October 16, 2024

October 16, 2024

5YF Episode #25: Arctic Wolf CEO Nick Schneider

Cyber Attacks, AI Criminals, Deep Fakes, Data Shields, and the Future of Cybersecurity w/ Arctic Wolf CEO, Nick Schneider

5 year frontier

Transcript

Nick Schneider: You have the opportunity to leverage the intelligence across a broad customer base to solve for any potential threat you might see in one organization, across an entire organization. And when you start to get those network effects, you can start to improve your ability to detect and respond.

Daniel Darling: welcome to the 5 Year Frontier podcast, a preview of the future through the eyes of the innovators shaping our world. Through short, insight packed discussions, I seek to bring you a glimpse of what a key industry could look like five years out. I'm, your host, Daniel darling of venture capitalist at Focal, where I spend my days with founders. At the very start of their journey to transform an industry, the best have a distinct vision of what's to come. A guiding North Star they're building towards. And that's what I'm here to share with you.

Today's episode is about the future of cyber security. In it, we cover cyber criminal organizations, network effects of security data as our biggest weapon, crypto's gift to bad actors, and the threat of cyber warfare. Our, guide will be Nick Schneider, CEO of Arctic Wolf, one of the leading companies safeguarding the enterprise from cybersecurity threats. With a global presence of over 2000 employees protecting more than 3000 customers, they are a force in security operations. With an eye on going public, Arctic Wolf has been valued at over $4 billion, calling KKR and Viking Global amongst its deep pocketed investors. Leading the company is Nick Schneider, a veteran in the security industry, Nick has developed expertise in creating the best of breed technology platforms and sales organizations, which have been the driving force behind Arctic Wolf's explosive growth. Prior to Arctic Wolf, Nick led organizations at Dell and code 42. Of key interest to me is how Nick is deeply involved in being at the frontier of artificial intelligence, influence on cybersecurity, in particular the dual role of AI as both an enabler and inhibitor of cybercrime, which really epitomizes the modern cybersecurity conundrum. Nick, so thank you for coming on to join and talk with me today.

Nick Schneider: Great to be here. Thanks for having me.

Daniel Darling: When we're thinking about cyber attacks, you can't help but feeling less safe or more exposed than ever before. And I'm just wondering, from your insider perspective, is that an accurate reflection of where the threat is at the moment as an industry and how exposed we are today?

Nick Schneider: Yeah, I think regardless of what data or news you read, there's no question that cyber threats have continued to increase year over year. And not only are the threats themselves increasing, but I think the sophistication of those attacks is increasing. At the same time. So there's no question that, unfortunately, it's a period in time where cybersecurity is absolutely critical for individuals and for businesses. And unfortunately, the bad actors, I think, are doing a pretty good job of making sure that they leverage current technologies or trends to make their lives easier and our lives harder. So it's certainly something that folks need to be really cognizant of and paying attention to.

Daniel Darling: And is it because we have more surface area, more attack surface area, more of our lives, and more of our businesses conducted, online? Is it because different types of technologies have advanced to a point where we are more exposed, or what is leading to this sort of sensation or exposure of, feeling like you're more exposed than ever before?

Nick Schneider: Yeah, I think the world is just more connected through various different devices and in various different ways. A lot of applications have moved to the cloud or, have moved onto those devices themselves, which just gives more and more opportunity to the bad actor. I think there's also an incentive that has come into play with cryptocurrency, and that certainly happened over the course of several years. And then when you marry that, with some of the advancements in AI, you have the ability for bad actors to really improve their craft or the manner in which they go after some of these individuals or businesses, phishing being the easiest example. But there's many other examples of the bad actors ability to leverage new technologies or new ways of working to exploit an individual or a business.

Daniel Darling: And I'd love to spend some time on the impact of AI. but before we go there, you mentioned cryptocurrency. How has that enabled the bad actors more than ever?

Nick Schneider: Yeah, it's just been a mechanism for the bad actors to get paid. So at the end of the day, you can have bad actors as parts of groups or bad actors that are being incented via, nation states or otherwise, but they're all trying to get paid for the work that they do, and cryptocurrency is just a way for them to be able to accomplish that goal while remaining under the radar of the regulatory environment or the law enforcement.

Daniel Darling: What are the types of organizations that are bearing the brunt of most of these attacks? Has that changed at all, or where is most of the bad actors attention focused on?

Nick Schneider: Yeah, unfortunately, no one's really immune to cyber threats in general. That's both individuals and businesses. Certainly there are areas of the market that I think are more susceptible or, larger targets. Hospitals, financial institutions, anyone that has data that would be particularly valuable outside of their environment, I think, is more susceptible to cyber attacks. And that data, by the way, could be used for a variety of different reasons, but it certainly makes those organizations a target more so than others. But at the end of the day, every business, large and small, every individual, is a target in some way to bad actors.

Daniel Darling: And is that one of the core tenets of some of these modern cybersecurity threats, which is, where is the data hidden? And how can that be repurposed for additional attacks or potentially for additional value capture outside of that organization?

Nick Schneider: Yeah, I think the goal of the bad actor is to get into an organization, and maybe unlike the early days, where they would quickly alert that they were in and try to get a ransomware payment or otherwise, the more sophisticated bad actors are really trying to get into an organization and go really wide to get their arms around as many of the crown jewels as they possibly can, if you will, within the organization, which just makes their ability to then leverage that information or leverage that data to the end that they're after, which is financial gain.

Daniel Darling: And is there a recent example you can talk about that illustrates that?

Nick Schneider: I think every example that has taken place recently that has made prominent news has been an example of a bad actor that has gotten into an organization that has found a way to spread within that organization and has gotten their arms around information that is particularly sensitive or particularly interesting to that organization. So in some cases, they're leveraging data of an organization to get into their customer bases. In some cases, it's about getting PII. In some cases, it's about shutting down their environment or their business and the entity feeling like they have to do something about it. And one of the ways they could do something about it is through paying a ransom. Sometimes the crown jewels are really the people in a hospital or a healthcare organization situation, trying to make sure that nothing bad happens to the patients or the people being served by that organization. So I think in all of the cases that you hear about, read about, the bad actors have found a way to get into the environment. They found out a way to persist in the environment and expand their reach within the environment to get their arms around what would end up being the biggest impact to that environment should it.

Daniel Darling: Become part of public, fascinating? And do you get any sense that they're creating their own sort of knowledge graph or understanding of that organization, or maybe even of that industry through multiple attacks? Because if you're infiltrated deeply within a hospital, say, and maybe you're in a network of other hospitals as well, you should be able to cross pollinate some of this information or start to create some potential other attacks off the back of that. Is that what the most sophisticated are starting to do with all this information that they're gathering?

Nick Schneider: Yeah, I mean, absolutely. They're trying to get into one organization, and then from there leverage that access to get into other organizations via the supply chain or through their customer contracts, or the connections to those organization systems via their customers or vendors. And I think that presents itself in that more simplistic manner. But I think the bad actors also leverage mechanisms to get into an environment as a learning for how they would get into other similar environments, even if it isn't a direct access.

Daniel Darling: So like a playbook, that they start to develop and say, okay, this could be applied to something else.

Nick Schneider: Yeah, similar type companies use similar tools, or they leverage certain applications. And if they can find a vulnerability in an application within a, financial institution, for example, there's probably a pretty good odd that they're going to find a similar vulnerability in another financial institution, and that just allows them to move more quickly.

Daniel Darling: Makes perfect sense. And look, it sounds like we're going to use the word bad actor a lot today, so can you just help us define a little bit about what is that group who's the sort of the dominant kind of people that make up most of the threats and most of the bad actor activity?

Nick Schneider: Yeah, I mean, there's hundreds, if not thousands of organizations that are within kind of this bad actor ecosystem, if you will. Some of these organizations, by the way, look and feel like a normal up and up organization. Like they have HR departments and development departments, and they're running a cybercrime business with the guys that they are not even sometimes without the employees having full knowledge or all of the employees having full knowledge. So there are thousands of those types of organizations. And then obviously you also have nation state threats, which is a, totally different type of actor or bad actor that can be responsible for different types of targeted or strategic attacks against specific organizations that probably have a slightly different aim than maybe these bad actor or threat groups, but they're all operating in a similar manner.

Daniel Darling: So really graduated from what people think about, which is the lone wolf, or a couple of people clubbing together into a very sophisticated organization company structure with the sole purpose of infiltration and extraction of it.

Nick Schneider: It's far more sophisticated than it was even just a few years ago. Now, that doesn't mean that there aren't individuals that are doing some of this work. And certainly AI, I think, has made that more accessible to an individual. But this is big business to certain organizations.

Daniel Darling: And, let's talk about AI, because that seems like such a big enabler from a technology perspective on both sides, both in terms of how the bad actors can be more successful in attacking as well as you defending from your component. But how has it really evolved? the cyber threat landscape?

Nick Schneider: Yeah, I mean, the most obvious, which we talked about quickly, earlier, is phishing or social engineering attacks, right? So tools like chat, GPT, they don't write perfect emails, but they certainly write emails or content that is a lot more believable than a, cyber criminal that might not speak English, that wrote it. And now, even outside of just the text, they're able to leverage graphics and logos and things like that that can make a phishing campaign look very, very real and hard to distinguish between that and a fake. You also have deepfake video being used leveraging AI. There's been some examples of CFO's that have been deepfakes even getting on video conferences or video calls, or sending messages to their employees that look very real both visually and from an audio standpoint, providing them instructions.

Daniel Darling: Like a CFO, getting on a video and providing an instruction to take some action.

Nick Schneider: Exactly. Wire money here or send this there. We're buying this company. Please do this, you know, quickly. And unlike the text messages you get that are, you know, sometimes written in broken English or. Or even a phishing campaign here. Here you're looking at your CFO on video. If you're not paying close enough attention, or if he or she's in the little teeny box on the Zoom call can be hard to distinguish. And there's been some successful uses of that as well. And I think you're going to start to see AI being leveraged just in the manner in which those attacks happen or the speed with which they're developed. That attacks are developed to the speed with which they can be kind of permeated within the ecosystem.

Daniel Darling: Yeah, and it seems like we're on an inevitable path where AI can replicate humans almost perfectly. And at what point are we able to then respond effectively as an industry if it is near perfect or indistinguishable to people between reality and an AI driven phishing attack?

Nick Schneider: Yeah, I mean, I think over time, unfortunately, the cybercriminals become more effective given their use of AI. You know, I think the way in which you can prevent that, or you can work against that, is to make sure that the organization is trained, that they understand these threats that they understand these threats can sometimes look and feel very much like a human, that anything that seems out of place is brought up to the organization or sent to their security team, because more often than not, AI or the bad actors are going to target vulnerability in a human than in technology. Certainly they find vulnerabilities in the technology, and certainly those are the causes of many breaches as well. But very often it is also a vulnerability, which is the human is just moving too fast. And historically, I think humans were able to catch some of that because it was a little more obvious. And I think with the advancement of AI, that might be a little less obvious.

Daniel Darling: And so what are, ah, some of the adoptions that your industry is doing, and whether it's Arctic Wolf or the industry at large, and adopting AI to help combat that and to help support humans to identify these threats or maybe safeguard them from that and to be an additional support versus just their education and judgment around it.

Nick Schneider: Yeah, I mean, so the good news is that the defenders, if you will, have the opportunity to recognize patterns and anomalies and massive sets of data leveraging AI, and if you have that data in a large pool, you can train your various detection models to find these threats faster and more efficiently than a human would be able to on their own. So there's certainly a ton of opportunity with regards to Aihdem in cybersecurity, and I think you're seeing that a lot of the cybersecurity vendors are beginning to do that or use AI in that manner. I do think that there's a period of time here, though, where the human will still have to play a significant role in stopping these bad actors. And the human expertise, the intuition, the human to human contact, the ability for a human to ask another well trained cybersecurity professional about something new or novel or that they have concern with, isn't going to go away overnight. But I definitely think that we'll be able to marry kind of the advancements in AI with the ongoing advancements in the cybersecurity ecosystem of the humans involved in that landscape.

Daniel Darling: And if you had to project out a couple of years around sort of how that would look like and how, ah, I would be able to, as you say, monitor for anomalies and understand an organization's normal behavioral patterns and look for things that may be derived from that, how does that start to evolve over time in your mind?

Nick Schneider: Yeah, I think you'll see this happening in two tracks, maybe three tracks within organizations. So I think you're going to see the vendors leveraging AI to improve their detection efficacy, the speed and the efficiency and the efficacy of the detections that they're leveraging to stop the bad actors. And I think they will do that. Leveraging AI, I think that will allow organizations to become more efficient and or have a SoC where they otherwise wouldn't be able to have a SoC, because you can fill some of what has historically been a very manual process by leveraging AI to automate some of those processes. And that just allows more organizations to leverage cybersecurity in an, operational type manner versus a tool by tool type manner. And then I think you're going to start to see that you'll also then have the ability to leverage AI for humans to ask questions about what's happening in their environment. So if the AI is trained on a data set and a framework that is specific to cybersecurity, which I believe will happen over time, then instead of having to call or pick up the phone, send an email to a human to get your question or every question answered, you could get a subset of those questions answered by an, AI assistant, if you will. And I think kind of the marriage of all those things, you know, improving detections, improving the efficacy of those detections, the speed with which those detections can be written or deployed, and then the manner in which you engage with a security operation via AI, I think will make a big dent in the manner in which we kind of respond or defend against threats.

Daniel Darling: And let's talk a little bit about Arctic Wolf and your platform. It processes over, 5 trillion security events weekly, which is an astonishing amount. So what makes your platform and approach so effective?

Nick Schneider: So we've built a data platform that we call the security operations cloud, as you mentioned, processing five to 6 trillion, events per week through the platform. And at its core, what's important about that is that cybersecurity is really a data problem. So the more data you have, the more diverse that data is, and the more use you make of that data, the more protected you are, and the more ways in which you can use the data kind of present themselves. And we've built this platform on an open architecture so that we not only leverage our native tools, but we can also collect data from, you know, any other source of telemetry that would be security relevant. And that allows us to provide the customer a, unified view of their overall security posture so they can look in one place to understand whether or not they are protected versus looking in, you know, 2030, 40, 50, sometimes 60 to 100 different places to try to understand, whether or not they are protected. And then we marry kind of that platform, the data approach, with some human and AI intelligence to help the customer kind of in the final mile. So what happened here? Or, hey, there's a new threat in the marketplace, like, am I protected? What do I need to do in my environment, given my ecosystem, to ensure that I'm protected against something that I'm worried about, or a change or an acquisition that we've made? And those are the types of conversations where human to human interaction, business intelligence, someone understanding the business that you're in really makes a difference. So we marry those kind of two things together, the data problem, data platform, and kind of this human expertise. And now marrying that with a more hybrid approach with AI, and here you.

Daniel Darling: Explain it that way. It makes it really clear in the sense that if you have a huge volume of data across multiple different companies and potentially multiple different industries, then you can benefit from that scale as information flow to then be able to serve your whole customer base better. And so are you starting to see that now where the best combating posture against all of these increasing cyber threats is essentially bigger scale, more information, more data, and then distributing that intelligently across a whole diverse customer set? In your case, you've got thousands of customers.

Nick Schneider: Yeah, I mean, you need to do the fundamentals of cyber, and then when you get those accomplished, you have the opportunity to leverage the intelligence across a broad customer base to solve for any potential threat you might see in one organization across an entire organization. And when you start to get those network effects, you can start to improve your ability to detect and respond or understand vulnerabilities within each individual customer, because they are in turn benefiting from the experience of the customer base as a whole.

Daniel Darling: Makes perfect sense. And how does predictive look like in your industry? The ability to start to use a lot of this information to forecast out when attacks might occur or who might be those most vulnerable and gearing up to be attacked.

Nick Schneider: So, interestingly, a lot of the predictive analysis is done by really analyzing what is happening in real time. So we have instant response portion of our business as well. And a lot of those engagements are coming from insurance carriers or third parties who are not protected by Arctic Wolf. And what we learn during those engagements is the current indicators of compromise, or the current techniques being used by the bad actors. And that allows us to say, hey, this is what is happening in real time, or the industries that are being targeted in real time. How can we apply that intelligence to the detection, the prevention, and the vulnerability management of our customer base in real time. So you get a lot of benefit by understanding what is happening within the environment, and then clearly, you pay attention to what is changing in the ecosystem itself. As AI became more prevalent, it became pretty obvious that fishing would change. And there are ways in which you can both train your employees, but also ways in which you can ensure, like we ensure for our customers, that they are protected against kind of these evolving threats.

Daniel Darling: And a big part of that, you invest heavily in R and D and research and trying to stay ahead of the game here. And you've got Arctic Wolf Labs just wondering, what are some of the cutting edge questions you're looking to ask and answer at active Wolf labs these days?

Nick Schneider: Yeah, so they're, paying attention to this bad actor ecosystem. They're making sure that they understand through threat intelligence, what is happening in the marketplace, and they're garnering that through third parties, through research, through our incident response team, and then they're applying that knowledge or that information into the manner in which we protect our customers. And I think as you look at AI, as you look at just the platform scale, if you look at the network effects and you look at the ecosystem as a whole, it's kind of that marriage of all of those different critical competencies within cybersecurity that help to protect an individual customer. And as we look at our mean time to detect, or our mean time to respond to any threat, a lot of that is influenced by how well we've done in building out our detection engineering or threat intelligence, or how aware we are of the current techniques or vulnerabilities in the marketplace. And we've made big investments there. Where they show up is for the customer in our ability to detect and respond. And at the end of the day, I think what's most important is to just make sure that you're reducing the likelihood of an incident, and then if you are going to have an incident, you reduce your time to respond and the impact that that incident is going to have on your business. And if you can be good in kind of those three categories, you're going to be much better off than, I think, some of the organizations that unfortunately haven't made the investment in cyber or had a gap that they weren't aware of.

Daniel Darling: Absolutely. And so, projecting out five years, one of the big macro trends is essentially this blending of our, physical environment with our digital environment. You know, from autonomous vehicles to robotics to drones, these are all new things that are coming online that we haven't really been exposed to as part of our attack surface area, and that could have real physical harm or impact to an organization or a person. So how are we able to secure for that future that's arriving fast?

Nick Schneider: Yeah, I mean, it'll come, frankly, in the same way that new attack surfaces have come to bear over the last several years. Right. So a, you have to get your arms around what that attack surface is, b, you have to get your arms around how bad actor may exploit that, and c, you have to figure out how you're going to defend against it. And I think the good news, bad news is a lot of those new mechanisms for attack are frankly going to use some of the similar techniques or similar vulnerabilities that have been used in other, you know, attack surfaces. And it's just going to be a matter of making sure that, you know, you as an organization or you as a vendor, understand the potential risk associated with an attack surface within your environment and how you will detect, respond, and understand the vulnerabilities that might be associated with that attack surface. I think they will fall in a similar line or in a similar purview as a lot of the vulnerabilities or mechanisms for attack that we've seen historically. They will just be on different devices or different use cases.

Daniel Darling: Makes sense if you start to think of them as different endpoints and devices. Perhaps something that might challenge that as well is this notion of increasingly enabling AI agents to do a lot of the human work, which seems like a big fundamental shift in how organizations are run, who runs them, and how work is done. How are we safeguarding against AI agents being hacked or going rogue or that kind of eventuality? How are we setting up our cybersecurity, infrastructure to be able to secure organizations in that reality?

Nick Schneider: Yeah, I mean, I think this is where keeping humans in the loop at some level is going to remain essential for an extended period of time, especially when you get to critical decision making. So if you're going to leverage AI for the paint color in your bedroom, maybe not all that critical. If you're going to leverage AI to stop cyber threats, you probably want to ensure that you have a human in the loop at some level, especially when you're making critical decisions as it relates to preventing or stopping a breach or letting something happen that looks somewhat suspicious. So I think you can leverage AI to find threats. I think the response actions and the repercussions of those response actions, especially when it relates to the criticality of the asset that we're talking about still requires or should require some human involvement at some level, low level actions, you might be able to do some things in a more automated way with AI without a human in the loop, because the repercussions or the impact of that action warrants that type of response versus something that might have a much bigger influence on an individual or an organization.

Daniel Darling: And what are some of the moonshot areas of your industry that you're sort of paying close attention to? Or, if you started to think about your own roadmap for the next three to five years, what are the kind of innovations that have grabbed your attention?

Nick Schneider: Yeah, I mean, now I feel like we're talking about it nonstop, but I do think AI is going to be a massive opportunity in cybersecurity. There's still a ton of challenges in the industry. Siloed data, lack of human experts. AI is a threat vector. New threat vectors and attack surfaces popping up all the time. But at its core, cybersecurity has always struggled with kind of complexity, this massive data problem, and then that data problem expanding and adjusting almost on a daily basis. And I do think that AI can help with solving for a large chunk of what historically would have had to been processed or understood by a human. Now, that doesn't mean that the human's going away, but I do think there's an opportunity to leverage AI and kind of the heart of what a typical security operation would look like. And that just frees up people, resources, budgets to invest in the appropriate tools or the appropriate platforms to help drive the outcome that is really necessary within the space. So certainly there'll be advancements in tools, and certainly there'll be advancements in prevention mechanisms. But I do think when we look out five or ten years, I do think AI will be something that folks talk about within cybersecurity as something that was pretty revolutionary to the way that a soc operated.

Daniel Darling: Just like any organization, the operational efficiencies that can be gained is pretty extreme from there. Does the whole sort of concept or area of cybersecurity need to evolve from just, like, threats into areas such as misinformation and all the other kind of ways that people are being influenced these days from there? Is it an evolving and expanding industry in that way?

Nick Schneider: I do think cybersecurity is fundamentally about securing the data. Right? And in some sense, misinformation or data privacy falls into that bucket in some sense. Right. So it's certainly a legitimate issue that AI will certainly exacerbate, but I think it will be more of a marriage between tangential problems versus cybersecurity becoming a tool or a use case to solve for misinformation. Specifically, I think there's a difference between what AI could be used for outside of cyber threat and what AI could be used for directly with regards to cyber threat.

Daniel Darling: Got it. It might not be within Arctic Wolf's exact remit, but you, as an industry expert in cybersecurity, I'd love to get your take on the growing reality of cyber warfare and how sort of states are, protecting themselves against each other from these kind of attacks. Like, how does the US stay ahead in this race, in your opinion? What are the kind of actions that can be taken or you're seeing being taken to keep it ahead of the curve?

Nick Schneider: So a few things, I think, like we talked about earlier, the first thing to pay attention to, in particular, as you look at cyber warfare and the organizations or the nation states that will be party to that is, what would be the most critical infrastructure or data that they would be after. And start by ensuring that we prioritize and leverage that prioritization to ensure that those targets or that data is absolutely secure. Right? So power, water, military. I mean, the list is actually relatively obvious. Making sure that we have systems, technologies, cybersecurity platforms, experts that ensure that those areas of our government or our country are protected. In some cases, I think we're doing a pretty good job, and in some cases, I think some of those areas might be underfunded as it relates to cybersecurity. So I think we just have to acknowledge that cyber warfare is something that will, without question, be used. And we've already seen examples of it being used, and that we have to ensure that we, as a world, as a country, allocate appropriate resources to ensure that the most critical resources of those organizations or of those countries, are protected.

Daniel Darling: And, you know, you can imagine there being quite a concerted effort around securing the infrastructure, as you say, or the critical infrastructure on top of that. But then there's the whole economic vulnerability and the economic potential attack surface, to companies. Is that really then in the hands of the private sector to really safeguard themselves and sort of be able to secure themselves from there? Or is it also in the hands of the government to help promote that?

Nick Schneider: I think it's in both hands. Right. As a business, I think you have a responsibility to protect against cyber threats because they are real and they can be really impactful to a business, just like any other risk to an organization. I think the same thing is true of the government. I think it would be foolish to ignore the threats against the government or a country as it relates to cybersecurity or cyber threat, and both entities, if you will, I think, need to react in kind and hopefully not react in silos, but react together to protect against that cyber threat. And I think you're starting to see that with some of the initiatives that have come out, some government funding that has come out. So I think we're making progress here, and, hopefully that progress continues.

Daniel Darling: Yeah. Because it seems like, just like we were talking about earlier, with Arctic Wolf's advantage of being across so many different types of organizations, is there a pathway of trying to have a kind of nation level amount of data to understand? Okay, how can we see all the attack surfaces and all the attack that are happening to feed this kind of nationwide data model to be able to better protect our, nation? Is that kind of where we're heading? Do you see any kind of kernels of that being built or sort of starting to happen?

Nick Schneider: Yeah, I mean, I think the good news is that the cybersecurity industry or ecosystem as a whole is pretty good about understanding that we're all in this fight together. So while vendors may compete for an individual customer, or organizations may work to get themselves protected better than the next, or the government may be working on certain aspects of cyber and not aspects of cyber in the private realm, I think the cybersecurity ecosystem as a whole understands that cybersecurity is a. Is a we problem. It's a problem that we all have to work towards. And I think that has always been the case, and I certainly think will continue, and I think that will lead to and drive collaboration and understanding of, bringing some of these network effects, you know, not only to individual vendors or organizations, but to the ecosystem as a whole.

Daniel Darling: Absolutely. It makes a ton of sense. And our, other areas of the industry, you know, in the next five years, that maybe don't have enough of a spotlight or attention that we should be talking about.

Nick Schneider: I think most of the core areas do have a good amount of attention right now. You know, I think the cloud is an area that is going to get more and more attention, and I think, you know, there are tools focused on that, but I think those tools need to also tie into a broader view of a, company's overall security posture. I think we talked about AI and making sure that you have AI top of mind with regards to how you will leverage it or how you will use it against any threat within your organization. And I think making sure that as an organization or as a new business, that when thinking about cybersecurity, you remember that the folks that have to use these tools or use these platforms need to be able to understand the outputs and what they're really after is not a bunch of data and graphs and charts and things to click through. What they're really after is across all of my ATT and CK surfaces, can I get a comprehensive answer as to how protected I am and what that means to my business? And I think the vendors that can answer those questions, or the businesses that can answer those questions will be the ones that will be most protected moving forward.

Daniel Darling: And I guess also how to then take action, against that. I can imagine that with so much going on across all of the different attack services, there needs to be a level of automation and putting this protection on autopilot as well as a way to escalate certain issues to an actual human.

Nick Schneider: Absolutely.

Daniel Darling: Well, thanks so much for the chat. It certainly is a really fascinating time to be in your industry, and I'm sure you're as busy as ever securing all the different types of attack services from there, so I appreciate you coming on and chatting to us today.

Nick Schneider: Absolutely. Thanks for having me.

Daniel Darling: Cybersecurity impacts us all and it's important to remain on top of where the industry is headed. Nick paints the picture of a runaway capabilities on all sides with no signs of slowing down. At the same time, looking at the complex world of cyber as a giant data problem offers a clarifying lens to how we can wrap our hands around these challenges. What stuck with me was that the network effects come into play with scale, allowing for the collective intelligence of good actors to be mobilized with amazing efficacy both on the company and national level. It seems more important than ever to present a unified front against the growing threats to follow the great work being done at Arctic Wolf, head over to their account on x @AWNetworks. I hope you enjoyed today’s episode and please subscribe to the podcast and more coming down the pipe until next time. Thanks for listening and have a great rest of your day.

back to episode thoughts