Arctic Wolf Buys Vulnerability Assessment Startup RootSecure

Arctic Wolf Networks has purchased up-and-coming vulnerability assessment vendor RootSecure to help midmarket enterprises better assess and manage their cybersecurity risk.

The Sunnyvale, Calif.-based security operations vendor said its acquisition of Waterloo, Ontario-based RootSecure will help organizations continuously probe their networks, discover connected devices, and test their social engineering resilience. The company quantifies cyber and data risk, providing real-time, actionable insight from continuous vulnerability assessments of networks, devices and people.

RootSecure's risk management offering complements Arctic Wolf's focus on monitoring an organization's environment and identifying potential points of failure, according to Brian NeSmith, ArcticWolf's CEO. Customers of both companies will benefit from the fusion of risk and continuous monitoring, with both working into and feeding one another, NeSmith told CRN.

[Related: Arctic Wolf Networks Launches MSP Program For SOC-as-a-Service Offering]

"This acquisition augments our current offerings by adding comprehensive risk assessment to improve any customer's overall cybersecurity posture," NeSmith said.

Terms of the deal, which closed Dec. 4, weren't disclosed. Twenty RootSecure employees will be joining Arctic Wolf, NeSmith said, including the company's entire development and infrastructure teams.

Other vulnerability management tools provide businesses with a lot of information, but no true answers, NeSmith said. In contrast, RootSecure has a far better user interface than any other vulnerability management tool that NeSmith has seen on the market, going beyond diagnosing the criticality of an issue to provide additional context as well as a sense of how simple or complex the issue is to resolve.

NeSmith praised RootSecure's workforce for having a good understanding of what's necessary to make the network more secure. Both RootSecure and Arctic Wolf share a common view that their top priority is ensuring the customer's network is secure and works the way it expects and wants, according to NeSmith.

From a channel perspective, NeSmith said allowing partners to carry both product lines will strengthen their portfolio and give them more to sell. Having RootSecure's asset and vulnerability management capabilities work in tandem with Arctic Wolf's monitoring capability will make it possible for solution providers to capture more incremental revenue, according to NeSmith.

Partners can immediately begin cross-selling the other vendor's products, NeSmith said, and will have access to training in the coming weeks. Arctic Wolf's 250 channel partners are focused largely on the U.S., NeSmith said, while RootSecure's 20 channel partners have a broader penetration in Canada.

In the long run, NeSmith said he would like to see more than half of Arctic Wolf and RootSecure's legacy customers using capabilities from both companies. Seeing how customers respond to the increased services capability will also be critical for the company, according to NeSmith.

This is Arctic Wolf's first acquisition since being founded six years ago, according to NeSmith. The company employs 176 people, and has raised $88.2 million in four rounds of outside funding.

Future acquisition targets for Arctic Wolf could include businesses focused on monitoring customers' networks in a better way by either addressing specific types of problems customers want coverage around or addressing adjacent areas related to training or risk management, NeSmith said. Arctic Wolf is most focused on product synergies when it comes to acquisitions, he said, and isn’t in a hurry to do more deals.

Demand in the market for vulnerability assessments is strong since they can contribute to providing a more comprehensive or holistic view of what a client needs from identification to monitoring and detecting, according to Dale Raymond, president and CEO of Annapolis, Md.-based ActiveCyber.

"Vulnerability assessment and identification is key to understanding where bad guys are present," Raymond told CRN. "It's a key component to an overall cybersecurity program."

Most clients today use more than one vendor for vulnerability assessments to ensure consistency, Raymond said, and ActiveCyber would be all for offering RootSecure's tool as a complementary additive if it complements the existing Arctic Wolf offering. ActiveCyber has seen significant growth in its Arctic Wolf business, and turns to the vendor to provide customers with monitoring, detection and response.

"This is a strategic acquisition," Raymond said. "It's only going to help continue to grow the Arctic Wolf customer base."