improvee design - stock.adobe.co
Arctic Wolf targets mid-market security gap in APAC
Following the launch of its full portfolio in Malaysia, the SOC provider discusses the security challenges facing lean IT teams, the value of vendor neutrality, and its roadmap for AI and ransomware protection
Cyber security provider Arctic Wolf has been expanding its footprint across the Asia-Pacific (APAC) region, recently launching its full product portfolio in Malaysia as it looks to address a widening disparity in the market.
Speaking to Computer Weekly in a recent interview, the company’s APAC business director David Hayes noted that while global cyber security spending increased by 13% in 2025, losses resulting from incidents grew even faster.
“We don’t believe it is a lack of tools or the quality of the tools. We think it’s a people, process and technology thing,” said Hayes.
A key part of its strategy is to offer a 24/7 vendor-neutral security operations centre (SOC) as a service for midmarket customers that are not large enough or simply don’t want to perform that function internally. In Australia, its customers include Brighton Grammar School, Parramatta Leagues Club, and Arts Centre Melbourne.
While Arctic Wolf’s services are broadly relevant, particular interest has come from private schools, legal firms, shipping and logistics, and local government.
“That wasn’t really by design,” said Steve Hunter, Arctic Wolf’s director of engineering for APAC. “That’s been a consequence of being here in Australia. The independent schools have very significant data challenges, and there are quite a few that have had significant breaches…I hadn’t actually appreciated just how diverse the types of data schools maintain,” or how much of that data is sensitive, such as health and mental health records.
Hayes explained that these organisations typically rely on small teams of IT generalists. While responsible for security, these teams often struggle to manage the sheer volume of alerts generated by modern tooling.
“They’ll have really good tools – one of the top five endpoint vendors or firewall technologies – but what they're missing is that 24x7 capability,” said Hayes, adding that they benefit significantly from external guidance on improving security posture.
Similarly, law firms have invested in enterprise-class protection as used by banks and national governments, “but their operational maturity and the number of folks they have to operate it is lean,” said Hunter, adding that Arctic Wolf can do the heavy lifting to help those customers get full value from their security investments.
Vendor neutrality and visibility
Crucially, adopting Arctic Wolf does not require customers to revisit decisions about their existing technology stack.
“One organisation might have picked CrowdStrike, Palo Alto and Cisco, and a different organisation might be all in on the Microsoft stack, using Defender with Azure,” said Hunter. Whichever products are in use, Arctic Wolf’s Aurora platform, which runs on Amazon Web Services (AWS) and uses Anthropic’s AI technology, ingests and processes all the telemetry.
Hunter noted that because pricing is based on the number of users and servers, clients can add new security tools without increasing service costs.
With 10,000 customers generating an average of eight trillion events per week, the company claims unusual visibility into the threat landscape. For example, the CrowdStrike outage of 2024 occurred on a Friday afternoon Australia time, and Arctic Wolf quickly spotted that telemetry from affected systems had stopped.
“By the time the US woke up, we had already been defending or dealing with this in Australia, and our SOC team worldwide were already aware that this was going on. We had prepped our customers, sent out bulletins, and given them the latest help we could get from the provider,” Hunter said.
The concierge team
Beyond the SOC, the company employs a concierge team to guide customers through a proactive, but customer-determined 12-month security journey. An early step often involves checking identity lifecycle management, such as identifying accounts lacking multi-factor authentication (MFA) or dormant privileged accounts.
“We give them the remediation steps, and they either do that themselves, if they have the IT staff to do it, or they give it to their MSP [managed service provider] if they've outsourced that function,” said Hunter. The concierge team then verifies the work before moving to the next recommendation, all of which are built on local standards such as Australia’s Essential Eight and Singapore’s Cyber Trust Mark.
According to Hayes, this supports risk mitigation and transfer. “You can accept risk, avoid it, mitigate it, or transfer it. We talk about the latter two,” he said. Risk mitigation comes from combining the technologies customers have already invested in, with Arctic Wolf’s platform and skilled personnel.
Risk transfer is addressed by making it easier for customers to get cyber insurance and a service warranty, which can be as much as $1.5m for customers on the Security Operation Total package – a figure that doubles if they also use Aurora Managed Endpoint Defense.
A specific team of Arctic Wolf employees is allocated to each customer, providing continuity and the opportunity to build ongoing relationships. While the makeup of these teams will change over time due to promotions or staff turnover, Arctic Wolf works to ensure that there is always a familiar face. “If we do move someone else in… it’s a warm handoff,” said Hunter.
Despite the industry-wide skills shortage, Hunter described Arctic Wolf as a “destination employer” in Australia, offering career paths from junior to senior SOC analyst roles, forensics and investigation to “customer consulting on the concierge side, which is unique to Arctic Wolf, if you love working with people rather than working behind a screen.”
Looking ahead, Hunter expects further improvements in how the company uses AI to provide more effective defence. With a vast quantity of unlabelled telemetry, labelled data from security tickets, and feedback from over 1,000 security engineers, the focus is on tapping “AI to help us do an amazing job for the customers,” not something to sell to customers.
Hunter also pointed to the late 2025 acquisition of UpSight Security, a specialist in ransomware protection and rollback. He hinted that this AI-driven technology will be integrated into Aurora Endpoint Security later this year, speeding up the detection, neutralisation and containment of ransomware attacks.
Read more about cyber security in APAC
- Singapore mobilised over 100 cyber defenders to neutralise a sophisticated APT actor which infiltrated Singtel, StarHub, M1 and Simba networks in the country’s largest coordinated cyber incident response to date.
- Japan’s Nikkei has confirmed a major data breach that potentially exposed the personal information of more than 17,000 employees and business partners after hackers infiltrated its internal Slack messaging platform.
- Australian privacy commissioner warns that the human factor is a growing threat as notifications caused by staff mistakes rose significantly even as total breaches declined 10% from a record high.
- Philippine bank BDO is shoring up its cyber security capabilities to protect its data and systems as it moves more services to the cloud and expands its physical presence into remote areas of the archipelago.
