WithSecure’s generative AI focus could be the key to cracking its mid-market push
Since spinning out from its consumer-focused parent company F-secure in 2022, WithSecure has struggled to carve out a distinct lane in the enterprise security space.
Facing an uphill battle against well-established competition, WithSecure has repeatedly fallen short of profitability and missed this goal at the end of its FY 23.
Despite this, the firm has a potential path to profitability by expanding its cloud security platform as organizations look to consolidate their security portfolios, which have become increasingly complex as a result of the cloud transformation.
WithSecure’s Elements cloud security products have given the firm something of a foundation on which to build on since being launched in 2021, but its beleaguered on-premises segment and consultancy services have continued to decline.
But with the advent of generative AI in late 2022, WithSecure could finally be on the road to finding its niche. The demand for AI-powered security tools has accelerated rapidly over the last year, and with use-cases on the potential of AI tools in security showing promising signs, this represents an opportune moment for the firm to capitalize.
The firm predicts the majority of cyber risks associated with the adoption of generative AI tools come from how these models are integrated into systems and workflows, rather than the models themselves.
Accordingly, WithSecure could find a happy hunting ground in helping organizations integrate LLMs into their IT systems securely, providing services around AI governance, AI risk modeling, and penetration testing for LLM applications and infrastructure underpinning the models.
As businesses, especially those without the resources of large enterprises, contend with ongoing skills shortages stifling their access to the technical expertise needed to implement generative AI solutions, this could leave an opening for WithSecure to firmly establish itself in the enterprise cloud-consulting space.
WithSecure showed its bullishness on generative AI with two recent announcements, the first offering partners early access to its new exposure management technology that uses LLMs to prioritize and recommend steps customers can take to remediate vulnerabilities and reduce their threat exposure.
The second is the launch of Luminem, WithSecure’s new generative AI ‘experience’ that will be available through the Elements Cloud. Much like analogous security copilots on offer from some of its larger competitors, Luminem will offer a variety of automation and optimization capabilities to streamline security workflows.
At SPHERE24, WithSecure will need to demonstrate where the unique value of its solution lies, and why Luminem is more than just them catching up with similar solutions from Cisco, Fortinet, and Check Point.
WithSecure needs to clear up its messaging
WithSecure still suffers from a lack of clarity around its vision for co-security, a buzzword it has bandied around for the last few years as a differentiator for the business in the crowded enterprise security ecosystem.
Co-security was the talk of the town at SPHERE22, without necessarily a clear vision of what it actually meant apart from a vague sense that the security community needs to embrace collaboration. This, WithSecure proposes, is necessary to manage interwoven IT estates and contend with an increasingly hostile threat landscape.
Over the course of 2023, WithSecure introduced a series of products to expand upon its co-security vision, one of these being a co-monitoring service launched March 2023 which promises to alleviate some of the burden of staying on top of network alerts by using WithSecure’s inhouse team to deliver 24 hour monitoring.
Yet without any substance behind the concept, the firm could struggle to get buy-in from customers. Generative AI, however, gives it the chance to flesh out the concept moving forward.
It’s clear WithSecure has not given up on its cyber consultancy services, despite stiff competition from competitors like McAfee or Trend Micro, and the AI explosion could present a lifeline it desperately needs, but if it is to keep its head above water, its cloud portfolio will need to continue to prop up its revenue generation.
Cloud will remain WithSecure’s cash cow as it looks to expand its exposure management capabilities
Since the demerger, WithSecure’s route to stability was seen to be targeting mid-sized companies with its cloud security platform. This is a path to capturing the growing demand from the industry from cloud infrastructure solutions, which has only grown in demand since generative AI became widespread.
WithSecure updated its strategy in October 2023 to formalize its effort to push its Elements Cloud portfolio to mid-market customers through its partner network. It stated it was exploring strategic options that included a full or partial divestment from its underperforming cyber consulting and Cloud Protection for Salesforce segments.
At SPHERE23, WithSecure built out its Elements platform unveiling a new Cloud Security Posture Management (CSPM) product, a tool that will give enterprises automated identification and remediation tools for risks associated with their cloud infrastructure.
Identifying the established trend of companies moving towards hybrid, multi-cloud infrastructure, and anticipating the rush to adopt generative AI technologies, WithSecure’s CPSM solution aims to help customers eliminate breaches caused by misconfiguration of cloud assets.
Gartner predicted that through 2025, 90% of organizations that fail to control how they use the public cloud will “inappropriately share sensitive data”. On top of this, the well established digital skills gaps will mean many firms lack the in-house expertise to ensure their systems are configured properly.
Continuing to expand its security solutions for cloud infrastructure and meeting the demand for these tools at mid-sized organizations will be integral to WithSecure’s continued success.
Whether or not this will happen remains to be seen, and the company’s reliance on its cloud security arm suggests that if WithSecure is not able to capture the new demand from the medium-sized enterprises, it’s path to recovery could be rocky.