Arctic Wolf CEO On Why ‘Platformization’ In Security Is ‘Definitely Happening’

Nick Schneider, president and CEO of the security operations platform provider, tells CRN that ‘the days of managing a bunch of different tools from disparate [vendors] are starting to come to an end.’

The days are numbered for the approach of “leveraging hundreds of different tools” for delivering cybersecurity in a customer’s environment, according to Arctic Wolf CEO Nick Schneider.

In its place, the approach of shifting toward consolidated platforms in security — also known as “platformization” — is “becoming more and more prevalent,” Schneider said in a recent interview with CRN.

“Platformization is definitely happening,” said Schneider, who is also the president of Eden Prairie, Minn.-based Arctic Wolf.

The company’s security operations platform provides managed detection and response combined with capabilities such as vulnerability management, managed security awareness and cloud security, which includes CDR (cloud detection and response) and CSPM (cloud security posture management).

With the increasing interest in consolidated platforms, “I think Arctic Wolf is uniquely positioned to capitalize on that tailwind — given that we've always built this open XDR [extended detection and response] platform that has leveraged data from hundreds of different sources of telemetry, both native and third party,” Schneider said.

Schneider also discussed the company’s acquisition last year of Revelstoke — whose SOAR (security orchestration, automation and response) technology is now being integrated into the “core” of Arctic Wolf’s security operations platform — as well as a growing set of capabilities to help customers to better understand their “security journey,” he said.

What follows is an edited and condensed portion of CRN’s interview with Schneider.

Could you say a bit about the Revelstoke and any other important product updates?

Revelstoke was a pioneer in the SOAR industry. They built a platform upon a proprietary unified data layer. We're building that into the core of our platform, which gives us some additional capabilities around response actions, remediation and automation within the overall SOC.

We'll continue to make a bunch of investments in products. I think there'll be some interesting announcements here with regards to some organic and potentially some inorganic opportunities, by way of new products and capabilities. So it should be a fairly busy year on the product side. And I think there's some tailwinds in the market that are directly pointed at Arctic Wolf. No. 1 would be the platformization of security and the coming together of various tools onto centralized platforms. I think Arctic Wolf is uniquely positioned to capitalize on that tailwind — given that we've always built this open XDR platform that has leveraged data from hundreds of different sources of telemetry, both native and third party. And we're ingesting data at massive magnitudes. And then leveraging our position in that space with thousands of customers and tons of data to make real use of AI within security operations, which is obviously a massive opportunity. So we think it's going to be a big year by way of product capability. And I think a lot of the tail winds in the market are directly aligned with our strategy and vision, which is always a good place to be.

So you would say that Arctic Wolf has been ahead of some others when it comes to platformization?

I think it is part of why the market is moving that direction. At the end of the day, the customer voice is the loudest. And it's been very clear for us, for 10-plus years now, that customers don't want to be managing, buying and leveraging hundreds of different tools within their environment to achieve what really is a centralized outcome — am I protected as a business and meeting my regulatory and compliance needs? Do I have incident response capabilities and a plan, should anything go wrong? I think we have a unique advantage, in that we've built out that approach from the outset of our business. So this is not a novel concept for Arctic Wolf. It's what we've made the majority of our investment in [while] building this platform.

And [we’ve been] doing so not only against our own data, and not only for one outcome within a customer's environment, but against both native and third-party sources of telemetry and data — and also to achieve multiple outcomes on top of this centralized platform. That's a unique advantage to us as a business, but it's also a really healthy manner in which to view the market for our channel community. Because they can provide multiple different outcomes to the customer without having to manage and work with so many different disparate organizations that all have their own view on how to work with the channel. So it's a huge opportunity for us. It's certainly the direction we've always believed the market would head. It's certainly the direction that the market is heading. And then you couple that broad trend with the opportunity in AI and you can really do something special.

Going back to Revelstoke, could you say some more about how you’ll be utilizing that technology?

There'll be some announcements coming out, but I would expect that customers will see some increased capability for automated response, automated remediation. We can leverage that tool within the way in which we interoperate with the customer — so the way in which we engage the customers themselves. We can create different ways in which individual customers might want certain workflows to operate within their environments. There's a ton of opportunity to streamline, make it more efficient or do things in an automated fashion, in real time, with the technology on top of the platform.

What are you seeing in terms of the evolution of providing security to the mid-market?

A lot of the trends we just talked about are just exacerbated in the mid-market, small enterprise. A lot of times those organizations have a smaller budget with smaller staff, but they have the same problems as a Fortune 500 account. So in the marketplace, I think unfortunately for a lot of those organizations, vendors have focused way upmarket — more complex solutions, solutions that require more human touch or a larger team. Solutions that were more focused on an individual problem versus a broader set of problems within a customer's environment. And those things — complexity, cost, requirements for a large team, siloed outcomes — are really not what a mid-market, small enterprise account is looking for. So again, I think we have an opportunity, given it's where we've built the core of our business, it’s where we built the core of our platform, to continue to serve those customers — but also continue to leverage the success that we've had, in particular over the last two or three years, with larger and larger organizations.

[Large enterprises] are frankly coming to the same realization that I think some of the mid-sized or small enterprise accounts have come to, which is a pretty simple realization — which is, why would I try to be a healthcare provider or a law firm or a manufacturer and also try to be a cybersecurity company? And I think that's what it's evolved to for those that are trying to do it themselves. So we're seeing larger and larger organizations say, hey, if I can leverage the Arctic Wolf platform, and I can do so in order to drive the outcomes that are required for me within my security programs, that's far better than me as a business, where this isn't really my core competency, trying to build this out on my own. So I think it's a perfect unity of the market coming together. And I think given that we've started in an environment where customers are looking for those outcomes — and those outcomes delivered in a unique way — just allows us to have a better story both with our existing customers but also as we continue to move into more customers upmarket.

Are you continuing to see a lot of growth in the mid-market?

Yes, we're still seeing tremendous growth in all segments of the business. The slightly upmarket customers are growing faster than the core. And I think that's due to some of the dynamics that we just talked about. But the core itself is still growing quite rapidly.

How would you summarize what the biggest differentiators are right now for Arctic Wolf?

I think it's three things. No. 1, we have a large, scaled open XDR platform that we've been building on and working against for quite some time. So that is performing outcomes on multiple attack surfaces and allows us to leverage AI for automation, scale and efficacy. And I think from an efficiency standpoint, it's second to none.

Secondly, we have this unique concierge delivery model that’s really intended to make security work within a customer's environment. It delivers the security outcomes in a way that a customer can absorb, regardless of their talent set or their skills within the customer environment. And that takes a unique manner in which you'd both set up the platform and the technical delivery to the customer — but also the human element being involved at some level to ensure the customer gets what they need, or has access to somebody that can answer their questions with regards to their security posture.

And then the last thing is making sure that a customer understands their overall journey as it relates to cybersecurity. So cyber is evolving on a day to day basis. And we've spent a lot of time — and this is one of the announcements that will be coming shortly — on productizing a customer's journey over time. So where are they at in their overall posture? How has that progressed over time? How does that relate to their peer group? How does that relate to specific frameworks or regulations within their industries? How does that drive insurability for them as an end user? And then the delivery of these multiple outcomes into a centralized view is what we call “security journey.”

So if you take the security operations cloud and the platform itself, and you combine that with the manner in which we deliver these outcomes, and then help a customer to understand what those outcomes mean to their business, that is truly unique. It's those outcomes that I think are why customers and partners are really having success with Arctic Wolf.

In terms of the “security journey” that you’re describing, do you feel like that's a new idea that you're bringing forth?

I think there have been organizations that have tried to do it on top of third-party technologies. But I don't think that anyone does, or will do, what Arctic Wolf does on top of its own platform — and then can serve that information or those outcomes up to the customer in a way that that data can be leveraged to drive real business outcomes. That is unique to Arctic Wolf.

Any update on your aspirations around an IPO?

We're obviously paying close attention to what's happening within the market. I think our results make Arctic Wolf a candidate to someday pursue that endeavor. So we'll keep a close eye on it. I think this will be a year where you'll definitely see a few folks go out. We’ll pay attention to that, but we'll make the move when both the market and Arctic Wolf are ready. We're not really in any hurry given the state of our business and the shape we're in.

How would you summarize what your message is to partners this year?

I think the core [message] right now is, platformization is definitely happening. It’s becoming more and more prevalent. The days of managing a bunch of different tools from disparate [vendors] are starting to come to an end. Arctic Wolf has built a robust platform and we’ve focused on customer outcomes. And that presents a huge opportunity for the channel community to get the right seat at the table with their customer base. [Partners have] a massive opportunity to really lean in to a customer's overall cyber posture, which then effectively influences everything that [customers] do with technology.