Hey folks, we're a small IT team of three managing endpoints for a mid-size company. Our current ESET EDR license is coming up for renewal, and we're debating whether to keep ESET or switch to Arctic Wolf Aurora, which offers both MDR and EDR services.
Currently, we handle all our alert triage and response internally, and we don't have a dedicated SOC which makes after-hours monitoring challenging. We're looking to maximize our security coverage while keeping costs and operational overhead manageable.
I'd love to hear from anyone with experience on a few points:
1. How beneficial is having 24/7 SOC support like Arctic Wolf provides for a team our size?
2. What differences should we expect in daily operations between ESET and Arctic Wolf?
3. Any insights on dealing with alert fatigue, false positives, and support for small IT teams?
Thanks for any feedback or lessons you've learned!
2 Answers
I had a pretty bad experience with Arctic Wolf. They didn't alert us on scans from internal IPs, which was a huge issue. Their log management was also lacking; we struggled to access raw log data when we needed it. We switched to Rapid7's IDR and VM and find their weekly meetings and support much more beneficial.
For a team of your size, I’d recommend considering platforms like Microsoft Defender or CrowdStrike. They offer solid features and support. Maybe think about using some of your AV budget to get Huntress for added endpoint protection. It could be a good combination without overwhelming you.
I feel you—it’s tough enough to deal with security without grammar critiques adding stress. Just be mindful next time.