Corporate cybersecurity has been a fast-growing segment of Finnish cybersecurity specialist F-Secure’s business since 2015, according to Juha Kivikoski, Executive Vice President of Enterprise & Channel Sales.
“In Q3 2018, corporate security became the leading business area. Our biggest business today is corporate security. Before 2014, F-Secure’s business was 100% concentrated on endpoint protection. Then, from 2015 onwards, F-Secure began to focus more on advanced security technologies,” said Juha at the F-Secure Asia-Pacific and Japan Partner Summit 2019 held recently in Bangkok, Thailand.
Juha noted that F-Secure has been accelerating its order intake in new technologies faster than in traditional endpoint protection business.
“F-Secure is on a mission for growth, and this is executed through the new technologies. In the last 3 months, 57% of all orders have been coming from these technologies, such as vulnerability management, managed detection and response technologies, cloud protection, and of course consulting has also been playing a great role.”
He further explained that the reason why F-Secure’s corporate security business has been booming is due to the fact that cyberattacks are getting more focussed and advanced, as well as other global trends.
“There are more advanced threats out there; the authorities are coming up with more regulations so there is more need for compliance. Nation-states also initiate cyber-attacks, which creates more pressure and demand/awareness for cybersecurity solutions. A lot of companies all over the world are moving into the cloud; it’s not necessarily a bad thing, but it does mean that we need to find new ways of securing the data going into the cloud and coming back out from there. Digitalisation also drives cybersecurity; every time we have less paper, we need more security.”
A significant part of the growth in corporate security is in the line of managed detection and response, a market which Juha said will become the core business for F-Secure.
“Many of the organisations are looking outside. They are thinking ‘Hey, we can’t manage our environment ourselves; we need to have some partners; we need some people who do security as a profession.’ There is an increasing demand for outsourcing security, especially,” explained Juha.
Security consulting is another big area that is growing fast, according to Juha.
“There is an increasing need for cybersecurity consulting that is not just academic and advisory in nature. There is software consulting to ensure that software is secure; there is hardware consulting where hardware is analysed and designed to ensure security compliance; and hardware plus software consulting to ensure that both together are secure.”
A glimpse into F-Secure’s extensive portfolio of cybersecurity solutions
F-Secure’s extended portfolio of solutions includes leading-edge endpoint protection technology, vulnerability management (Radar), anti-phishing behavioural system (phishd), endpoint detection and response (EDR) solutions, and managed detection and response (MDR) solutions (Countercept and RDS).
“With Countercept, you are able to do response, not just detection. So we have a very comprehensive portfolio of technologies. This enables rapid growth, because cross-selling opportunities with only endpoint protection is much lower than an integrated suite incorporating MDR,” Juha highlighted.
Through its portfolio, F-Secure is able to offer a comprehensive range of solutions that cover the two markets it concentrates on. Mass attacks are handled by F-Secure’s endpoint protection, which is how it protects its customers from known attack vectors. With EDR melding into endpoint protection technologies, Juha envisions that moving into the future, every customer buying endpoint technology will be buying EDR as well; in the end, both endpoint protection and EDR will be brought together in a bundled solution.
For the more advanced threats that can get through the endpoint protection, F-Secure has two elements to its solutions, including MDR. The first is technology that sorts through tens of millions of reported incidents around the world, and the second is the human understanding to assess its impact. “Regardless of vendor, there is no 100% protection gained from installing technology. Only when these threats have been detected can remediation activities take place.”
The managed services segment, in particular, is growing very fast, because it’s very expensive for companies to manage cybersecurity themselves.
“Building something similar to F-Secure’s rapid detection centre, where we analyse all the incidents we receives from our RDS solution, would cost USD2 million annually. Such services are marketed at high-profile companies who face a large number of cyberattacks,” Juha explained.
While F-Secure has 7,000 partners globally, through which its products and services are available, its strategy is not to grow its number of partners. Rather, it is to focus on increasing the quality of its partners, from being simply resellers to service and solution providers.
Indeed, many of F-Secure’s partners are building their EDR capabilities, and many partners are building their service capabilities by using F-Secure’s MDR solutions. These partners complement F-Secure’s capabilities with their own service offerings, providing high value to their customers, while building a high-profit business for themselves. Gartner has estimated that in 2019, 70% of endpoint protection purchases will be a bundled solution.
Keith Martin, the company’s Regional Director (Asia-Pacific and Japan) later told the audience that F-Secure believes in a ‘win-win’ philosophy for both F-Secure and its partners.
“Our partners are an extension of F-Secure and everything that we stand for. For example, here in the Asia-Pacific and Japan region, we only have 37 sales and marketing staff but we have grown tremendously due to our partners’ efforts. And that’s how it should be – for us all to grow together.”