I think, especially in a technology company, you have to be immersed in the space that you’re playing in: your customers, your technology, your competitors, etc. To build a company, you really have to understand it all.
Our beginning thesis for Arctic Wolf came from my prior employer Blue Coat. The Blue Coat proxy produced these very voluminous logs, and we had customers that would constantly reach out to Blue Coat and ask “Hey, what about this? What's this person doing? Where is this going?” This issue got repeated so many times that it stuck with me.
I had ostensibly retired when I left Blue Coat, but it didn’t stick very well. After about six months, I called my co-founder Kim and said, “I'm bored.” And it turned out, she was bored, too. That always leads to bad things. We sat around her kitchen island and brainstormed a half dozen different ideas. This one idea stuck with both of us. We were both former Blue Coat people and the idea was that, there is value in the log data.
But we also knew that organizations lacked the discipline, the capability, or the budget to get the value out of the log data. The value of the log data was predicated on a core premise in the cybersecurity industry: that you take all of these steps to protect your environment, but you have to put a monitoring capability in place to know when that protection fails.
Yes, you need defenses: firewalls, endpoint agents, antivirus, e-mail protection, identity protection, and so on. But, sooner or later, because humans are fallible and we do silly things, that protection is going to fail. When it does, you have to be able to detect it. If you can detect it fairly quickly and remediate it, you avoid any real damage. That was the real essence of the original idea.
At first, we called it continuous monitoring. Then we called it SOC-as-a-service or SIEM-as-a-service. Now the world knows it as MDR (Managed Detection and Response). The idea started with our deep immersion in the space, based on our experience with log data at Blue Coat. Then we realized, that we as a security organization, could do this better than an individual company could do it themselves. Tying those two insights together was really what led us down the path to starting Arctic Wolf.