition, many IR retainer plans require customers to buy prepaid minimum hours upfront, and this ‘use them or lose them’ model can be too costly for South African businesses,” he says.

“We looked to make it a better fit for the customers we work with. When they buy the retainer, they get access to our IR portal and we work with them to build an IR plan. We also include one-hour SLAs, so that if they have a breach, our IR responders will be on a call with them to build a scope on what needs to be done. We also give a guaranteed preferential rate for IR hours. This offers peace of mind more cost-effectively than traditional approaches.”

Oehley says this peace of mind is crucial when attackers strike. “We went through an IR exercise with one of our customers who was hit by ransomware recently. The first thing that sets in for the organisation is pure panic,” he says. “Our IR team jumped on the call and explained that they understood what a tough and emotional time it was, and how they would help facilitate the process. This calms the whole situation. Arctic Wolf IR responders in the US work on over 1 000 cases a year across all threat types, so they know what to do and how to guide customers.”

Oehley says the IR JumpStart Retainer has been very well received in the US, and he expects similar uptake in South Africa. “For a lot of customers, it’s a form of insurance – they know they have a plan and a process, at a set rate. There is a growing risk of ransomware, e-mail attacks, DDOS, insider threats and malware, and many organisations don’t have the right incident response plans in place. This is an area where we see increased focus and it’s becoming a requirement from business and insurers.”

He notes that additional value starts coming in when customers wrap IR JumpStart Retainer with a full MDR service. “A reactive plan and support are necessary, but there should always be a plan for proactive management with 24/7 managed detection and response too,” he says. “Arctic Wolf MDR is more affordable than most businesses think, and also better and more cost-effective than doing it themselves. Organisations don’t always understand the actual costs of doing MDR in-house – there are costs associated with the tools, and the skills to manage and monitor the tools, and the time to protection could be as long as six to 12 months.”

More information on the Arctic Wolf IR JumpStart Retainer is available here.
