How Arctic Wolf aims to ‘unify the cybersecurity market’

When a company gets to a certain size, the volume of cybersecurity data that is generated by its tools isn’t just unwieldy to deal with — it’s impossible.

“In a given day, you’ve got tens of thousands of different events being funneled into the system for analysis,” said Robert Sullivan, CISO at Agero, which offers white-label roadside assistance and other driving-related services. “How do you look at all that data coming in, in real-time, and sort through what would be anomalous behavior?”

The answer is: You can’t. Not without some help, at least.

That’s why Sullivan says that Agero began working with a vendor that specializes in delivering the outcome that all customers want — protection — even for complex, multi-cloud IT environments that generate massive quantities of security data.

A little more than two years ago, Agero became a customer of Arctic Wolf, the provider of a cybersecurity operations platform that includes a 24/7 managed detection and response (MDR) service — and has an open architecture that integrates with many third-party security tools.

“We don’t want to become the absolute experts on cybersecurity. We want protection,” said Sullivan, whose company provides roadside assistance services for about two-thirds of the vehicles on the road. “With Arctic Wolf, they can be the experts. They cover that space for us, so that we can have a high level of confidence around our security position.”

Customer traction

As cybersecurity continues growing in complexity, and security talent becomes more and more scarce, customers of all sizes are increasingly looking for a helping hand. Thus far, more than 2,700 of them have ended up with Eden Prairie, Minnesota-based Arctic Wolf.

And while the company was traditionally focused on serving mid-market customers, Arctic Wolf has moved aggressively into the enterprise market in the past few years. Now, nearly half of its customers are enterprises that are spending more than $100,000 a year with the company, says CEO Nick Schneider.

Looking ahead, according to Schneider, the company has a shot at solving some of the security industry’s most intractable issues — the complexity, the alert fatigue, the shortage of skilled workers.

And in doing so, “the opportunity for us as a business is to become the category-defining vendor in cyber,” Schneider said, akin to what Salesforce did for CRM.

With Arctic Wolf’s security operations platform — which offers a full gamut of security solutions, paired with the ability to ingest security data from a customer’s existing tools — the company has the potential to “unify the cybersecurity market wholesale,” he said.

While that may sound ambitious, or outlandish, Schneider says Arctic Wolf has the track record to back up these aspirations: Revenue is currently on track to double for the ninth consecutive year (the company’s fiscal year runs through the end of April).

Founded in 2012, Arctic Wolf achieved a valuation of $4.3 billion last July with its latest funding round ($150 million), placing it among the highest-valued, privately held security vendors of the moment. A Reuters report in November said the company was aiming to line up financial advisors to pursue an initial public offering in 2022 (a possibility that Arctic Wolf is not commenting on).

The company now has more than 1,500 employees, up from 1,200 just three months ago. And while Arctic Wolf isn’t providing its current revenue growth in enterprise, last July it reported seeing 438% annual recurring revenue growth with large enterprise customers, year-over-year.

Security market ‘has failed’

Arctic Wolf executives say the company’s growth trajectory has been fueled both by the increased demand for cybersecurity solutions and, on the flip side, by the fact that many solutions have left customers dissatisfied.

“Our view is that the security market itself has failed the end user,” Schneider said. “You have more tools coming out every day, you have the market spending more money every year on cybersecurity. And yet at the same time, there are more breaches, more incidents every year.”

Indeed, 83% of organizations experienced a successful email-based phishing attack in 2021, versus 57% the year before, according to a Proofpoint report. Ransomware attacks more than doubled in 2021, SonicWall reported — while data leaks related to ransomware surged 82% last year, according to CrowdStrike.

Given these worsening threats, and the shortfall in security professionals to battle them, it should be “no surprise that there is such a big uptick in interest for truly managed services to take care of the day-to-day aspects of security,” said Ian McShane, field chief technology officer at Arctic Wolf.

“We’ve spent decades trying to figure out how to automate alert triage and investigation because it’s time consuming, repetitive and it sucks,” McShane said. But the reality is, “it’s not possible to completely remove the human from those tasks,” he said.

That’s where a managed security operations approach “provides a quick win,” McShane said. “We’re not replacing tools — we’re making sense of the noise.”

Schneider, who has been with Arctic Wolf since 2016 and was named CEO last August, said that security has clearly evolved into an “extremely complex environment.”

“And it’s not getting any less complex — it’s getting more complex as time goes on,” he said. “Customers are looking for someone to make sense out of the cyber landscape and serve them up an outcome that makes them feel protected as a business.”

Delivering that outcome is what security operations is all about, he says. Arctic Wolf’s Security Operations Platform includes 24/7 monitoring of endpoints, networks and clouds; detection of threats; and response and recovery in the event of a cyberattack. The MDR service is provided by a concierge security team that serves to eradicate false positives and alert fatigue.

‘Unified experience’

Arctic Wolf’s MDR is complemented by digital risk management (tailored to each individual customer); managed security awareness (providing security training, phishing tests and coaching to employees); and cloud detection and response (to help with improving cloud security posture).

While a number of other security vendors offer some of these solutions, “that combination of modules, or that combination of outcomes sitting on top of the platform — we’re really the only vendor that does that,” Schneider said.

“And from a customer’s perspective, what that means is they get a unified experience across those different areas of their business — detection, risk, cloud, security awareness and training,” he said. “But they get it all done through a centralized platform — the data is all in a centralized location.”

Crucially, since the data being produced about one module is often going to be relevant to the other modules, “all of that combined just delivers a better outcome in the end to the customer,” Schneider said.

Open XDR

In terms of the underlying technology, Arctic Wolf’s cloud-native security operations platform is built on an “open” XDR (extended detection and response) architecture, meaning that it can ingest data feeds from third-party security tools that a customer is already using.

Key integrations include Microsoft Office 365, Salesforce, Microsoft Azure, Box, Amazon Web Services (AWS) and Google Workspace. At present, the platform is integrated with more than 65 widely used data sources across clouds, endpoints and networks.

In other words, Arctic Wolf has “built out a platform that is agnostic to the tools in the customer’s environment,” Schneider said.

After ingesting these security data feeds, the platform then adds context using threat intelligence and other data sources; machine learning (ML) to uncover anomalous behavior; and ML-powered analytics for detection of advanced threats. In all, the company says its Security Operations Cloud platform analyzes more than 200 billion security events daily.

Thus, Arctic Wolf’s platform not only offers a range of key security modules that many customers will need, it also brings together the data from the many different security tools that a customer uses, Schneider said.

“Core to our philosophy is not just unifying all these disparate tools or disparate markets into a centralized platform — but also, give the customer the experience that they expect,” he said.

All in all, “I think Arctic Wolf has the ability to to unify the cybersecurity market into a centralized cybersecurity operations platform,” Schneider said.

Comments are closed.