10 min Security

Arctic Wolf CEO: “Platform is what customers are really looking for”

The security platform is gaining traction

Insight: Security Platforms

Arctic Wolf CEO: “Platform is what customers are really looking for”

Organizations want to achieve more with fewer security solutions, we hear from Nick Schneider, the CEO of Arctic Wolf. We speak to him briefly during a lightning visit to the Netherlands. Besides this topic, where security platforms play a big role, we also talk about the impact of European regulations and the changing role of insurers when it comes to cybersecurity.

It’s not just the CEO of Arctic Wolf saying that organizations want to consolidate. We are also hearing from organizations themselves that they are becoming more cautious about investing in point solutions. This does not mean that these organizations are also immediately putting all their money on a single player. However, they are increasingly looking at how they can maximize the return on their existing investments. In part, this involves making maximum use of the capabilities of the existing solutions, but certainly also how they can extract maximum value from the data that can be extracted from those solutions. How far organizations really are with this in is hard to say definitively, but the theme of consolidation is very much alive.

In addition to developments on the customer side, there is also certainly consolidation on the vendor side. This has been the case for quite some time. Sometimes on a very large scale, with Cisco’s acquisition of Splunk (although that’s about more than just cybersecurity, of course), sometimes on a smaller scale, with the merger of LogRhythm and Exabeam or the acquisitions of Wiz and Fortinet’s acquisition of Lacework, to name a few examples.

Consolidation = platform

The two sides of consolidation cited above are obviously related. Indeed, they reinforce each other. We can see vendor consolidation as a sign that organizations are no longer buying all (new) security solutions en masse. They are taking a much closer and more focused look at their investments. However, this is also a consequence of the changes that vendors are bringing to the market. These in turn cause organizations to look differently at their security stack and the investments that go with it.

Whatever the exact dynamics may be between organizations and security vendors, there is undoubtedly some degree of consolidation. Of course new security players are still emerging, but often get swallowed up quickly by larger platforms. In this regard, consider SentinelOne acquiring PingSafe, for example, or Akamai acquiring Noname Security.

One security platform is not the other

In the previous paragraph, we used the word “platforms”. From a market perspective, that is the security theme of the moment as far as we are concerned. Security platforms seem to be all over the place at the moment. “The challenge is that players who do a single thing also claim they are a platform,” Schneider immediately points out the problem with this. In other words, everything seems to be a platform these days.

Schneider uses the term marketecture (also known as marchitecture) to refer to the platforms that really are just that for marketing reasons. These could be the players he alluded to above, i.e., those that actually only do one thing but still market it as a platform. However, they could also be large players that operate in many sub-areas of cybersecurity, but where the various tools are deployed independently.

What is a security platform in 2024 according to Arctic Wolf?

During our conversation, Schneider names the core of what he believes a security platform should be and do: “It should be able to leverage the technologies but also use them in a cross-functional way.” That means, among other things, that the tools Arctic Wolf offers are fundamentally integrated. That is, they do not stand alone and are always part of the architecture. New components also always become native parts of the platform. According to Schneider, they try very hard to do this at Arctic Wolf, even though he also immediately admits that this is not easy and they don’t always get it right the first time.

Native integration has the disadvantage for a player like Arctic Wolf that when they acquire or develop a new tool, they cannot immediately put that tool on the market. It must first be optimally integrated. However, this approach also has an extremely important advantage, at least on paper. If you go for native integration in an existing architecture, you also by definition pay more attention to the quality of the code of the solutions. This also eliminates vulnerabilities as much as possible.

A lot of attention to prevent vulnerabilities

When we ask him about vulnerabilities in Arctic Wolf’s own code, Schneider says he is not worried about that. “We spend a lot of time and money to prevent this. Not only in developing the platform, but also around how we serve data to our customer and around laws and regulations,” he points out. In particular, larger players who have made all kinds of acquisitions over the years but have not integrated them (properly) seem to spend less time on this. To be clear, Schneider does not make that last point explicitly himself; Tomer Weingarten of SentinelOne did do that in a recent interview.

Nick_Schneider_Arctic_Wolf
Nick Schneider, CEO at Arctic Wolf

Objectively speaking, it is quite logical to make the link between loosely connected platforms and vulnerabilities. Whether it was actually due to the somewhat less deep integration within the platforms at these types of companies is, of course, partly speculation. Those larger companies also tend to be quite old. That means they have the necessary legacy. A company like Arctic Wolf does not suffer from that. Either way, it’s not a good signal to the market if security companies have vulnerabilities of their own.

By the way, if you want to know more about how Arctic Wolf looks at the security platform, please refer to previous articles we have written. In this article, we explain the different components of Arctic Wolf’s platform in quite some detail. To learn more about the overarching vision, please refer to an earlier conversation with Schneider, based on which we wrote this article.

New challenges in Europe

When we talk about cybersecurity trends, Europe, and especially the EU, has some additional challenges for security solutions and platforms. Schneider certainly sees that, too. “You have to put real thought into how you go to market. Where you build your SOC, which people have access, whether or not US or anyone else can access it,” he lists some of the challenges.

Still, Schneider is not at all sad about the laws and regulations being rolled out to member states from the European Commission. Indeed, “these are good things,” he argues. They ultimately make Arctic Wolf’s products, and thus its platform, better. In fact, looking at NIS2, Arctic Wolf sees it as a “major driver of demand” for the managed SOC services it offers. In fact, according to Schneider, Arctic Wolf can solve a large portion of the things needed to be compliant with the NIS2 framework in one fell swoop through its platform. Of course, customers are ultimately responsible, but Arctic Wolf’s platform can provide the necessary guidance.

Arctic Wolf, by the way, is doing very well in Europe, Schneider states. The company has not been operating here for very long. In 2021, it officially expanded into Europe. Around 250 people now work for the company in this region. “The European market in general is doing very well and is outgrowing the broader cybersecurity market,” according to Schneider. “So the expansion has gone very well and our portfolio is very well received here,” he adds.

Important role for insurers

Whether NIS2 is actually going to make organizations more secure is, of course, not entirely sure. Schneider realizes that, too. But, “at least it creates awareness,” he points out. That in itself is a good thing.

However, Schneider also sees something else happening in the marketplace. More guidelines and legislation around cybersecurity for organizations also means more duties from those organizations in terms of compliance. And that compliance is something insurers are going to demand from organizations that want to insure against things like cyber attacks. In other words, you can’t just pass everything off to insurers anymore and not take responsibility yourself. New rules and regulations give insurers tools to actually set requirements better.

The idea that insurers can start to lay down cybersecurity requirements for companies is in itself a good one. They may not know a lot about cybersecurity, though. So how much of a say should they get in whether companies can get insurance or not? Schneider doesn’t see that problem per se, as insurers generally don’t necessarily have that of the things they insure for or against anyway. “Insurers need to understand risk profiles, not so much cybersecurity,” he sums up.

To understand risk profiles of organizations, of course, insurers need the right input. That’s where Arctic Wolf wants to help. It released its Arctic Wolf Cyber Resilience Assessment (CRA) earlier this year. That allows organizations to gain insight into their cyber resilience and also their “insurability.

CRA “is built to answer the questions an insurer has,” Schneider says. The insurer can then give better rates or better terms to organizations using the Arctic Wolf platform. That, in turn, should provide a pull for Arctic Wolf’s platform and services. That makes the business model come full circle again.

Arctic Wolf’s platform aims to offer customers what they need

Looking at it from an insurance perspective a little bit longer, one might ask whether it is easier to determine or be compliant with insurers’ requirements using the open platform perspective that Arctic Wolf has or whether a collection of point solutions or a closed platform perspective would also do the trick.

Conceptually, the answer is pretty simple. Of course it’s easier to demonstrate compliance if you can get that more or less from a platform. After all, that has already done most of the work for you. The fact that it is an open platform also means that you can actually plug anything you want or think you need into it. That not only works for the insurance example above, but also for NIS2 compliance in general. On top of that, it also works in a world that is battling tool sprawl but also wants to make the most of previous investments.

It is up to Arctic Wolf to continually prove that a platform like the Security Operations Platform is also the best option in practice. At least the market seems to be consolidating somewhat and organizations also seem to be getting more and more interested in security platforms. If they do not have to replace their entire security stack to do so and there is no danger of lock-in, the threshold for adoption is not that high. However, it is an additional cost item that comes on top of their existing spend, assuming that they keep those. If they can extract enough added value from that extra investment, though, it becomes a lot easier to justify it.

Also listen to: a Techzine Talks on Tour episode that we recorded at RSA Conference earlier this year with Arctic Wolf’s CISO, Adam Marrè. His job is to keep the Arctic Wolf platform as secure as possible, something we also discussed in the article we publish today.