(upbeat music) >> Welcome back to Fal.Con 2022. My name is Dave Vallante. We're here with my co-host Dave Nicholson. On the last earnings call George Kurts made a really big emphasis on the relationship with managed service providers. CrowdStrike has announced a new service provider capability. The powered service provider program. Jason Cook is here. He is the president of cyber defense labs. He's joined by Mike Riolo. Who's the vice president of global system integrators and service providers at CrowdStrike gents. Welcome to TheCube. Good to see you. >> Thank you very much. >> Thank you >> Jason, tell us about cyber defense labs. What do you guys do? Give us the bumper sticker, please. >> Cyber defense labs uses the best technology in the world to put together services that help protect our clients >> Simple. Like it. What's XDR? (people laughing) >> I've not heard of that before, sorry. >> So Mike, we've seen the rise of service providers. I saw a stat, I don't know, six, seven months ago that 50% of us companies don't even have a SOC. We're talking about mid to large companies. So service providers are crucial. What's the CrowdStrike powered service provider program all about? >> Well, it's an evolution for us. We've been dealing with this market for some time. And the idea is, is like how do we expand the opportunity to stop reaches? I mean, that's what it's all about. Like how more routes to market, more partners like cyber defense labs that can really go in and bring our technology coupled with their services to power their offerings to their customers and just help us reach every end user out there, to stop reaches. >> So Jason, how do you guys differentiate? Cause I see, you know, as an analyst, I'll look back, I'll read the press releases and they'll see, okay. They just look so similar. So how do you differentiate from the competition? What do you tell customers? >> So when it comes to our selection of technology we test it, we work it, we literally put it into real world situations with our clients. And then we differentiate ourselves with expert services. It's a white glove service from us. We embed ourselves right in with our clients. That's why we call 'em our client partners. And they see us as part of their team and extension of their team. They don't have the time to play with technology and work out what's best. They don't know the time to select it or even then the expertise to use it effectively in the environment. So that's where the trust comes in with us. And then for us, likewise, we are the technology provider such as CrowdStrick, we need to know the technology works and it does what it says. >> I always ask CISOs; What's your number one challenge? And they'll say lack of talent. The only time I didn't get that answer was at... The Mongo DB CISO at reinforced. I'm like yeah, it's cause you're Mongo, I guess reinforced or AWS doesn't have the same problem, but do you... Obviously you see that problem. And you compliment that, is that a fair? >> Yeah, absolutely. Many, many companies mid-market enterprises are really struggling to find talent and then retain the talent. So for us where that's all we are about and then we are there to enable your business to do what your business does. It is just working and I think more and more so you're going to see an industry clearly CrowdStrike's going in that direction. That it's the service provider that becomes a critical element of that trusted circle. >> Does that translate into a market segment by size of organization typically or? You mentioned the ever never ending quest for talent which is critical regardless of size but what does your target market look like? >> So I, I think the biggest gap in the market frankly, is still the mid-market. Many smaller companies still are really just struggling with 'what is the problem.' At least in the mid-market, in the enterprises they really beginning to understand the problem and want to invest and lean in. And here's the irony. They now want to partner to solve the problem cause they recognize they can't do it on their own. >> So Mike, what are the critical aspects of this program? I mean, got the press release out there, but put some meat on the bone for us. >> So if you look at what we were doing to enable managed service providers to go in and, and be powered by CrowdStrike before it was in a corporate market segment it was a specific set of product from us to really enable MDR, you know, sort of that, that generation of services that a lot of customers looked at MSPs for. And what the big message about this is is we are now expanding that. We're taking it out of corporate, we're going upmarket, we're going enterprise. We can leverage partners like cyber defense labs to package our software into their offering and help them power them more than just endpoint. Right? We've had a lot of exciting announcements and probably more to come around identity, you know XDR, the new buzz, right? Like what does it mean? And in, if you look at our approach, it's a very platform centric approach and that's something that partners can monetize. That's something that partners can really help clients grow with is that it's not just about endpoint. It's more about how do I make sure that I'm in a position with a partner that allows me to grow as a market decides it's necessary. So things like identity, cloud on and on and on, that we're investing in and continuing to grow. We are making that available to the CrowdStrike powered service about our marketplace. >> So Jason, service providers historically outsourcing, okay. And it used to be a lot of; 'okay, you know, I'll take over your mess for less kind of thing.' Right? And so the pattern was you would have one of everything and then, that limited your scale. The bigger you got, you had this economies of scale. So am I hearing that, like how do you partner with CrowdStrike? Are you kind of standardizing on that platform or not necessarily cause you have to be agnostic. What's your posture on that? >> So there's a level of, you have to be technology agnostic. We pride ourselves in just using the best technology that's out there. But at the same time, very much with the Fal.Con platform they're building out and maturing in a way that's making significant risk mitigation abilities for a solution provider like us to say we'll take one of those, one of those and put our service around it because that's the best fit service to reduce the risk of this particular client. And having that flexibility for us to do that really allows us then to stay within the same sort of product suite rather than going outside when integration is still one of the biggest challenges that you have. >> So you're one of those organizations that's consolidating a bevy of point tools. Is that right? I mean, you're going through that transformation now. Have you already gone through that? What's your journey look like there? >> Oh, we help companies do that. That's how they mitigate and reduce their risk. >> Okay. But you're using tools as, as well. Are you not? So I mean, you've got to also I mean you're like an extension of those clients. >> Absolutely. So it comes down to a lot of the time do you have the right team? We have a team of experts that deliver expert services. You get to a level of skillset and experience, which goes what's just the best tool out there. And it becomes that's our insight. So one of the reasons why we like the Fal.Con product is because regardless of what the mess is, that's happening you can rapidly deploy stuff to make a difference. And then you then work out how to fix the mess which is quite a change from how traditionally things are done, which is let's analyze the problem. Let's look at options around it. And by the time you've done that time has passed and you can't afford to just allow time to pass these days. So having the right technology allows you to rapidly deploy. Of course, we use what we sell. So we are proud to say that we use a number of the Fal.Con products to protect ourselves and consolidate onto that technology as we then offer that out as a service to our clients. >> So Mike, I'm thinking about the program in general and specifically how you are implementing this program thinking about the path to bringing the customer on board. There are a finite number of strategic seats at any customer's table. So who is at the customer's table? Is it CDL saying; 'Hey, I'm going to bring in my folks from CrowdStrike to have a conversation with you.' Is it CrowdStrike saying; 'Hey, it looks like a service provider might be the best solution for you. Let's go talk to CDL.' How does that work? >> It's a great question. And I think we talk a lot about how there's a gap in people to support cyber efforts inside of companies. But we don't talk about the gap in like experts that can go in and actually sit down with CISOs, with CIOs, with CFOs. And so for us, like it's all about the flexibility. It's it's what do you need in the moment? Because at the end of the day, it comes down to the people. If Jason has a great trusted relationship, he's like; 'Hey I just need some content.' 'Help me push why we're powered by CrowdStrike in this moment.' Great, go run. If we have an opportunity where we know that cyber defense labs has a presence then we go in together, right? Like that flexibility is there. We've done a lot. When you build a program like this, like it's easy to tell the market what they need. It's easy to tell everybody, but it's also you're looking at a cultural shift and how CrowdStrike goes to market, right? Like this is all about how do we get every possible route to market to stop reaches for customers of all size. >> I would echo that. there's three ways that that's working for our two companies at the moment. Many times a lot of the relationships that we have are trusted advisor at the owner or board level of these mid-market and enterprise companies. They're looking to ask for a number of things. And one of the things that we then say is, Hey for your technology roadmap, hey we want to bring in co-present coded us, co-discuss co-strategize with you what your roadmap is. And so we often bring CrowdStrike into the conversations that cyber defense lab is having at the board level. Then on the other side, CrowdStrike obviously has a significant sales force and trusted advisors. They go in with the product and then it's apparent that the you know, the client wants way more than just the product. They say, this is great. I love it. I've made my decision, but I can't operate it effectively. And so we then get pulled in from that perspective >> You get to all the time from product companies, right? It's like, okay, now what? How do I do this? And you go, oh, I'll call somebody. So this is going to accelerate. You go to market. >> Well, and everybody looks at it like, you know how does your sales play with their sales, right? Everyone's going after the same thing. And I'm, you know, that's important, but you have to look at CrowdStrike as more than sales, right? We have an amazing threat intel group that are helping clients understand the risk factors and what bad people are trying to do to them. We can bring so many experts to the side of a cyber defense labs in, in that realm. You know, we've been doing this a long time. >> This is what's interesting to me when I think about your threat hunting, because you guys are experts and you guys are experts. But the... Correct me if I'm wrong. But the advantage I see at the CrowdStrike has is your cloud platform allows you to have such a huge observation space. You got a ton of data and you bring that to the relationship as well and then you benefit from that? >> It's two way. It's absolutely two way. CrowdStrike has a whole bunch of experts and expertise in this space. So do cyber defense labs. We call it for us because we're providing a service to multiple clients. Many of them have a global presence. We call it our global threat view. And absolutely we are exchanging real time threat telemetry data with, with our friends at CrowdStrike Which is impacting the value that we have and the ability to respond extremely quickly when something's happening to one of our clients. >> Well, I just add to that, you know if you look at all of our alliances, right? We've got solution providers, tech reliant, everything. The one thing that's really interesting about the CrowdStrike powered service provider program; it lives in alliances, It's a partnership program, but they're our customer. They have chosen to standardize on our platform, right. To help drive the best results for their customers. And so we treat them like a partner because it's not for internal use. There's unlimited aspect to it. And so as that treating like partnership we have to enable them with more than just product. Right? We want to bring the right experts. We want to bring the right, you know, vision of where the market's going the threats out there, things of that nature. And that's something that we do every day with you guys. >> And it was even expressed earlier with the keynote speech that George gave. Look there's an ecosystem of very good technologies, very good providers. And there there's that sort of friend-of-me view here. You put the best thing together for the client at the end of the day. And if we all acknowledge, which I think is the maturity of our partnership, that one plus one equals, I always say at 51 now, if you play it right, then the partner sees... That the client sees the value of the partnership. And so they want more of that. >> So it sounds like... We got to wrap, but I wonder if we could close on this. It sounds like this was happening just organically in the field. Now you've codified it. So my question to each of you is; What's your vision for the future? Where do you guys want to take this thing? >> What a wrap question right there. I love it. Honestly, like we look at it in... Look at what does it mean to be a CrowdStrike powered service provider. It is more than just the platform. It's the program in general, offering them tools to go in and do early assessments. One thing about service providers, they're in there before vendors, right? We're still a vendor at the end of the day. And so they have that relationship, like how do we enable them to leverage our platform leverage our tools, leverage our programs in order to help a client understand, like, what is your risk factor Could a breach come, things of that nature. And so it's really building in really enabling a partner like cyber defense labs to take on the full suite of programs, services, platform that we can provide to them as a customer, treated them like a partner. >> And Jason, from your perspective, bring us on if you would. >> So our partnership with CrowdStrike is really enabling cyber defense labs to increase our share of wallet, our presence in very specific market segments; The mid-market to enterprise especially around banking, financial services auto dealerships, healthcare, manufacturing, where last year we saw a significant progress there. And we think we're going to double it between this year and next year. >> Jason Cook, Mike Riolo. thanks for coming in TheCube. Great story. >> Thank you for having us >> Alright, thank you for watching. Keep it right there. Dave Vallante and Dave Nicholson will be back right after this short break from Fal.Con 22. You're watching TheCube. (soft electronic music)

>>Mm. Welcome back to the cubes. Continuous coverage of A W s reinvent 2021 were running one of the industry's most important and largest hybrid tech events of the year with A W S and its ecosystem partners. And, of course, special thanks to a M D for supporting this year's editorial coverage at the event we got to live sets we had to remote sets one in Boston, one in Palo Alto. We've got more than 100 guests coming on the programme and we're looking >>deep into >>the next decade of cloud innovation. We're super excited to be joined by Ali Zafar, who is the senior director of platform strategy and operations at Dropbox Ali. Great to see you. Thanks for coming on. >>Awesome. It's a pleasure to be here with you, Dave. >>So Hey, what's your day job like at Dropbox? What's your role? >>Got it? Yeah. So I actually oversee the global supply chain at Dropbox. Also all of the capacity planning which entails both our budget and also capacity requirements and Dropbox. And then I also focus on the platform product management side which is basically building our build vs buy and our overall roadmap for our platform in the long run. >>Great. Thank you. So I mean, everybody knows Dropbox, But maybe you can talk a little bit about your business, your mission and how that's evolved. Over the past several years. >>Dropbox is a global collaboration platform, and our mission at Dropbox is to help design a more enlightened way of working. Dropbox has over 700 million registered users and over 550 billion pieces of content. So taking a step back, they've dropbox health. Let's use all of your content. Think of this as videos as music. Even your tax returns allows you to organise all of this content. And then you can share this content with anybody at any time. You can also take Dropbox to work. And actually, it makes you even more productive in the workplace integrating all of your tools seamlessly, also allowing you to collaborate with all of your teams internally and also externally. >>Yeah, so thank you. Uh, when Dropbox was founded, I mean, the cloud was really nascent, right? So it was early days, and so a lot has changed since you know, the mid last decade. And of course, with remote work and hybrid work that had to be a real tailwind to your business. But maybe you could explain your cloud and your hybrid cloud strategy. >>You're spot on Dave. So Dropbox has always been hybrid since its inception in 2000 and seven. And when I say hybrid, I mean, we have our own on prime infrastructure, and then we also leverage Public Cloud. Now, Public cloud still to these days remains absolutely critical for Dropbox to serve all of its customer needs. And when we talk about the decision between public or private, we think about three or four key things. One is the total cost of ownership. Look at the market. We also look at our customer requirements and the latest technology that's available in the market and then any international data storage requirements to make the decision of going towards public or private for that specific use case. >>So what if we could follow up on that? Like maybe you can talk about the key business, these conditions as a as a SAS storage provider? What are the real drivers in in your business framework? >>Got it at the end of the day, what really matters for us. There is to actually think about our customers and delight them And what better than to focus on performance, reliability and also security. Right. So we want to make sure that the infrastructure that we have today allows Dropbox to actually solve for the specific use case for our customers. What do they care about while also doing this in a very efficient management Manage, uh, way So to summarise that looking at performance, looking at liability, looking at scalability, looking at efficiency and then also compliance >>So that leads me to My next question is about the EC two instances that you use. I know you. You make heavy use of AMG compute. How >>did you >>come to that decision? Was that these factors was all performance. How did you migrate to really enable that capability? How complex was that? >>MD has has been a key strategic partners the partnership as well over 4 to 5 years right now and we've been leveraging them on our on prem infrastructure for compute. So we've always had aimed in our infrastructure. And when the time came where aws was also leveraging some of the MD instances, we wanted to see how we can expand the partnership with AMG and A W S and also experiment with these instances. So we looked at some of the tooling updates that were required. We also looked at specific instances which are either compute optimised and memory optimised instances. And then we actually build our footprint on M D. And what we saw is that the overall performance improvements and also cost improvements that we got for specific workloads. It was actually extremely, uh, overall awesome results for Dropbox and our customers, and we have been using them ever since. >>What kind of business impact did that make that make a difference to your business? That was noticeable >>on the business side, I think primarily it was more on the TCO side, which is where we got most of the benefits on the cost side. Um, and then also for some of our internal work clothes, we also saw benefit, uh, to our internal developers that are using some of those work clothes. >>Well, so you guys have kind of become the poster child for hybrid. A lot has been talked about about you all, but I wonder if you could help us understand what part of your infrastructure is going to be better served by public cloud versus kind of doing your own. I t on Prem. What are some of the value drivers that are that are making, you know, push workloads into the public cloud? Help us understand that better and squint through that >>got ready. I get asked that question a lot. So public cloud in general allows for faster go to market, Think about this as, like product launches teacher launches also international expansion. It allows us to scale and then also leveraging some of the existing technologies out there in the market for some of the common workloads. So just, you know, taking a step back and thinking about Dropbox. We keep on evaluating also the criteria and then also specific workloads on what makes sense on private or public load. And a W s had some instances, like as three rds and EC to that when we started looking at, we knew that some of our key services, like data platform, some parts of our, um, Melania and even paper platform would make more sense for us to actually leverage. Uh, some of these in public cloud for that. >>So what are the sort of characteristics of the workload that are sort of better suited to be in AWS? You know, what's the ideal workload profile? You know, we talk about ideal customer profile. What's the ideal workload profile for the for the AWS Cloud. >>Got it. So the way we think about it, at least we call it the rule of three at Dropbox. Um, and that means we look at scale. First, we look at technology and innovation. Um, and what I mean by that is, is there faster innovation in the public cloud? And is the workload common enough that there's already a lot of work going on in public Cloud? Then there's no reason for us to actually innovate faster than that. We probably can't. And if the scale is not large enough, right? So when we talk about our storage side like magic pocket, the scale is large enough. We're innovating. There makes sense, and it's better for the end customer, so we will probably go towards private cloud there. But then, when we talk about like international expansion, when we talk about, like, faster go to market or some of the innovation in the space. It really makes sense to use public Cloud because of all of the advancements that we've seen there. >>Yeah, so let me circle back to the sort of business benefits and impact of the sort of a MD based compute specifically. But you talked about TCO before. So there's certain things you mentioned on Prem you sometimes use You mean right. If the thing is hardened, you don't want to necessarily rip and replace it. But if you can accelerate, go to market and you spin up things in the cloud that makes sense. You mentioned customer requirements. So that's just kind of depends. And then the international expansion and scale. So it kind of comes down to those whatever. Four or five factors, right? Tco those other factors that I mentioned kind of the high level benefits, if you could, wouldn't mind summarising for us. Ali. >>Yeah, I think you're spot on there. So it's looking at the overall Decio, right? The cost of serving the overall cloud looking at like go to market in general, like can we leverage public cloud and go to market faster? Obviously, meeting that end customer requirements. We also looked at like international expansion, like any of the customer's data that is stored outside of the US is all on public load for Dropbox. Uh, no plans in the short term to do something different there, Um and then also just looking at, like I mentioned anything in the technology space that is ongoing, that we can leverage features side or the product side for our customers, like at Yale or, uh, VRML. We are going to leverage Public cloud there. >>So of course you know we've we've followed the progression of semiconductor technology for decades. This industry has marched to the cadence of performance improvements. What are the one of the futures hold from a technology roadmap standpoint, particularly as it relates to leveraging AMG EC Two instances, Ali >>got it. So drop boxes in a very unique position where we actually leverage AMG both on Prem and for public le leveraging some of the AWS EC two instances like like you mentioned and epic processors from MDR what we're using today, both on the hybrid infrastructure site and the performance and also the d. C o benefits are real and something that we are observing on a day to day basis. So we are gonna be leveraging that technology even in the future. Um, and the partnership with the MD continues to be very, very strong for Dropbox. >>Well, I really, really appreciate you coming on the cube as part of our coverage is great to have You love to have you back sometime. >>Awesome. Thank you. And also just last thing we wanted to also call out that we are also going to be experimenting with probably Milan that is coming out. Uh, room is the current process is from a m D. That we have been leveraging. And as Milan comes available, we do wanna continue to evaluate it and see how we can fit it in our infrastructure. >>Okay, So their their generations are city based, the all Italian city based. They were going to run out of cities soon. >>God, uh, again, the partnership with both A W s and an M. D is something that I'm very proud of. Execution. Thank you, Dave. >>Great to have you, Ali. And really appreciate you watching. Keep it right there for more action on the cube. Your leader in hybrid tech event coverage. Mhm.

>> Viewers of our breaking analysis series know that we've been following the developments in cybersecurity for a number of years and of course, throughout the pandemic. Focusing on the permanent shifts that we see in cyber from remote work, distributed computing and technology advancements. We've reported how the adversaries are highly capable they're well-funded and they're motivated. And how they're constantly upping their game on defenders, island hopping, stealthily living off the land, planting self forming malware at various points in the digital supply chain, offering advanced ransomware as a service of the dark web to any disreputable individual with or without a high school diploma that may have access to a server and is brazen enough to steal from their company. We've also shared this chart from Optiv many, many times, it's a taxonomy of the cybersecurity landscape, and it is meant to make your eyes bleed, ask any CSO and they'll tell you they're drowning in fragmented tooling, technical debt, and their number one challenge is lack of talent. Not that their people aren't capable, they are, but CSOs just don't have enough of them. They can't hire fast enough or they can't retain qualified people with the talent war that's going on. Or they can't train people fast enough, or they just don't have the budget. Hello everyone, this is Dave Vellante and welcome to this video exclusive with Nick Schneider, president and CEO of Arctic Wolf Networks, Nick, so good to see you. Thanks for coming on the cube. >> Thanks for having me, Dave. >> That's our pleasure. So Arctic Wolf networks, let's talk about the company, the problem, you heard my little narrative upfront. What are you guys all about? >> Yeah, so at its core, we're a cybersecurity technology company. You know, it's our belief that we've really pioneered the first full scale cloud native security operations platform and at its core, what we're trying to do as a business is make security operations something that's fast, easy and economical for really a company of any size and scale to implement with really two key components, one we're agnostic to the technology and the landscape of the technology that they have already implemented within their environment, and two, we can feather into really any organization, regardless of the skill set they have from a cybersecurity standpoint in house. And really the problem that we're setting out to solve, I think you illustrated well at the beginning of the show here is that it's our belief that the cybersecurity industry in a sense has failed the end user or failed the customer by throwing, you know, a myriad of different tools at them. And it's really, you know, our mission here as a company to end cyber risk. And it's our belief that through the cloud native platform that we've bought in the cybersecurity security operations cloud that we've built, that we can deliver the outcomes that have been promised over time to these customers, which at the end of the day, is really just to be safe and have their customer and have their business protected. >> So you guys are the experts. You can kind of provide a white glove service that essentially plugs in to my business. Is that right? And how easy is that to do, what do I have to do to, to set it up? How complicated is that for me, the customer? >> Yeah, so it's, it's very straightforward. We can implement our security operations platform, you know, in as short as a week and generally speaking, you know, about a month and we plug in really to the infrastructure that the customer has in place. And for some of our customers, that's very little and for some of our customers, most of our customers, that's quite a bit of technology. And the beauty of the way that we've built the platform is that we're really agnostic to that tech. So, we can take feeds from kind of any technology that are in place, that helps to augment the platform that we've built. And then we feather in kind of the technologies that we've built within the platform, into their existing infrastructure. And at the end of the day, what we're trying to do is give the customer visibility, you know, into the tools that they have, the gaps that they might have as a result of the tools, you know, in some cases, the duplication of efforts that they have, you know, between these tools and then deliver a security outcome or a protection that maybe they haven't otherwise felt as a business. And then outside of kind of the technology platform, we add what we call our concierge security team as a layer to the deliverable that we give to the customer. And why that's important is that not all customers are created equal and with regard to the skillset that they have in house, in that that concierge security platform allows us to kind of work with a customer at any kind of, you know, point along their security journey, regardless of the in-house technology talent that they have. >> Now, so I got to ask you, our largest footprint for the cube is in the heart of Silicon Valley. We love the valley, but I also love stories of high growth companies that are outside of Silicon Valley. You guys are in the Midwest in Minnesota, it's got some Compellent DNA in there. And I remember my, so my business friends, Phil Soren, and Larry Yasmin, you know them, Phil used to tell me, Dave, this is actually an advantage for us to be in the middle of the part of the country. There's a talent war going on, which back then was a lot less than it is today, even. So how do you see that? Are there advantages to you and being in that part of the country, or does it not matter because you're so distributed around the world? >> Yeah, I mean, I would follow a similar tune to Phil, right. I, you know, obviously worked at Compellent early and, you know, historically I've worked at other Minneapolis based technology companies and the reality is there's a really strong technology ecosystem in Minneapolis. And a lot of the, of the talent, you know, is not just in sales and marketing or just on the technical side, but it's in building high growth technology companies kind of from the ground up into, you know, large scale. And now we've seen not only the fortune 500 kind of base that we have here in Minneapolis, but also a growing contingency of larger technology companies using Minneapolis as at least, you know, one of the spokes against their hub, if not the hub themselves. And clearly my pedigree in history was out of Minneapolis based tech, you know, and I've moved to other locations throughout the country, but as we started to build out, you know, Arctic Wolf and what we wanted Artic Wolf's culture to look like, and as we started to lay out the foundation for what we wanted our growth to look like, it became very clear to myself, you know, our chairman and co-founder Brian Nesmith, that Minneapolis would be a great home for us as Arctic Wolf. And then we would continue to invest in some of the locations that we have, you know, both across the country and now across the globe. >> So there are a lot of companies that are doing managed security services, but if I got it right, you guys specifically target smaller and midsize companies, is that correct? And why is that? >> Yeah, so I would say that that would be correct as of a few years ago, the dynamic has changed quite a bit. And I think it's a result of the dynamic of the market. First and foremost, we are a technology company. We have this concierge layer on top, which is really what the customers are looking for, but it's all powered by the platform. So the platform kind of allows us to do what we've done as a business, into both small organizations, which is, you know, where we probably got our start, but over the last few years, we've seen tremendous growth up market, you know, so for example, we as a business have grown, you know, over a hundred percent now for eight years in a row and now on a much larger denominator, but our upmarket business is growing at four to 500%. And I think that's a result of really two things. I think, A, customers of that size and scale have realized that cyber security and cybersecurity operations as a problem is something that's really hard to accomplish in-house regardless of your size and complexity. And then two, I think what happened over the past year, year and a half is that we saw a lot of organizations move from a centralized I.T or a centralized, you know, security function where they could all operate within an office and all operate in a centralized environment, all of a sudden becoming very disparate in their geography. And that led to a lot more interest in what we did with larger customers, because we could deploy a security operation effectively, remotely in a really short amount of time. And we could do it more effectively and economically than, than they could do on their own. And then we also solve for a component of the human aspect of what a security operation means, right. And what I mean by that is these larger organizations can take their highly skilled cybersecurity talent and focus them on the strategic initiatives within the company. Whereas a lot of the security work or risk is in kind of the day to day, right? The dieting that takes place within an organization. And that's where a lot of the breaches take place is in making sure that you're actually paying attention to, you know, the alerts that you're getting and paying attention to the telemetry and the tools that you've made investments in. And we augment that portion of a cybersecurity operation really, really well for larger organizations and for smaller organizations, we are that security operation. So it's kind of dependent on the way in which they're set up. >> Okay. So it's a mix of both well augmenting, and basically you take the whole thing and so, so your ideal customer profile, your ICP is anybody with a security problem. I mean, that's everybody, well, maybe you could describe paint a picture of your perfect customer, if you would. >> Yeah, so, and you, I know you said that somewhat jokingly, but it, but it is true. We have customers of all sizes, you know, so I, I bet our smallest customer is under 10 employees. Our largest customer is over 50,000 employees. We have customers in every vertical of the market, you know, mostly centralized in healthcare, financial organizations, manufacturing, but, you know, the largest swath of customers by industry would probably not top 10%. So, we service really any account that's looking to develop and invest in a security operation and has the support of their organization and the support of their board and their leadership teams to make that investment. And then where we, where we fall within the account is really dependent on the way in which their current operation is set up. And certainly, you know, the massive organizations that have, you know, 50 people within their cybersecurity team, and they have a hundred different tools. They're probably not the best target for us, but if they have security awareness, if they have a security as a top need or a top priority within their business, and they're looking for a way to build out a true security operation within their account, whether that be wholesale through a third-party or in part through a third-party, we're a perfect fit for all those accounts, which makes our addressable market massive. >> Yeah, so what's unique about you guys, I mean, this may be not the right analogy, but you're kind of like the easy button for cyber. I mean, there's nothing easy about cyber., I get that, but you, you do make it easy, especially for companies that don't have any cyber expertise to engage and get up to speed fast, and certainly be more protected. That's one aspect of your uniqueness. The other is, I think, is your tech stack. I'm hearing, you've got a platform. I know you're focused on network detection and fast response. Maybe you could talk a little bit about what's unique about Arctic Wolf. >> Yeah, so the platform itself is really what we founded the company on. So we spent the first few years of our organization in really building out this cloud scale, multitenant cloud, native platform, understanding that the volume of data and the amount of sophistication that we would need to deliver the security operation in the long run was going to be massive. So the platforms really kind of, you know, set on a few different founding principles. One, the platform needs to work for any organization regardless of their size, regardless of their underlying tech and regardless of the skill set within their account. And that's really important. A lot of the tools in the market today require certain things of the, of the customer. And it's our premise, regardless of the customer that we won't require anything from the customers themselves. It's up to them to tell us which portions of the experience they want to own, verse Artic Wolf owning. The second would be that we need to be able to ingest a vast amount of data, and we need to be able to make intelligent decisions with that data, in a short amount of time. And as we've built out our machine learning and our AR algorithms, what we've been able to do is leverage a tool set that allows us to ingest. I think we're up to now 1.5 approaching 2 trillion observations a week, right. Which might equate to a few hundred alerts within our SOC on a per customer basis. But we're only bringing one or two things to a customer on a weekly basis that really need attention. And that's all about the platform kind of curating, cultivating the vast amount of data that we've brought into it. And then, how do we explain and how do we sell that platform with this concierge later into the customer base is also important. And we've done that through what we call modules. So we kind of founded the company on MDR managed detection and response, but we are not a managed detection and response company. It's one of our modules. We've then added manage risk, which competes kind of in the vulnerability management space. We've added a SAS and IAS monitoring, which is really cloud security. We've added what we call log search, which is really our first foray into collaboration. And then we just recently launched a quarter ago, what we call managed security awareness training, which is, you know, training the human aspect of the company on the threats of cybersecurity. And we actually just announced another acquisition in the managed security space today with habituate, which is going to give us, you know, kind of a Hollywood style approach to content within managed awareness training. But tying all those together is very unique in the market. So generally speaking, you'll see a company focused on a specific attack surface, or a specific threat. And what we're trying to say is, look, you're not a hundred percent protected as a business, or you don't have a robust security operation unless you're bringing together all aspects of cybersecurity under one umbrella. And that's really our goal as a company. >> Okay. So you got all these different modules and you may not want to go here cause you're in the cyber business and you're, you're prudently secretive, but, but I'm interested in kind of what's underneath. I presume you're using best of breed tooling underneath, but unlike, you know, the hosting company of the past or those, you know, a big, you know, integrator who could do this, but they've got one of everything and it's sort of, kind of a mess. You're building a scalable business, but you're not, you're not developing, you know, best of breed, identity access products for the marketplace. You're I presume you're buying those in integrating them and working through whatever APIs and making it all work across your stack. Can you talk a little bit about your tech stack? >> Yeah, so the technology stack has been built from the ground up by Arctic Wolf. So certainly we're using, you know, various technologies or open source technologies from within the ecosystem, but the technology and the platform itself is Arctic Wolf. So we're not beholden to any third parties for what we deliver to the customer. And that makes us very nimble in a few areas. One, it makes us very nimble in the way that we price the solution to the customer, which for us is a very predictable model. And then two, it allows us to be nimble with customer needs as to what they want from us, both of the existing modules that we have, but also additional modules or, you know, additional solutions that we might bring to the market. So a lot of vendors that have historically kind of lived within the MDR space and certainly vendors that have lived in the managed, you know, the MSSP or MSP space, which we are certainly not, they're generally leveraging third-party technologies. They're generally buying and implementing or white labeling third-party technologies. And then they're layering kind of a services component on top. And we are not doing that. We've built the technology ourselves and don't get me wrong. That was a massive investment in both time and resources. But I think in the end, what it'll allow us to do is be very nimble with the market and most importantly, be very nimble with the customer's requirements and requests. >> Right. Okay. So let's talk about your market opportunity. I mean, the cyberspace, I mean, I got it well over a hundred billion, I don't know, maybe it's 110, 120 billion. That's kind of your tan, you may be not serving that entire market today. Although you said you started in small and mid-size, you're targeting now your enterprise, your higher end businesses growing, you talked about, I think you said a hundred percent growth, like eight quarters in a row. And so there's no shortage of opportunity for you. How do you think about your total available market? Maybe you could add some color to that. >> Yeah. Yeah. So it's been eight years of a hundred percent growth. >> Eight years, not eight quarter, I apologize. >> It's been going really well for us. And it's a reflection on the market itself and the approach we're taking. So in our view, security operations is really the opportunity to unify all these disparate markets in cybersecurity. And, when I walk into a customer account, if I had to use two words to describe how they're feeling, one would be confused, the other would be frustrated. Sometimes they're both. Sometimes they're only one, but generally speaking, one of those two words comes out of their mouth. And the reason for it is at the end of the day, they just want to be protected. They want the outcome. And all of these disparate markets are promising the same outcome, but they're just promising it on the endpoint or just on the network or just in cloud or just an IOT or just an OT, or just in fill in the blank. And it's our view that it's our opportunity as a company to really fill that void for the customer, which is to unify all of these different technologies and spaces into one security operation. And sometimes that means that we're delivering our own end point. And sometimes that means that we're leveraging an end point or an end point solution that the customer has in house. And we're ingesting that data into our platform and we're making sense of it to the end user. But when you put that market together, you know, it's a hundred, I think Gartner's recent numbers there are 150 plus billion dollar market. And in 2021, I think it's growing at, you know, 12 to 15%. And it's our view that we can service the majority of that market, you know, I think on a conservative measure, you know, 90 to a hundred billion is the, is the Tam that we're addressing. And we're now starting to go, not only scaling out from the number of products for the markets that we service, and you can see that through managed security awareness training, but also the geographies we service, the segments of the market we service, specialization within verticals. And, for us, that is the opportunity at the end here. >> I wonder if you could help us squint through some of the data you hear in the industry, some of the trends you see in the press, certainly this came up in the, in the solar winds hack. We were seeing, I mentioned upfront, the adversaries are very capable. They're able to get in, live off the land, live stealthily, they're island hopping into the supply chain. You know, oftentimes you don't know, more than often, you don't know they're there, I've heard stats like, and we look at the solar winds hack, we saw that it was, you know, 300 days or over a year that they were inside the company. And you've heard, you know, average statistics from, you know, whatever that it's hundreds of days are those, are you able to compress those? Can you talk about that a little bit in terms of where you see your customers and how you're helping them, you know, respond? >> Yeah, so at the end of the day, you know, cybersecurity, the industry is really about limiting the volume of incidents within a customer account and then limiting the impact. And what you're talking about is the impact. And the impact as these threat actors have become, you know, more sophisticated is larger as they're in the environment for a longer period of time. So the faster you can get to an attack or the faster you can detect an attack, the better off you'll be as a business. And that is the core of what we do as a company. And, and certainly, you know, managed detection response or MDR, our first offering was all about that. It's all about detecting early and responding early to a threat so that you can get anything that has gotten through your perimeter defenses out of your systems, as fast as humanly possible. And then we feathered in, you know, manage risk, which is more about the front end. So how do we make sure that we have everything configured properly? How do we make sure that we, you know, fill any holes that are in the current environment so that we don't even get to a point where we have to manage the time with which an attack has had to live within your environment? So, it's all about kind of those two things, reduce the frequency and reduce the impact. And we're, we're focused on both, both the, kind of the proactive measures, which would be more on the front end and then the reactive measures, which is what do you do and how can you act as quickly as possible within your environment to ensure that, you know, they're not getting into the crown jewels of the business. >> We've seen lately where the, the attackers have. I mean, it's really insidious, right Nick, they, they will exfiltrate, they'll get in they'll exfiltrate stealthily and they'll be ready to attack from a ransomware standpoint. And then they, you know, maybe they're hitting the bank and they're scouring to see what the Chief Information Officer is going to invest in. And they're actually making trades ahead of that. They're making more money, you know, snooping than from the ransomware. And then when the company realizes and they respond, then they get them in a headlock and say, okay, now, now that you're going to stop us from making all this money through exfiltration, we're going to hit you with ransomware. So it's just, it's a really awful situation. So my point being that, or we've said, organizations have to be stealthy in their response. Have you seen that as a trend? Am I overstating that? >> No, no. I mean, customers are, you know, good news, bad news customers are very aware of the threats in particular ransomware, data exfiltration and all the other trends in the market. And I think they become more sophisticated in the way in which they respond. And I think as a result, we've seen both changes in the way customers kind of set up their environment technologically, but we've also seen a pretty dramatic shift recently with the way in which they view insurance and the way in which, you know, carriers, view insurance, and how that plays a role in, you know, cybersecurity in their cybersecurity operation. And for a lot of customers, I think recent trends are that the carriers are struggling to, you know, make money on their cyber books. And the reason for that is because they need to make sure that the customer's environment is truly secure, or they're kind of flying blind on what their book looks like. And we've started to see that both on the end-user side, we've seen that through the carriers themselves, and that also has played an integral role in the way in which the customer views risk. And I think that dynamics changing. And I think what the result of that will be is that customers are going to be looking more and more towards how they solve this problem by alleviating risk in-house, as opposed to transferring some of that risk to an insurance carrier or a third party. And what I hope that means for customers is that they'll have the proper investment. They'll have the proper tooling, they'll have the proper operations around how to react and how to respond in the quickest possible manner, which at the end of the day, the faster you can react to an incident, the smaller the impact will be and the smaller of a financial burden it will be. And they'll do that through vendors like Arctic Wolf, you know, tools that are best of breed within their infrastructure. And then a really well thought out plan about how to respond to anything that, that you know, happens within their environment. >> Yeah. I mean, if I'm an insurance company, I give a discount to somebody who's got an alarm in their house and they use it. Maybe I'll give a discount if they're working with a company like Arctic Wolf. >> Exactly. >> What percent, do you have a census to what percent of enterprises actually have a SOC? >> Yeah, we actually did a, some homework here and there's kind of two stats that jump out. And these are through a few different surveys through very well-known organizations in the cybersecurity market. But one is that last year, which would have been, you know, 2020, about 60% of organizations said that they suffered some semblance of a breach, 60%, you know, think about how many tools and how much money these organizations are investing in protecting their businesses. And over half are suffering some semblance of a breach. When those same customers are asked whether or not they felt like they have a security operation, over 99% answered no. >> Wow. >> Right. So they have a bunch of tools they're investing a ton of money, but at the end of the day, when asked, hey, do you feel like you have an operation that can protect your business? Their answer is no. And that's really the void we're trying to. >> And you and I both know that 60%, okay. But then the other 40%, they've been hacked. They just don't know it. So, all right. Let's wrap with the sub stats on the company. I think you've raised nearly half a million, half a billion dollars to date $500 million to date. So that's, I can infer from that some pretty lofty numbers, but where are you in funding with that kind of growth? I got to believe IPO is and you and your future. What can you tell, what metrics can you share? What can you tell us about where you want to take this thing? >> Yeah, so I'll give you a few metrics on the platform and a few metrics on the company. So the platform itself, you know, we're observing over 1.5 trillion observations a week, we have 10,000 plus sensors in the field. You know, we're ingesting coming from a, you know, Compellent infrastructure guy. You know, we're in ingesting over a petabyte and a half a data week. I would have loved to have been that sales guy in the glory days, you know, but the platforms, you know, operating at massive scale, we've grown the business eight years in a row, over a hundred percent. We've talked about that. Our subscription gross margins are very software-like. We have over 2000 customers. You know, our customers are really happy with an NPS score, you know, approaching 70, you know, over a million licensed users. So we're, we're doing very, very well as a business. And as a result, we've raised money to invest in that growth, which is to the tune of about a half a billion dollars and our path here, and we've stated this publicly now is that, you know, next summer give or take a quarter is really the timeframe that we're marching towards for an IPO. If I'm being honest, given the metrics that we have as a business, we could be a publicly traded company today, especially with the way the market's operating in the valuations of some of the businesses that have gone out. There might be some, even some pressure to do so, but we want to make sure that we are ready to go from a systems and an operation standpoint to not just be, you know, a flashing the pan awesome IPO, but a company that's really kind of the backbone of cybersecurity for years to come. >> Well, obviously a hot space. What we've been covering for a couple of years now, Okta, CrowdStrike, Zscaler, we've seen what's happened in the action in the market there. I mean, what are your comps? I mean, I know, I think dark trace is getting ready to go. I don't think they've gone yet. I know Sentinel One went out. How should we think about you? You're not an Okta or I don't think well, CrowdStrike, but you know, those are pure play product companies. How should we think about you guys? >> Yeah, I mean, companies that were on a similar trajectory as us at our size, Sentinel One's a very good example. And you can kind of look across all the core business metrics on that. And clearly those will all be public here in under a year. CrowdStrike's a great example. If you go, you know, reel back the tape to when they were, you know, our size we're right in line with them Zscaler, Okta, you know, I joke with our board and investors and our CFO, that the number of companies that we benchmark ourselves against is starting to become a very small number, given you know, our growth at the scale that we're at. >> Well, that's an awesome story, Nick. We're really excited that you could make some time to come on the Cube and we want to follow your progress. Welcome you back anytime. Really appreciate your time. >> Yeah. Great. Thanks for having me, Dave, and looking forward to continuing the conversation at some point. >> Excellent and thank you for watching everybody. This is Dave Vellante for the Cube and we'll see you next time.