Within cybersecurity, it is quite common to regularly talk about humans as the weakest link. Nick Schneider, the CEO of Arctic Wolf, takes a somewhat more positive stance and sees in humans precisely the solution to the problems that organizations have around security.
We published an extensive article about Arctic Wolf a few months ago. That article was mainly about Arctic Wolf’s vision, the SecOps platform it has built as a whole and the MDR component in particular. In a nutshell, Arctic Wolf wants to provide a SecOps platform that can receive data from anything you want to connect to it. Based on hundreds of billions of observations per week, organizations get about five to 10 action items each week. Furthermore, the idea is that you don’t have to purchase all kinds of other products and services from Arctic Wolf as well. So the investments organizations made in the past in solutions and systems, won’t be wasted.
TIP: Read the full earlier article here, in which we give an overview of what Arctic Wolf has to offer, based on a conversation with CTO Ian McShane.
Strong growth
Arctic Wolf is growing very fast. The company came to EMEA not long ago from the U.S. and is growing no less than 500 percent YoY in this region. This is not surprising, of course, since the company has only just started in this region. Strong growth rates are normal when you come from humble beginnings. Globally, however, Arctic Wolf is also growing 100 percent YoY. That is certainly impressive.
Arctic Wolf has also not entered our market half-heartedly. You often see new players start with a single person, who then has to work around the clock to get on the radar of partners and customers. Arctic Wolf immediately established a full team. It has also already invested heavily in our region. For example, an SOC in Frankfurt has been established, employing 55 people. It is clear that Arctic Wolf means business. This also sends a good signal to the market. Partners and customers will be more inclined to invite the new supplier over for coffee if they see it means business.
People hold the key
One of the things that strikes us during the conversation is that Schneider speaks positively about the role that employees have within cybersecurity. They are often blamed, but Schneider would rather talk about the opportunity that lies ahead for organizations to actually use people to get security in better shape. “The employee offers the greatest opportunity to better secure an organization,” in Schneider’s words. “If no one makes a mistake, an organization will not be breached,” according to him.
From the above statement, we conclude that the technology basically does what it is supposed to do, but what matters most is what the people do. This is putting it quite strongly, because there are always issues such as zero-days that existing technology doesn’t have an answer to either. But the point Schneider wants to make is clear. More needs to be done on what he calls enablement/awareness. Of course, he sees this as part of the larger platform, so things like vulnerability management and MDR should also be part of the overall approach for organizations. But awareness should certainly play an important role in this.
When it comes to security awareness, it does need to be offered to employees in a good way. It doesn’t have to be expensive and doesn’t have to cost more than five minutes a day, Schneider points out. However, he has also seen where it has gone wrong: “The mistake that many awareness training vendors have made is that they have made content too boring.” This content must be relevant and must also take employee feedback into account. This is the only way to keep it relevant as well. However, the content also just has to be nicely made and interesting. That all helps.
Unifying cybersecurity
One of the most striking things about the security industry is that it is hugely fragmented. This while it is also quite clear that this fragmentation is actually counterproductive. After all, with many separate point solutions there (large) gaps in the defense are to be expected. In addition, there is short-term thinking when purchasing solutions. Thus, an organization may end up with a lot of solutions, some of which overlap, but none of which are fully used.
Schneider has clearly observed that customers struggle with bringing together the various solutions they use. However, this is the way forward. Arctic Wolf understands this, he points out: “We don’t ask customers to throw away their previous investments; we get to work for them.” Customers can continue to use what they have already invested in, Arctic Wolf makes sure they can connect to it. In other words, Arctic Wolf builds the connectors and other components needed to make the connection. This has the advantage that nothing has to be moved from one solution to another. That is, the systems of record remain in the individual solutions.
We noted in the previous conversation we had with Arctic Wolf that there are limitations to this way of working. 100 percent visibility into what is happening in your environment is very difficult if not impossible to achieve. As McShane pointed out in that previous discussion, Arctic Wolf still receives enough information to properly secure customers. That’s ultimately what it’s all about, Schneider points out: “Customers don’t buy a security solution to get insight into every single component, they just want to know they’re secure.” If you can promise that, the customer is fine with it. Of course, you can’t give extremely hard guarantees. As Schneider points out, “The trouble with cybersecurity is that as soon as you think you’re safe, something new comes along.”
It’s getting easier and better
The story Schneider tells sounds good, but it also sounds like quite a bit of work for Arctic Wolf. Considering there are 3,000+ security solutions for sale, that’s quite a few connectors that need to be built. Does this scale well enough? According to Schneider, organizations don’t have to worry about that. In fact, he sees it actually getting easier and the platform only getting better as more data goes in. As we’ve seen above, we’re talking about hundreds of billions of observations per week, so we’re talking about a lot of data that goes into the platform. Arctic Wolf also constantly adds more intelligence to the platform. The biggest challenge for Arctic Wolf is scaling this data itself.
Arctic Wolf has the so-called concierge approach when it comes to how they collaborate with customers. That is, customers basically outsource everything to Arctic Wolf. That raises the question whether this approach is sustainable as they get more and more customers. After all, there is a huge shortage in the job market of good security professionals. At least, that’s what we hear on a regular basis. Schneider does not see this as a problem: “We are a very interesting employer because people can do a lot of aspects of cybersecurity with us.” In addition, the platform will also only get better and thus more efficient. This means that each employee can do a lot more in the same timeframe.
Positive outlook, with caveats
All in all, then, Schneider has quite a positive message. Whether Arctic Wolf’s awareness approach is measurably better than others is difficult for us to judge. We have no comparative material for that. But the statement that awareness training only works if you offer it in a good and personalized way seems pretty logical to us. In principle, Arctic Wolf does not solve the inherent complexity of the security landscape, as organizations continue to make investments in security solutions. It does, however, ensure that everything is brought together in a unified way.
Schneider does expect a consolidation of the number of vendors by 2023. In the process, the vendors that can solve the “human problem” will rise to the top, is his expectation. Furthermore, he expects 2023 to have more breaches than 2022. Last year was a relatively quiet year in this regard, mainly because of the war between Russia and Ukraine. So now that is going to pick up again, he predicts. However, Arctic Wolf’s platform is getting better by the day, if Schneider is to be believed. So hopefully it’s going to make sure it catches the new threats in time.