Arctic Wolf CEO: Vendors ‘Need To Be Careful’ With AI
‘I think you’re going to see a lot of work being done on AI and its ability to assist with the manner in which customers engage with platforms and ask simple questions. I think in the end that will be a good thing for the customer base and for the market,’ says Arctic Wolf CEO, Nick Schneider.
There’s a lot in store for security operations technology firm Arctic Wolf. From advancements in AI to product launches to acquisitions, CEO Nick Schneider said MSPs can expect to see a lot of activity from the Eden Prairie, Minn.-based firm.
“Over time more and more Arctic Wolf will be and should be viewed as a security operations provider which really sits kind of over the individual siloed markets within cybersecurity wholesale,” he told CRN.
One aspect is AI, which is rapidly evolving in the technology market. Arctic Wolf, which has raised $1.06 billion in venture funding and has a $4.3 billion valuation, plans to use the technology to its benefit, but Schneider said the misuse of it can have significant consequences.
“Where I’m saying vendors need to be careful, or the market needs to be careful, is there’s a lot of hype,” he said. “People are rushing to get things into market and a lot of times what’s being delivered is beta or really early versions of AI within their tool sets. In certain industries, that’s fine because there’s very low risk to there being an issue or an error. But in cybersecurity where time, accuracy and efficacy of what’s being delivered to the end user is paramount, especially in the situation where they might be having an issue, you just want to make sure that what’s being put into the market has been vetted properly and has been given enough time to soak within the data.”
The company has also been strategically focused on sustainable growth. It doubled its workforce in the last year to 2,200 employees currently and looks to fill more than 100 open positions despite macroeconomic conditions.
“It’s been more of a balanced and a measured approach,” he said. “And through that we’ve made additional investments certainly in product and R&D, in our international sales and marketing teams and other areas of business that were a top priority for us.”
CRN spoke with Schneider about the company’s growth, AI and what’s to come in the second half of 2023. Check it out below.
Despite economic headwinds, the company has sustained growth, made investments and has been hiring talent. How have you turned those economic headwinds into tailwinds?
I think each sector of the market is a little bit different. I think cybersecurity is probably an area of the market that is least impacted by some of the macroeconomic headwinds. It doesn’t mean that there’s no impact, it just means that relative to some other priorities within an organization cybersecurity remains at the top of the heap with regards to prioritization. Over the last year or so we’ve just been smart about the way in which we build out the team and thoughtful about the areas of the business that we invest in, relative to the balance of growth of the business and the bottom line. It’s been more of a balanced and a measured approach. And through that we’ve made additional investments certainly in product and R&D, in our international sales and marketing teams and other areas of business that were a top priority for us. In those areas, I think what we found is that there is a healthy talent pool that is available, certainly a healthier talent pool than what was available two years ago. It’s really been a combination of things. One, cybersecurity I think remains a top priority for the majority organizations. Two, we took a really balanced approach on growth. Three, in the areas that we were making investments we were able to work within a market that had a little bit larger of a talent pool or a talent pool that was willing to engage.
Can you double down on the investments you made on product, R&D and the national sales and marketing teams?
We’ll always continue to make additional investments in product and R&D. We’ve launched a few new products and we’ve added capabilities to effectively all of our other modules and organized the team in a way that sets us up for the future. We’re providing the security operation to the entirety of the market across multiple different outcomes. In order to do that we had to continue to make, and will continue to make, investments in both the product teams and the specialization within those product teams, but also in the R&D teams that are required. On the sales and marketing teams, most of our energy has been focused from a growth standpoint on international markets. We’ve always had a pretty sizable team in the US. We’ve made incremental investments in Canada and EMEA and then most recently in ANZ (Australia and New Zealand). Those markets for us are still growing at pretty incredible rates. The US is still growing very well but those have been areas where we’ve made outsized investments.
I want to switch to AI. How do you think it plays into cybersecurity?
It has always played a role in cybersecurity. I don’t think there are many organizations that are delivering the outcomes that their customers expect that haven’t been leveraging AI or machine learning in some way. Obviously, with the advent of generative AI and everything that’s going into that space, there are additional opportunities. There are also additional risks if not used properly, both in terms of the way in which the bad actors could use that technology but also in the ways that vendors may misuse that technology. Our approach has been to continue to leverage machine learning in our core functionality and tools to help to improve the efficiency of the efficacy of the solution.
Then we’re doing a lot of work as an organization to make sure that the work we’re doing that is customer facing, or the work that we would want our customers engaged with, we have properly vetted and tested. We’ll continue to make investments there. I think you’re going to see a lot of work being done on AI and its ability to assist with the manner in which customers engage with platforms and ask simple questions. I think in the end that will be a good thing for the customer base and for the market. What everyone is working towards is making sure that whatever is implemented is implemented properly because mistakes within an AI model in cybersecurity can have an outsized impact to an end user versus other use cases for it.
You mentioned that vendors may misuse AI. Can you double down on that? Should MSPs be concerned about that?
You just have to be careful. There’s a lot of hype around AI, it has always been used in cybersecurity and it will be used more and more into the future. Certainly the same would be true of Arctic Wolf. We’ve always used it and we will use it more into the future. Where I’m saying vendors need to be careful, or the market needs to be careful, is there’s a lot of hype. People are rushing to get things into market and a lot of times what’s being delivered is beta or really early versions of AI within their tool sets. In certain industries, that’s fine because there’s very low risk to there being an issue or an error. But in cybersecurity where time, accuracy and efficacy of what’s being delivered to the end user is paramount, especially in the situation where they might be having an issue, you just want to make sure that what’s being put into the market has been vetted properly and has been given enough time to soak within the data. It’s a cautiously optimistic view. It’s going to revolutionize the market world, the way in which people view cybersecurity and manage certain roles or functions within the cyber ecosystem. But we the market should also be careful about how far we take it and how fast.
Don’t imagine that it’s going to solve all your ills overnight. The human element is still really important in cybersecurity. A combination of AI and the human element I think right now is probably the best approach.
What other big cybersecurity trends are you watching right now?
AI is obviously the big one. I think we’re also starting to see this notion of a historical precedent where there were a lot of point solutions in cybersecurity doing certain elements of an overall security operation start to become a less and less prevalent mode of operation for the industry. I think that’s probably due to two things. One, customers are kind of fed up with it. They want to leverage a platform that can deliver multiple outcomes via a centralized vendor and not have to buy 50, 60 tools to put together their security operation. Secondly, I think the macro environment has accelerated some of that change. Whereas customers might have been more willing to engage with the 30 or 40 vendors that they have within their infrastructure in an environment where every dollar is being scrutinized and the efficiency of every solution is being scrutinized. There’s a definite movement towards vendors and players in the space that can help to consolidate some of those outcomes or consolidate some of those tools and in the end some of that spend. AI and the consolidation into platform plays that can solve for cybersecurity in a more holistic manner are probably the two most prevalent trends right now. In some ways they play together.
What makes Arctic Wolf better than the competition?
There’s a few things so. One, we’ve built this platform now that’s operating at massive scale. We’re ingesting 3 trillion observations a week, petabytes and petabytes of data a week that we’re ingesting from hundreds of different sources within our customer base. That gives us an incredible amount of data with which to run AI models or machine learning models and make our solution that much more performant than some of the other players in the space. It’s just the sheer vast volume and nature of the data collection that we have. The second would be the number of outcomes that we provide. We have detection and response capabilities across all of the various attack surfaces. We have vulnerability management solution, we have an awareness training program and solution. We have incident response capabilities, we have connectivity into the insurance ecosystem and insurance carriers. What that means is that we’re delivering a more holistic security operation to the customer as opposed to one of the siloed individual markets. When you combine this highly-performant, massively-scaled back end platform with a multitude of different outcomes on that platform, along with what our curated concierge approach which is mostly around how we get that data served back to the customer in a way that makes sense, we stand out.
What are you hearing from your MSP partners about their biggest challenge and how is Arctic Wolf helping with that?
That’s evolved a little bit over time. I think MSPs in general are trying to find new paths to market new revenue streams. I think one of the revenue streams or paths to market that is most readily apparent is cybersecurity. Cybersecurity for MSPs has a similar challenge to cybersecurity for an end user and that in order to fully engage you need to have expertise, which is sometimes not available. You need to have budget for the various tools and products that would make your solution the right fit for the customer base that they’re providing. Then you have to be able to handle the ramp up between when you hire and build out that ecosystem of tools before you start to take in revenue. Arctic Wolf has always played within the MSP and the channel community in that we can solve for kind of the largest barriers to entry within cybersecurity for an MSP. We can bring the cybersecurity expertise and technology. The MSP and the reseller community has really strong relationships with their customers whereas we can now help them get a seat back at the table with regards to cybersecurity, which leads towards many other conversations. I think it’s MSPs and resellers in a continual work to find new revenue streams and find ways to be more beneficial and impactful to their customer base. Cybersecurity is one of those areas and Arctic Wolf has historically filled those voids.
What can we expect to see from Arctic Wolf in the second half of the year?
Expect to see continued growth both in the manner in which we serve the market in the US but also internationally. Expect to see additional product announcements both by way of organic growth but also potentially through inorganic growth. It may be opportunistic with regards to M&A. Overtime more and more Arctic Wolf will be and should be viewed as a security operations provider which really sits kind of over the individual siloed markets within cybersecurity wholesale. If a company is looking to solve for their overall security posture, Arctic Wolf will be able to and can solve for those various needs under one umbrella.
Can you tease any products coming down the line or any acquisitions?
You can imagine what we would build or what would be required within a security operation. What does Arctic Wolf offer today and what could we add to our portfolio? It’s the things that you would add that we don’t have today that would be required in a security operation, which are the areas that you would expect to see. I know that’s a veiled answer, but it’s as close as I can get without spilling the beans.
With M&A we’re going to continue to be opportunistic there. The same areas that we would look towards organic development are areas that we would look within the M&A front. It’s largely dependent on the organizations that are interested in the conversation, the valuations of those organizations, how they fit into our technology stack and go to market. It’s a similar answer and I think the market is now becoming more receptive, at least from a valuation standpoint, to have those conversations. It’s a little bit up to what we come across through the work that we’re doing in that environment. But the areas we’re looking at are similar to the answer that I gave previously.