Arctic Wolf CEO On ‘Re-Energized’ MSP Program, Endpoint Security Expansion

The security operations platform vendor is unveiling a revamped MSP Partner Program along with an MSP-focused version of Aurora Endpoint Security, Arctic Wolf CEO Nick Schneider tells CRN.

Arctic Wolf is unveiling a revamped MSP program along with an MSP-focused version of its endpoint security offering, as the company looks to boost managed services delivery around its AI-powered security operations platform, Arctic Wolf President and CEO Nick Schneider told CRN exclusively.

The vendor’s MSP Partner Program is now “refocused and re-energized” with a number of updates that MSPs have been asking for, Schneider said.

Key updates to the MSP program include progressive volume pricing — with better rates for an MSP as their total business grows with Arctic Wolf — as well as progressive deal minimums, which similarly reduce minimums as the MSP expands their Arctic Wolf business. The updated program also adds new volume commit agreements based around multi-year growth plans with preferred pricing that starts immediately, according to the company.

Meanwhile, Arctic Wolf debuted its new Aurora Endpoint Security for MSPs offering, with increased flexibility for providers of managed services, the company said. Aurora Endpoint Security is the company’s offering in endpoint protection and endpoint detection and response (EDR), based on the $160 million acquisition of Cylance from BlackBerry in February.

Additionally, Arctic Wolf introduced updates Thursday to its Data Explorer tool, including simplified custom detections and improved searches — aimed at making the vendor’s SecOps platform an even stronger alternative to traditional SIEM (security information and event management). Other new capabilities now enabled in Data Explorer include “advanced” queries into historical data, the company said.

The Data Explorer updates will ultimately provide improved SOC (Security Operations Center) interactions with “better visibility into their existing stack, or ability to customize what they're doing with regards to their security workflows,” Schneider said.

“What we're trying to do with our core platform is to enable customers to do those things that they could historically do with a SIEM, natively to the platform — but not burden those outcomes with all the things that customers don't like about a SIEM,” he said.

What follows is an edited portion of CRN’s interview with Schneider.

Could you talk a bit about Arctic Wolf’s journey to now offer endpoint security — since you originally started on the MDR and SecOps side?

You have a lot of vendors in the space that started in a specific product category — whether that be endpoint or network, identity, zero trust, whatever it might be — and are now realizing that customers are less interested in specific point products and more interested in the outcomes of a security operation. We have always created and implemented our offerings around the outcomes that we achieve for our customers — even the modules that we sell are oriented around the outcomes that a customer could expect to achieve. We have, in our view, two of the hardest assets to come by with regard to building out the SOC. We're really the only vendor in the market that now has true capabilities on multiple attack surfaces, that has a platform that is not just a portfolio of products, but a truly operational platform, and the security operations expertise at scale to be able to service our customers. And it's that combination that I think also positions us very uniquely to be able to execute against this automated or AI-powered SOC, because we have the requisite ingredients to be successful.

So in adding Aurora with the Cylance deal, that expands what you’re able to offer from a first-party platform perspective? It helps to complete your platform?

We have our own vulnerability management solution, we have our own awareness training solution, we have our own network scanners and sensors. We have our own ITDR [identity threat detection and response] products and cloud security products. We'll continue to make investments on native tools and capabilities, while also remaining open to third-party tools or capabilities that a customer might have in their environment — which I think, again, highlights that we're really focused on the outcome. So obviously you need security protection on the endpoint and the ability to detect and respond to threats on the endpoint, but that's just one portion of the outcome a customer is looking for. You can do that natively on our technology, or can do that leveraging a third-party technology. But at the end, what a customer wants to know is, am I protected? Am I insurable? Do I meet my regulatory or compliance requirements? So those are the business questions that customers are trying to answer as an offshoot of their cybersecurity programs.

But part of the idea now is that partners and customers will be able to do more with you since you have an endpoint offering?

Certainly we've seen that customers have been very vocal about the fact that with Arctic Wolf’s offering on the endpoint, we have now something that — together with the rest of Arctic Wolf’s portfolio and the platform that we have — is something that's very interesting to them. This was part of the impetus for the acquisition. And I think in the endpoint space in particular, you have a set of products where the efficacy is relatively similar, and customers are really looking for more than just endpoint protection, or the ability to detect and respond to the endpoint. They're looking for the ability to understand their environment in totality, and be able to detect and respond to threats in that environment, be able to understand vulnerabilities in that environment, be able to train their people about those vulnerabilities, be insurable, have an incident response plan — everything you'd expect from a SOC, I think customers are more and more looking to be able to garner from a centralized SecOps platform.

What are the major takeaways from your MSP announcements?

The Arctic Wolf MSP Program itself will be refocused and re-energized. So we'll have new progressive volume pricing, progressive deal minimums, volume commitment agreements — a mechanism to transact that I think our MSP partners have been looking for. And in addition to that, we'll have enhancements to Aurora Platform, not only by delivering endpoint to MSPs and delivering endpoint in a more holistic way to our customer base as a whole — but also to bring some advanced capabilities on our Data Explorer module to allow customers to interact with the SOC, the SOC data, the operations, and get better visibility into their existing stack, or ability to customize what they're doing with regards to their security workflows.

In terms of SIEM, would you say that Arctic Wolf is looking to provide a lot of what customers and partners have been looking for from their SIEM tools?

What you're seeing in the market is that SIEM has its place in customers’ environments. There's certain elements of a SIEM that customers really like, and there's certain portions of a SIEM that customers really don't like. What we're trying to do with our core platform is to enable customers to do those things that they could historically do with a SIEM, natively to the platform — but not burden those outcomes with all the things that customers don't like about a SIEM. So generally speaking, it's about an openness of the platform or integrations. It's about customization of detections or rules that customers can write that are relevant to their business. It's about ensuring that they can store logs and store them in the way that they need them to be stored for regulatory or compliance needs. There's these outcomes that customers were looking for from the SIEM that we're trying to enable, and one of those steps is through Data Explorer on top of our core platform. But we'll continue to announce additional features and function on top of the platform that will be specific to SIEM use cases — with the outcome for the customer to be that either they could think about replacing their SIEM, or they could leverage their SIEM for certain use cases and leverage their core security platform for others.

How big of an impact is AI having right now on what you're doing at Arctic Wolf?

I think AI is a huge opportunity for cybersecurity and a massive opportunity for Arctic Wolf. Cipher is our AI assistant, and that is something that the customers can already get the benefit out of. But broader than that, I think there's two areas that we will be focusing on. One will be customer-facing use cases for AI, which will be augmentation and improvement of the AI assistant that we've built. I think there's additional agentic use cases that we could leverage and implement for customers to do specific things within the SOC by leveraging AI. The secondary component for us is that, in all of the market discussions around an automated, AI-powered SOC, really Arctic Wolf has the three ingredients that very few have. [Those include] a substantial amount of data — eight to nine trillion observations a week that we're processing. It's diverse data — so we're getting that data not only from our native tools, but from hundreds of third parties. And then we have probably 10 million-plus man hours, at least, of real-world SOC experience. And it's that SOC experience that will allow us to take that data, take the models, take our relationship and partnership with Anthropic and really leverage all of that to be able to deliver on this AI-powered SOC, because we have the expertise to train and tune those models in a way that, frankly, others just won't have.