F-Secure spins out new enterprise security business: WithSecure

CEO tells The Reg of new branding ahead of Finnish vendor's corporate split

F-Secure's enterprise-facing business will have a new brand – WithSecure – and a sharpened focus when the company splits into two independent operations.

The move comes a month after the security vendor's board of directors revealed that the 34-year-old Helsinki-based company would carve out the consumer security business from its enterprise unit. The consumer business will retain the F-Secure name.

The final break will come this summer after a general meeting in May. The split is scheduled to complete on June 30.

Many of the old F-Secure executives, including CEO Juhani Hintikka, are making the move to WithSecure. Splitting the company in two makes sense, given the size of both the corporate and consumer units, and the business momentum each is experiencing, according to Hintikka.

Both operations have more than $100 million in annual revenues, he told The Register.

"That means in practice that some of the original synergies that there were between the two businesses are less relevant nowadays," the CEO said. "Both businesses have their own go-to-market organizations, their own product portfolio, their own customer description, and so forth. There really are just a few technical elements that both rely on, but the rest is really quite separate."

According to F-Secure's 2021 shareholder report [PDF], WithSecure will launch with about 1,300 employees.

Being an independent company will help WithSecure better define itself in an increasingly competitive global security market, Hintikka argued.

"That focus will help us become more agile, have faster time to market and, all in all, just make us more competitive in that sense," he said. "The other part is that we will be able to communicate the clear story to the markets – who we are and what we stand for and what our customers are, what their problems are. They are quite distinct between consumer and our B2B side. Also, that kind of structure allows us to also potentially then contemplate, for example, raising capital for certain purposes where we can be quite explicit about the business we're going after rather than an average of averages."

Such a focus will also help the new company's third-party sellers, who have in the past had to spend the first 15 minutes with corporate customers explaining the differences between what F-Secure's enterprise unit offered and what the consumer operations had in its portfolio.

The CEO noted that when organizations searched the F-Secure name online, it is the company's consumer-related products that get the most attention – even though it is the smaller of the two business units.

Hintikka said WithSecure will compete in a global market in which many of the companies are similar, with comparable products and skills. The company offers a range of products and services, addressing such areas as endpoint security, managed detection and response (MDR), collaboration protection for Salesforce and Microsoft 365, and vulnerability management.

He also pointed to the company's consultants – who work with enterprises to address their security needs – as another asset for the company.

"The things that differentiate us are this combination of expertise and great technology, but in the heart of our brand and what we stand for is actually something we call good partnership," the CEO said.

"It simply means that this is so complex, and it's evolving so fast, that it's hard for anybody to claim that they can solve all cybersecurity challenges alone. When we talk about security, it is something we do in partnership with our customers, with our partners."

It also helps that WithSecure is a European company. In today's political climate, the demand for data sovereignty and privacy is growing worldwide – nowhere more so than in Europe, where much of that demand is addressed by the General Data Protection Regulation (GDPR), which carries heavy potential penalties for violations.

The European Union earlier this month fined Meta – formerly Facebook – more than $18 million for GDPR violations tied to data breaches.

"In practice, for many of the corporate customers, it is the thought that is related to how we control the access to the data," Hintikka said. "Clearly in some countries, it is seen as a problem if data is outside of the country borders or if there is a fear – even a theoretical possibility – that a foreign government could get access to that data. That seems to matter more than it did before." ®

Other stories you might like

  • DeadBolt ransomware takes another shot at QNAP storage
    Keep boxes updated and protected to avoid a NAS-ty shock

    QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices' QTS or QuTS hero operating systems to the latest versions.

    The latest outbreak – detailed in a Friday advisory – is at least the fourth campaign by the DeadBolt gang against the vendor's users this year. According to QNAP officials, this particular run is encrypting files on NAS devices running outdated versions of Linux-based QTS 4.x, which presumably have some sort of exploitable weakness.

    The previous attacks occurred in January, March, and May.

    Continue reading
  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Halfords suffers a puncture in the customer details department
    I like driving in my car, hope my data's not gone far

    UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher.

    Like many, cyber security consultant Chris Hatton used Halfords to keep his car in tip-top condition, from tires through to the annual safety checks required for many UK cars.

    In January, Hatton replaced a tire on his car using a service from Halfords. It's a simple enough process – pick a tire online, select a date, then wait. A helpful confirmation email arrived with a link for order tracking. A curious soul, Hatton looked at what was happening behind the scenes when clicking the link and "noticed some API calls that seemed ripe for an IDOR" [Insecure Direct Object Reference].

    Continue reading
  • Splunk dabbles in edgy hardware, lowers data ingestion
    'Puck' hardware demoed with customers including Royal Dutch Shell to address big concern: cost

    Splunk has released a major update to its core data-crunching platform, emphasizing reductions in the quantity of data ingested and therefore the cost of operations.

    It also addresses a few security flaws that may not be fixable in earlier editions. The release is called Splunk 9.0.

    As explained to The Register by Splunk senior vice president Garth Fort, the changes reflect users' concerns that Splunk sucked up so much data that using the application had become very expensive. Fort even cited a joke that did the rounds when Cisco was said to have $20 billion earmarked to spend on Splunk and observers couldn't be sure if that was the sum needed to buy the company or just pay for licences.

    Continue reading

Biting the hand that feeds IT © 1998–2022