Apr 10, 2025

“If we solved cybersecurity today, there’d be work to do tomorrow because attackers would be responding to that.” Illustration by Nalini Nirad by Ankush Das Arctic Wolf, a leading US-based cybersecurity firm, has established a strong presence across North America and Europe, and has recently expanded into the APAC region, including India. Established in Minnesota in 2012, the firm focuses on managed detection and response services, providing businesses with threat detection and prevention solutions. While placing a strong bet on India’s rich pool of cyber talent , Arctic Wolf is adopting AI to enhance and accelerate its capabilities to provide cybersecurity services to businesses and enterprises. To understand how the company is using AI to combat cyber threats, AIM spoke with Jeff Green , senior vice president of engineering, and Dean Teffer , vice president of artificial intelligence at Arctic Wolf. AI in the Endpoint and Security Operations Centre To begin with, Green cited an example of Arctic Wolf’s recent acquisition of the endpoint security assets of Cylance, BlackBerry’s former cybersecurity unit, highlighting how the company uses AI to secure endpoints and detect malicious files. “We use AI in our SOC (security operations centre) so that analysts can look at the events and observations that we accumulate…either from an endpoint, a network sensor, or an API integration with a third party…like CrowdStrike, SentinelOne, and others,” he told AIM. Green highlighted that AI plays a key role in helping the SOC evaluate security events and identify those that are potentially malicious or problematic. The company’s use of AI is not just limited to analysis; Arctic Wolf also uses it for threat detection. Typically, a company’s SOC relies on a Security Information and Event Management (SIEM), which uses Sigma or Yara rules to identify threats. Arctic Wolf, however, is using AI to generate these types of detection rules. Green explained that they aim to translate human learnings into AI systems to make detections more efficient and improve response to customer issues. He illustrated this with an example, “If we spot something where a machine is talking out to a command-and-control server (C2), we can then use AI to detect that and block that machine from communicating further.” Being Picky in Using AI Teffer revealed to AIM that they are being deliberate about where they apply AI, basing their decisions on the impact observed in their pre-testing. “We’re not just having AI do all the work, but we’re having AI do components of the work,” he stated. He highlighted time-bound use cases where AI is intentionally left out, as those tasks require human intervention within a certain time. While he acknowledged that AI can perform those tasks, he added that the team tends to adjust how or where it uses AI based on the task. Green echoed this sentiment, agreeing that the application of AI is highly specific to the task at hand. He pointed to examples of some companies using AI for everything, noting that some things might not need AI at all. “Sometimes a simple rule could be the quickest way to detect something, right? And you don’t need to train massive models, and the performance of the model isn’t as quick as a rule.” “You’ve got to pick and choose the application. And I think that’s how we’re focused. We look at it very pragmatically.” Green further elaborated on his cautious approach, “AI is the answer, now what’s the question? You’ve got to be very focused on that. Otherwise, you can just go overboard and it’s not helpful.” Teffer explained that they do not start with AI but with the actual security problems that need solving, and the tasks being done. “It’s like starting simple and then only adding in GenAI if it’s needed.” Standing Out From Tech Giants and Helping Organisations Considering how every major company is trying to build cybersecurity solutions like Microsoft’s Security Copilot agents , AIM questioned how Arctic Wolf stands out from such offerings. To this, Green revealed that they have a very large SOC and process a lot of data. He highlighted that the data they see is potentially on the order of 1.2 trillion observations daily, which gives them an advantage when working with AI and building models. “Our major competitors, like Microsoft and others, work best when you buy all their products. Arctic Wolf has never been like that. It’s always been: whatever you have, we can add to it, but we’ll take what you have,” Teffer stated. He added that Arctic Wolf focuses on security outcomes independent of an organisation’s IT infrastructure. Compared to large companies that build AI models, which often rely on humans, Arctic Wolf relies on experts for fine-tuning security outcomes. The company, with its security expert teams, continually improves its AI tools with human reinforcement. “One of the characteristics of cybersecurity is that if we solved cybersecurity today, there’d be work to do tomorrow because attackers would be responding to that,” Teffer said.