Thesis
In today’s increasingly complex and digital world, businesses of all sizes face the ever-growing threat of cyber attacks. Such attacks are becoming both more frequent and more damaging to the businesses they impact, with a 38% increase in attacks in 2022 costing an average of $4.4 million per breach.
Small and mid-sized companies are particularly susceptible to cyber attacks. Most SMBs lack the capacity to build and properly maintain an effective security operations center (SOC), with a properly staffed team requiring several analysts, each costing an average of $111K per year. A cyber breach can be particularly devastating for smaller enterprises operating with limited financial resources.
Arctic Wolf provides enterprise-class security to small and medium-sized organizations which lack the expertise and resources to navigate the universe of cybersecurity products and services, or develop their own solutions. With its SOC-as-a-service (SOCaaS) product, the company offers technology and human expertise to businesses that otherwise would not be able to build security infrastructure.
Founding Story
Source: Communitech
Arctic Wolf, headquartered in Eden Prairie, Minnesota, was founded in 2012 by Brian NeSmith (former CEO) and Kim Tremblay (former vice president and SVP of Strategy).
NeSmith graduated from MIT in 1984 with a degree in Engineering. A self-described “lifelong entrepreneur”, he joined data networking start-up Newbridge Networks in 1987 as a product manager. In 1995, NeSmith joined tech startup Ipsilon Networks as President and CEO, and refocused the business from IP switching to network security. He served in that role until 1997, when Ipsilon was acquired by Nokia for $120M. Following his departure, NeSmith was appointed CEO of security startup Blue Coat Systems. During his tenure, NeSmith led the company’s IPO and raised revenues from less than $5 million a year to over $500 million a year.
Tremblay graduated from the University of Waterloo in 1984 with degrees in mathematics and computer science. She worked as a software developer and product manager at telecommunications and engineering firms including Nortel and Virtek Vision before becoming Director of Engineering at MKS, a provider of application lifecycle management (ALM) technology. In 2000, Tremblay joined Blue Coat Systems as VP of Engineering under NeSmith.
Tremblay and NeSmith worked together at Blue Coat Systems from 2000 to 2011. The pair saw an opportunity to bring enterprise-class security to the lower and middle markets, which were historically underserved by other solutions. In 2012, Tremblay and NeSmith officially founded Arctic Wolf.
NeSmith left his role as CEO in 2021 and remained as executive chairman. Tremblay retired as Vice President in 2018. NeSmith was replaced in his role by Nick Schneider, who previously served as Chief Revenue Officer and Head of Worldwide Sales.
Product
Managed Detection and Response (MDR)
Source: Arctic Wolf
Arctic Wolf’s flagship Managed Detection and Response solution is designed to protect enterprises from cyber attacks by providing 24/7 monitoring of the enterprise’s networks, endpoints, and cloud environments. Arctic Wolf provides broad visibility across cloud platforms and claims its platform catches advanced threats missed by other cybersecurity solutions. It provides security advisors to operate as an extension of existing client information technology teams.
After threats are detected, Arctic Wolf provides managed investigation services. Arctic Wolf takes ownership of cybersecurity threat response in an effort to save clients time and resources that are required for handling threat detection responses internally. Once threats are eliminated, Arctic Wolf guides clients on remediating any damage and provides a ‘root cause analysis’ to prevent future incidents.
Cloud Detection and Response
Source: Arctic Wolf
Arctic Wolf’s Cloud Detection and Response solution is designed to detect and respond to cyber threats across infrastructure-as-a-service (IaaS) and software-as-a-service (SaaS) resources. While CDR is similar to MDR, CDR is a lighter product specifically targeting threats to cloud ecosystems, whereas MDR targets broader technology ecosystems. Arctic Wolf offers equivalent detection, response, and recovery services with the CDR solution as compared to the MDR solution.
Managed Risk
Source: Arctic Wolf
Arctic Wolf’s Managed Risk solution enables enterprises to discover weaknesses and cyber risks in technological environments. The solution identifies digital risks across networks, endpoints, and cloud environments. A Concierge Security Team then assesses the environment and provides clients with risk priorities and remediation actions. After the client and the Concierge Security Team identify and optimize the risk environment, Arctic Wolf’s Managed Risk solution runs an active cycle of discovering, assessing, and resolving new risks in the client's technological environment.
Cloud Security Posture Management (CSPM)
Source: Arctic Wolf
Arctic Wolf’s Cloud Security Posture Management solution is designed to help enterprises discover, harden, and simplify cloud environments against security misconfiguration vulnerabilities. CSPM manages and continuously updates cloud assets that many organizations do not have the infrastructure to manage internally. Further, CSPM scans cloud databases to detect misconfigurations that cloud threats utilize to attack. After detecting misconfigurations, Arctic Wolf’s security operations experts recommend strategies to improve cloud security posture for organizations.
Managed Security Awareness
Source: Arctic Wolf
Arctic Wolf’s Managed Security Awareness solution is designed to improve enterprise employee recognition of social engineering tactics such as phishing emails. The solution provides learning sessions, quiz sessions, phishing simulations, and employee progress reports to educate employees and identify at-risk employees. Additionally, Arctic Wolf enables the integration of security awareness training with fifteen additional compliance courses, including Title IX, FERPA, anti-discrimination, and sexual harassment prevention. Arctic Wolf began offering security awareness in 2021 after its acquisition of Habitu8.
Incident Response
Source: Arctic Wolf
Arctic Wolf’s Incident Response solution is intended to minimize the damage caused by cyber incidents such as ransomware, IP theft, data breach, email compromisation, and employee misconduct. Arctic Wolf provides incident analysis and restoration services intended to resolve incidents as quickly and efficiently as possible. The Incident Response solution can be pre-purchased via the Arctic Wolf IR JumpStart Retainer.
Market
Customer
Arctic Wolf reports that it has 5K customers globally across 30 countries as of August 2023. Customers include Charles Southern University, Jackson Parish Hospital, First United Bank & Trust, Sheridans, and Teamworks.
Arctic Wolf initially targeted SMB and mid-market businesses that could not afford to staff internal cybersecurity teams. The company has since expanded its product offering to service enterprise-level clients by shifting its messaging from security being a tools and staffing problem to being an operational problem that any business could improve. As CEO Nick Schneider explained in an interview:
“Arctic Wolf [adopts an] operational approach to security through a cloud-native platform. Security isn’t solely a tools or staffing problem — it is an operational problem. It needs to be solved by a foundational and unifying platform that offers action-based intelligence. Unlike other industries like customer relationship management, which has Salesforce, or HR, which has Workday, this system-of-record platform has never been accomplished in cybersecurity — until Arctic Wolf.”
Arctic Wolf markets to any business globally that has a need for SOCaaS. Within that segment, the company markets most aggressively to industries with complex regulatory compliance standards that require certain levels of security. These industries include financial services, state, and local government, legal, education, healthcare, manufacturing, retail, and transportation.
Market Size
The global managed detection and response market size reached $4.9 billion in 2021 and is forecasted to grow to $21.9 billion in 2030, registering an 18.1% CAGR. It is estimated that by 2025, 60% of organizations will employ an MDR provider to deliver remote threat disruption and containment, up from 30% today.
Market growth is expected to be driven by the increased risk of cyber attacks, the increasing number of cloud-native apps, and the increasing adoption of IoT devices. Additionally, Emergen Research expects MDR providers to adopt machine learning (ML) and artificial intelligence (AI) to improve the accuracy and speed of detection, which would contribute to an increase in revenue.
Competition
Source: IDC MarketScape
Arctic Wolf faces direct competition from other firms offering similiar suite of cybersecurity products and services, particularly in the Managed Detection and Response space.
eSentire: Founded in 2001, eSentire is a Waterloo-based company and one of Arctic Wolf’s largest direct competitors. It specializes in MDR services. In February 2022, Warburg Pincus sold a 35% stake in the company to CDPQ and Georgian at a $1.1 billion valuation. At the time of the deal, eSentire announced that it had surpassed $100 million in ARR. eSentire reports it has over 2K customers in over 80 countries, representing 35 industries.
Expel: Expel, founded in 2016, is a Virginia-based cybersecurity company which specializes in SOP and MDR services. It also provides solutions for phishing, threat hunting, and vulnerability protection. In November 2021 the company raised a $140 million Series E led by CapitalG and Paladin Capital Group. In total, Expel has raised $288.8 million over six rounds.
SecureWorks: Atlanta-based SecureWorks, founded in 1999, is a public company with a market cap of $611 million as of June 2023. The company’s flagship product, Taegis, combines the benefits of MDR and ‘extended detection and response’ (XDR) services to create ‘managed XDR’. SecureWorks reported that Taegis contributed to over 80% of total revenue in 2022 at $261 million in ARR. Additionally, the company reports that Taegis serves approximately 2K total customers. Like Arctic Wolf, SecureWorks specializes in MDR services, however, SecureWorks has a broader spectrum of additional cybersecurity services.
CrowdStrike: CrowdStrike, founded in 2011, is a NASDAQ-listed global leader in cybersecurity services, including MDR. It has a market cap of $36 billion as of June 2023. In 2022, the company reported total revenue of $2.2 billion, with 23K customers. The company’s flagship product, CrowdStrike Falcon, includes antivirus, threat intelligence, USB device control, host firewall control, XDR, IT hygiene, and integrated identity security. Unlike Arctic Wolf, CrowdStrike aims to be an end-to-end partner for cybersecurity solutions.
Rapid7: Rapid7 is a global leader in cybersecurity services, including MDR. The Boston, MA-based company, founded in 1999, is a public company with a market cap of $2.7 billion as of June 2023. Rapid7 reported a total ARR of $714 million and 11K customers in 2022. The company has a broad spectrum of cybersecurity products and services, including XDR and MDR.
Business Model
Arctic Wolf operates on a SaaS model, with pricing based on the number of users, the number of required sensors, and the number of servers at the company. Total pricing also varies depending on the specific products required, but all Arctic Wolf customers have unlimited access to the Concierge Security Team regardless of which products they use. No general price guidance is provided on the company’s website.
Source: Arctic Wolf
Traction
As of June 2023, Arctic Wolf has 2.1K employees, representing 19% year-over-year headcount growth. The company has been listed in the Deloitte Fast 500 for four consecutive years, and since the last publication in 2022, has grown its customer base from 3.6K to over 5K. Specifically, Arctic Wolf reports that it “protects over 5K global customers in 30 countries”. Additionally, the company reported that it had raised revenues by over 4300% from 2016 to 2020. In September 2021, the company reported having $200 million in ARR.
Valuation
In May 2012, Arctic Wolf announced a $7.2 million Series A at an estimated $17 million post-money valuation led by Lightspeed Ventures and Redpoint. In December 2012, Lightspeed and Redpoint led Arctic Wolf’s $20 million Series B at an estimated $65 million post-money valuation. In January 2018, Arctic Wolf announced an additional $16 million in Series B funding at an estimated $81 million post-money valuation led by Bright Pixel (formerly Sonae IM). This additional Series B capital infusion was intended to enable Arctic Wolf to address “the soaring demand for SOC services”.
Amidst rapid market growth, Arctic Wolf announced in October 2018 that it had raised a $45 million Series C led by Future Fund, putting the company at an estimated $160 million post-money valuation. In March 2020, Arctic Wolf announced that it had raised a $60 million Series D at an estimated $285 million post-money valuation led by Blue Cloud Ventures and Stereo Capital.
In October 2020, Arctic Wolf announced that it had raised a $200 million Series E at a $1.3 billion post-money valuation, led by Viking Global. In July 2021, it raised a $150 million Series F at a $4.3 billion post-money valuation led by Viking Global and Owl Rock. Based on its $200 million ARR in September 2021, this Series F would represent a 21.5x revenue multiple. The company intended to use its funding to go public in 2022 but opted to delay the IPO after acquiring the incident response company Tetra Defense. In October 2022, Arctic Wolf raised $401 million in debt from Owl Rock in the form of a convertible note, hinting at a possible IPO in the near future.
In total, Arctic Wolf has raised approximately $900 million, with $499 million of that amount coming from equity investments, and the rest from debt. The most recent public valuation of Arctic Wolf was after the Series F in 2021 at $4.3 billion, however, this was prior to the acquisitions of Habitu8 in September 2021 and Tetra Defense in February 2022.
Key Opportunities
Market Growth
Gartner reports that the “demand for cloud-based detection and response solutions — such as endpoint detection and response (EDR) and managed detection and response (MDR) — will increase in the coming years,” driven by the growing adoption of multi-cloud environments. The IDC estimates that 750 million new cloud-native apps will be created globally by 2025, representing 4x growth. Additionally, the increasing adoption of IoT devices could drive additional MDR growth.
Recent years have seen an increasing number of cyber attacks. Multiple CTO survey reports, including Morgan Stanley, Gartner, ETR, Flexiti, and Battery Ventures, show that security is one of the highest priority budget items of technology spend for CTOs. Specifically, over 31% of survey respondents in Battery Ventures’ report stated that security was their number one priority, while over 92% of respondents expect their security budgets to increase between 2022 and 2023. This pronounced market growth extends through both the private and public sectors.
As one of the MDR market leaders, Arctic Wolf is well-positioned to benefit from the projected 18.1% CAGR for this decade. According to a former C-Suite employee at a large MDR incumbent, “The market is growing quickly, but the Arctic Wolfs of the world are growing closer to 50% CAGR.”
AI/ML Product Enhancement
Arctic Wolf can capitalize on advancements in AI/ML to differentiate from competitors and enhance its current products. AI and ML algorithms can analyze large amounts of data in real time, enabling faster identification of threats. Further, AI/ML advancements can enhance MDR products by analyzing user behavior, network traffic, and system logs to detect anomalous activity. Beyond improving threat detection, AI/ML can automate threat response to immediately contain and mitigate cyber attacks.
Recession Resistance
No industry is entirely immune to economic downturns, but cybersecurity is highly resistant in comparison to the broader market. Morgan Stanley’s Q2 2023 AlphaWise survey showed that security is the last budget item that CTOs expect to cut during an economic downturn. Amidst the current economic downturn, Arctic Wolf increased its employee count from ~1.8K in June 2022 to ~2.1K in June 2023.
Historically, cyber crimes tend to increase during economic downturns. Further, budget-constrained companies can turn to outsourced cybersecurity professionals, such as SOCaaS companies, to reduce costs. Building and maintaining an in-house SOC is significantly more expensive than outsourcing a provider.
Regardless of economic stability, organizations are still at risk of cyber attacks. Arctic Wolf and other cybersecurity companies should not feel the effects of market volatility to the same degree as other industries. Further, Arctic Wolf could capitalize on economic downturns by getting in front of prospective SOCaaS buyers seeking security services. Michael Steed, a General Partner at Paladin Capital Group, notes that:
“In my two decades as a leading investor in cybersecurity companies, I have witnessed how cyber is resilient in times of economic turmoil compared to broader market trends. Now, even as we see some of the larger publicly traded cybersecurity companies conduct layoffs and their share price correct, I remain optimistic about the resiliency of the cybersecurity sector and the opportunities for investment.”
Key Risks
Crowded Market
The market for MDR service providers is crowded, with multiple scaled players competing for the same customer base. Arctic Wolf faces competition from many global competitors. Gartner tracks 40 vendors and notes that the list is not comprehensive. The fragmentation of the MDR market, coupled with the strength of Arctic Wolf’s competitors, poses a long-term threat to Arctic Wolf’s ability to gain a larger market share.
Product Stickiness
Customers of MDR products have expressed a preference to remain with the same vendors for extended periods of time. One Director of a mid-market service company explained that “You don’t want to be flipping from [MDR] vendor to vendor. It’s better to stay with the same vendor to learn each other’s shortcomings.” Another customer noted that “I wouldn’t want to do a deep dive again. Unless there’s something wrong, there’s no reason to switch.” The preference of customers to remain with MDR providers, and the uneasiness associated with switching, could pose a risk for Arctic Wolf. Arctic Wolf may have difficulty taking market share from the other leading incumbents.
Summary
Arctic Wolf is a cybersecurity company that provides 24/7 monitoring and threat detection services, as well as incident response support. The company's MDR solution uses advanced threat detection techniques to identify sophisticated threats. As an outsourced security operations center, Arctic Wolf is a more simple and affordable option than building and maintaining an internal SOC. As the threat of cyber attacks continues to grow for businesses of all sizes, Arctic Wolf can capitalize by acquiring customers seeking managed detection and response services.