 Viewers of our Breaking Analysis series know that we've been following the developments in cybersecurity for a number of years, and of course, throughout the pandemic, focusing on the permanent shifts that we see in cyber from remote work, distributed computing, and technology advancements. We've reported how the adversaries are highly capable, they're well-funded, and they're motivated. And how they're constantly upping their game on defenders, island hopping, stealthily living off the land, planting, self-forming malware at various points in the digital supply chain, offering advanced ransomware as a service on the dark web to any disreputable individual with or without a high school diploma that may have access to a server and is brazen enough to steal from their company. We've also shared this chart from Optiv many, many times. It's a taxonomy of the cybersecurity landscape, and it is meant to make your eyes bleed. Ask any CISO, and they'll tell you they're drowning in fragmented tooling, technical debt, and their number one challenge is lack of talent. Not that their people aren't capable, they are, but CISOs just don't have enough of them. They can't hire fast enough, or they can't retain qualified people with the talent war that's going on, or they can't train people fast enough, or they just don't have the budget. Hello, everyone. This is Dave Vellante, and welcome to this video exclusive with Nick Schneider, president and CEO of Arctic Wolf Networks. Nick, so good to see you. Thanks for coming on theCUBE. Thanks for having me, Dave. That's our pleasure. So Arctic Wolf Networks, let's talk about the company, the problem. You heard my little narrative up front. What are you guys all about? Yeah, so at its core, we're a cybersecurity technology company. You know, it's our belief that we've really pioneered the first full-scale cloud-native security operations platform. And at its core, what we're trying to do as a business is make security operations something that's fast, easy, and economical for really a company of any size and scale to implement with really two key components. One, we're agnostic to the technology and the landscape of the technology that they have already implemented within their environment. And two, we can feather into really any organization, regardless of the skill set they have from a cybersecurity standpoint in-house. And really the problem that we're setting out to solve, I think you illustrated well at the beginning of the show here, is that it's our belief that the cybersecurity industry, in a sense, has failed the end user, or failed the customer by throwing a myriad of different tools at them. And it's really our mission here as a company to end cyber risk. And it's our belief that through the cloud-native platform that we've bought in the cybersecurity operations cloud that we've built, that we can deliver the outcomes that have been promised over time to these customers, which at the end of the day is really just to be safe and have their business protected. So you guys are the experts. You can kind of provide a white glove service that essentially plugs in to my business. Is that right? And how easy is that to do? What do I have to do to set it up? How complicated is that for me, the customer? Yeah, so it's very straightforward. We can implement our security operations platform, you know, and is short as a week and generally speaking, you know, about a month. And we plug in really to the infrastructure that the customer has in place. And for some of our customers, that's very little. And for some of our customers, most of our customers, that's quite a bit of technology. And the beauty of the way that we've built the platform is that we're really agnostic to that tech. So we can take feeds from kind of any technology that are in place. That helps to augment the platform that we've built. And then we feather in kind of the technologies that we've built within the platform into their existing infrastructure. And at the end of the day, what we're trying to do is give the customer visibility, you know, into the tools that they have, the gaps that they might have as a result of the tools, you know, in some cases, the duplication of efforts that they have, you know, between these tools and then deliver a security outcome or a protection that maybe they haven't otherwise felt as a business. And then outside of kind of the technology platform, we add what we call our concierge security team as a layer to the deliverable that we give to the customer. And why that's important is that not all customers, you know, are created equal and with regard to the skill set that they have in house in that that concierge security platform allows us to kind of work with a customer at any kind of, you know, point along their security journey, regardless of the in-house technology talent that they have. Now, so I got to ask you our largest footprint for the Cube is in the heart of Silicon Valley. We love the Valley, but I also love stories of high growth companies that are outside of Silicon Valley. You guys are in the Midwest and Minnesota and got some compelling DNA in there. And I remember my, so my business friends, Phil Soren and Larry Asman, you know them, Phil used to tell me, Dave, this is actually an advantage for us to be in the middle of part of the country. There's a talent war going on, which back then was a lot less than it is today even. So how do you see that? Are there advantages to you and being in that part of the country or does it not matter because you're so distributed around the world? Yeah, I mean, I would follow a similar tune to Phil, right? I, you know, obviously worked at Compellant early and, you know, historically I've worked at other Minneapolis based technology companies. And the reality is there's a really strong technology ecosystem in Minneapolis. And a lot of the, of the talent, you know, is not just in sales and marketing or just on the technical side, but it's in building high growth technology companies kind of from the ground up into, you know, large scale. And now we've seen not only the Fortune 500 kind of base that we have here in Minneapolis, but also a growing contingency of larger technology companies using Minneapolis as at least, you know, one of the spokes against their hub, if not the hub themselves. And clearly my pedigree in history was out of Minneapolis based tech, you know, and I've moved to other locations throughout the country. But as we started to build out, you know, Artic Wolf and what we wanted Artic Wolf's culture to look like. And as we started to lay out the foundation for what we wanted our growth to look like, it became very clear to myself, you know, our chairman and co-founder, Brian Nesmith, that Minneapolis would be a great home for us as Artic Wolf. And then we would continue to invest in some of the locations that we have, you know, both across the country and now across the globe. So there are a lot of companies that are doing managed security services. But if I got it right, you guys specifically target smaller and mid-sized companies. Is that correct? And why is that? Yeah, so I would say that that would be correct. As of a few years ago, the dynamic has changed quite a bit. And I think it's a result of the dynamic of the market. First and foremost, we are a technology company. We have this Casier's layer on top, which is really what the customers are looking for. But it's all powered by the platform. So the platform kind of allows us to do what we've done as a business into both small organizations, which is where we probably got our start. But over the last few years, we've seen tremendous growth upmarket. So for example, we as a business have grown over 100% now for eight years in a row and now on a much larger denominator, but our upmarket business is growing at 4 to 500%. And I think that's a result of really two things. I think A, customers of that size and scale have realized that cybersecurity and cybersecurity operations as a problem is something that's really hard to accomplish in-house, regardless of your size and complexity. And then two, I think what happened over the past year, year and a half is that we saw a lot of organizations move from a centralized IT or a centralized security function where they could all operate within an office and all operate in a centralized environment, all of a sudden becoming very disparate in their geography. And that led to a lot more interest in what we did with larger customers because we could deploy a security operation effectively remotely in a really short amount of time. And we could do it more effectively and economically than they could do on their own. And then we also saw for a component of the human aspect of what a security operation means. And what I mean by that is these larger organizations can take their highly skilled cybersecurity talent and focus them on the strategic initiatives within the company, whereas a lot of the security work or risk is in kind of the day to day, right? The dieting that takes place within an organization. And that's where a lot of the breaches take place is in making sure that you're actually paying attention to the alerts that you're getting and paying attention to the telemetry and the tools that you've made investments in. And we augment that portion of cybersecurity operation really, really well for large organizations and for smaller organizations, we are that security operation. So it's kind of dependent on the way in which they're set up. Okay, so it's a mix of both augmenting and basically you take the whole thing. And so your ideal customer profile, your ICP, is anybody with a security problem? I mean, that's everybody. Well, maybe you could describe, paint a picture of your perfect customer, if you would. Yeah, so, and I know you said that somewhat jokingly, but it is true. We have customers of all sizes. So I bet our smallest customer is under 10 employees. Our largest customer is over 50,000 employees. We have customers in every vertical of the market, mostly centralized in healthcare, financial organizations, manufacturing. But the largest swath of customers by industry would probably not top 10%. So we service really any account that's looking to develop and invest in a security operation and has the support of their organization and the support of their board and their leadership teams to make that investment. And then where we fall within the account is really dependent on the way in which their current operation is set up. And certainly the massive organizations that have 50 people within their cybersecurity team and they have a hundred different tools, they're probably not the best target for us. But if they have security awareness, if they have a security as a top need or a top priority within their business and they're looking for a way to build out a true security operation within their account, whether that be wholesale through a third party or in part through a third party, we're a perfect fit for all those accounts, which makes our addressable market massive. Yeah, so what's unique about you guys, I mean, this may be not the right analogy, but you're kind of like the easy button for cyber. I mean, there's nothing easy about cyber. I get that, but you do make it easy, especially for companies that don't have any cyber expertise to engage and get up to speed fast and certainly be more protected. So that's one aspect of your uniqueness. The other is, I think is your tech stack. I'm hearing you've got a platform. I know you're focused on network detection and fast response. Maybe you could talk a little bit about what's unique about Arctic Wolf. Yeah, so the platform itself is really what we founded the company on. So we spent the first few years of our organization in really building out this cloud scale, multi-tenant cloud native platform, understanding that the volume of data and the amount of sophistication that we would need to deliver the security operation in the long run was going to be massive. So the platform's really kind of set on a few different founding principles. One, the platform needs to work for any organization regardless of their size, regardless of their underlying tech and regardless of the skill set within their account. And that's really important. A lot of the tools in the market today require certain things of the customer. And it's our premise, regardless of the customer, that we won't require anything from the customers themselves. It's up to them to tell us which portions of the experience they want to own versus Arctic Wolf owning. The second would be that we need to be able to ingest a vast amount of data and we need to be able to make intelligent decisions with that data in a short amount of time. And as we've built out our machine learning and our AR algorithms, what we've been able to do is leverage a tool set that allows us to ingest, I think we're up to now 1.5, approaching two trillion observations a week, which might equate to a few hundred alerts within our sock on a per customer basis. But we're only bringing one or two things to a customer on a weekly basis that really need attention. And that's all about the platform kind of curating and cultivating the vast amount of data that we've brought into it. And then how do we explain and how do we sell that platform with this concierge later into the customer base is also important. And we've done that through what we call modules. So we kind of founded the company on MDR, managed detection and response, but we are not a managed detection or response company. It's one of our modules. We've then added manage risk, which competes kind of in the vulnerability management space. We've added a SAS and IAS monitoring, which is really cloud security. We've added what we call log search, which is really our first foray into collaboration. And then we just recently launched a quarter ago, what we call managed security awareness training, which is training the human aspect of the company on the threats of cybersecurity. And we actually just announced another acquisition in the managed security space today with habituate, which is going to give us kind of a Hollywood style approach to content within managed awareness training. But tying all those together is very unique in the market. So generally speaking, you'll see a company focused on a specific attack surface or a specific threat. And what we're trying to say is, look, you're not 100% protected as a business, or you don't have a robust security operation, unless you're bringing together all aspects of cybersecurity under one umbrella. And that's really our goal as a company. Okay, so you got all these different modules and you may not want to go here because you're in the cyber business and you're prudently secretive, but I'm interested in what's underneath. I presume you're using best of breed tooling underneath, but unlike the hosting company of the past or a big integrator who could do this, but they've got one of everything and it's kind of a mess. You're building a scalable business, but you're not developing your best of breed identity access products for the marketplace. I presume you're buying those in, integrating them and working through whatever APIs and making it all work across your stack. Can you talk a little bit about your tech stack? Yeah, so the technology stack has all been built from the ground up by ArticWolf. So certainly we're using various technologies or open source technologies from within the ecosystem, but the technology and the platform itself is ArticWolf. So we're not beholden to any third parties for what we deliver to the customer. And that makes us very nimble in a few areas. One, it makes us very nimble in the way that we price the solution to the customer, which for us is a very predictable model. And then two, it allows us to be nimble with customer needs as to what they want from us, both of the existing modules that we have, but also additional modules or additional solutions that we might bring to the market. So a lot of vendors that have historically kind of lived within the MDR space and certainly vendors that have lived in the managed, the MSSP or MSP space, which we are certainly not, they're generally leveraging third party technologies, they're generally buying and implementing or white labeling third party technologies. And then they're layering kind of a services component on top and we are not doing that. We've built the technology ourselves and don't get me wrong, that was a massive investment in both time and resources. But I think in the end what it'll allow us to do is be very nimble with the market and most importantly be very nimble with the customer's requirements and requests. Right, okay, so let's talk about your market opportunity. I mean, the cyber space, I mean, I got it well over a hundred billion, I don't know, maybe it's 110, 120 billion, that's kind of your tan. You may be not serving that entire market today, although you said you started in small and mid-sized, you're targeting now your enterprise, your higher end business is growing. You talked about, I think you said 100% growth, like eight quarters in a row. And so there's no shortage of opportunity for you. How do you think about your total available market? Maybe you could add some color to that. Yeah, yeah, so it's been eight years of 100% growth, eight years of 100% growth. Eight years, not eight quarters, I apologize. It's been going really well for us and it's a reflection on the market itself and the approach we're taking. So in our view, security operations is really the opportunity to unify all these disparate markets in cybersecurity. And when I walk into a customer account, if I had to use two words to describe how they're feeling, one would be confused, the other would be frustrated. Sometimes they're both, sometimes they're only one, but generally speaking, one of those two words comes out of their mouth and the reason for it is at the end of the day, they just want to be protected. They want the outcome and all of these disparate markets are promising the same outcome, but they're just promising it on the end point or just on the network or just in cloud or just in IoT or just in OT or just in fill in the blank. And it's our view that it's our opportunity as a company to really fill that void for the customer, which is to unify all of these different technologies and spaces into one security operation. And sometimes that means that we're delivering our own endpoint. And sometimes that means that we're leveraging an endpoint or an endpoint solution that the customer has in-house and we're ingesting that data into our platform and we're making sense of it to the end user. But when you put that market together, it's a hundred and I think Gartner's recent numbers there, 150 plus billion dollar market in 2021, I think it's growing at 12 to 15%. And it's our view that we can service the majority of that market. I think on a conservative measure, 90 to 100 billion is the TAM that we're addressing. And we're now starting to go not only scaling out from the number of products or the markets that we service. And you can see that through managed security awareness training, but also the geographies we service, the segments of the market we service, specialization within verticals. And for us, that is the opportunity at the end here. I wonder if you could help us squint through some of the data you hear in the industry, some of the trends you see in the press. Certainly this came up in the solar winds hack. We're seeing, I mentioned up front, the adversaries are very capable. They're able to get in, live off the land, live stealthily, their island hopping in through the supply chain. You know, oftentimes you don't know, not more than often, you don't know they're there. I've heard stats like, if you look at the solar winds hack, we saw that it was 300 days or over a year that they were inside the company. And you've heard average statistics from whatever, that it's hundreds of days. Are those, are you able to compress those? Can you talk about that a little bit in terms of where you see your customers and how you're helping them respond? Yeah. Yeah, so at the end of the day, you know, cybersecurity, the industry is really about limiting the volume of incidents within a customer account and then limiting the impact. And what you're talking about is the impact and the impact as these threat actors become more sophisticated is larger as they're in the environment for a longer period of time. So the faster you can get to an attack or the faster you can detect an attack, the better off you'll be as a business. And that is the core of what we do as a company. And certainly, you know, managed detection response or MDR or first offering was all about that. It's all about detecting early and responding early to a threat so that you can get anything that has gotten through your perimeter defenses out of your systems as fast as humanly possible. And then we've feathered in, you know, manage risk, which is more about the front end. So how do we make sure that we have everything configured properly? How do we make sure that we, you know, fill any holes that are in the current environment so that we don't even get to a point where we have to manage the time with which an attack has had to live within your environment. So it's all about kind of those two things, reduce the frequency and reduce the impact. And we're focused on both, both the kind of the proactive measures, which would be more on the front end and then the reactive measures, which is what do you do and how can you act as quickly as possible within your environment to ensure that, you know, they're not getting into the crown jewels of the business. We've seen lately where the attackers have, I mean, it's really insidious, right? Nick, they will exfiltrate, they'll get in, they'll exfiltrate stealthily and they'll be ready to attack from a ransomware standpoint. And then they, maybe they're hitting the bank and they're scouring to see what the chief information officer is going to invest in. And they're actually making trades ahead of that. They're making more money, you know, snooping than from the ransomware. And then when the company realizes and they respond, then they get them in a headlock and say, okay, now that you're going to stop us from making all this money through exfiltration, we're going to hit you with ransomware. So it's just, it's a really awful situation. So my point being that we've said organizations have to be stealthy in their response. Have you seen that as a trend? Am I overstating that? No, no, I mean, customers are, you know, good news, bad news, customers are very aware of the threats in particular ransomware, data exfiltration and all the other trends in the market. And I think they've become more sophisticated in the way in which they respond. And I think as a result, we've seen both changes in the way customers kind of set up their environment technologically, but we've also seen a pretty dramatic shift recently with the way in which they view insurance and the way in which, you know, carriers view insurance and how that plays a role in, you know, cybersecurity and their cybersecurity operation. And for a lot of customers, I think recent trends are that the carriers are struggling to, you know, make money on their cyber books. And the reason for that is because they need to make sure that the customer's environment is truly secure or they're kind of flying blind on what their book looks like. And we've started to see that both on the end user side, we've seen that through the carriers themselves. And that also has played an integral role in the way in which the customer views risk. And I think that dynamic's changing. And I think what the result of that will be is that customers are going to be looking more and more towards how they solve this problem by alleviating risk in-house as opposed to transferring some of that risk to an insurance carrier or a third party. And what I hope that means for customers is that they'll have the proper investment, they'll have the proper tooling, they'll have the proper operations around how to react and how to respond in the quickest possible manner, which at the end of the day, the faster you can react to an incident, the smaller the impact will be and the smaller of a financial burden it will be. And they'll do that through vendors like Arctic Wolf, tools that are best to breed within their infrastructure and then a really well thought out plan about how to respond to anything that happens within their environment. Yeah, I mean, if I'm an insurance company, I'm going to give a discount to somebody who's got an alarm in their house and they use it, I'll give a discount if they're working with a company like Arctic Wolf. Exactly. What percent, do you have a sense as to what percent of enterprises actually have a SOC? Yeah, we actually did some homework here and there's kind of two stats that jump out. And these are through a few different surveys through very well-known organizations in the cybersecurity market. But one is that last year, which would have been 2020, about 60% of organizations said that they suffered some semblance of a breach. 60%, think about how many tools and how much money these organizations are investing in protecting their businesses and over half are suffering some semblance of a breach. When those same customers are asked whether or not they felt like they have a security operation, over 99% answered no. Wow. Right, so they have a bunch of tools, they're investing a ton of money, but at the end of the day when asked, hey, do you feel like you have an operation that can protect your business? Their answer is no. Well. And that's really the void we're trying to fill. And you and I both know that 60%, okay? But then the other 40%, they've been hacked, they just don't know it. Yeah, exactly. So, all right, let's wrap with the substats on the company. I think you've raised nearly half a billion dollars to date, $500 million dollars to date. So that's, I can infer from that some pretty lofty numbers. But where are you in funding with that kind of growth? I got to believe IPO is in your future. What can you tell, what metrics can you share? What can you tell us about where you want to take this thing? Yeah, so I'll give you a few metrics on the platform and a few metrics on the company. So the platform itself, we're observing over 1.5 trillion observations a week. We have 10,000 plus sensors in the field. We're ingesting, coming from a compelling infrastructure guy, we're ingesting over a petabyte and a half of data a week. I would have loved to have been that sales guy in the glory days, but the platform's operating at massive scale. We've grown the business eight years in a row, over 100%, we've talked about that. Our subscription gross margins are very software-like. We have over 2,000 customers. Our customers are really happy with an MPS score, approaching 70, over a million licensed users. So we're doing very, very well as a business. And as a result, we've raised money to invest in that growth, which is to the tune of about a half a billion dollars. And our path here, and we've stated this publicly now, is that next summer, give or take a quarter is really the timeframe that we're marching towards for an IPO. If I'm being honest, given the metrics that we have as a business, we could be a publicly traded company today, especially with the way the market's operating in the valuations of some of the businesses that have gone out. There might be some, even some pressure to do so, but we want to be make sure that we are ready to go from a systems and an operations standpoint, to not just be a flash in the plan, pan, awesome IPO, but a company that's really kind of the backbone of cybersecurity for years to come. Well, obviously a hot split space. I mean, we've been covering for a couple of years now, Octa, CrowdStrike, Zscaler, we've seen what's happened in the action of the market there. I mean, what are your comps? I mean, I know, I think Darktrace is getting ready to go. They've gone yet, Sentinel-1 went out. How should we think about you? You're not an Octa or, I don't think, well, CrowdStrike, but those are pure play product companies. How should we think about you guys? Yeah, I mean, companies that were on a similar trajectory as us at our size, Sentinel-1's a very good example. And you can kind of look across all the core business metrics on that. And clearly those will all be public here in under a year. CrowdStrike's a great example. If you go real back the tape to when they were our size, we're right in line with them. Zscaler, Octa, I joke with our board and investors and our CFO that the number of companies that we benchmark ourselves against is starting to become a very small number given our growth at the scale that we're at. Well, it's an awesome story, Nick. We're really excited that you can make some time to come on theCUBE and we want to follow your progress. Welcome you back anytime, really appreciate your time. Yeah, great. Thanks for having me, Dave, and I look forward to continuing the conversation at some point. Excellent, and thank you for watching everybody. This is Dave Vellante for theCUBE and we'll see you next time.