Governance & Risk Management
,
Vulnerability Assessment & Penetration Testing (VA/PT)
Asset Intelligence Deal Deepens Exposure Visibility, CTEM and Risk Prioritization
Arctic Wolf purchased an exposure assessment startup led by a former U.S. Air Force officer to more effectively correlate configuration risks with live threat data.
The Minneapolis-area security operations vendor plans to combine Austin, Texas-based Sevco Security’s exposure and configuration depth with Arctic Wolf’s extensive security telemetry, said President of Technology and Services Dan Schiappa. He said Sevco stood out because of its asset-first architectural approach, deep configuration visibility and strong technical team. The acquisition opens the door to continuous threat exposure management, or CTEM.
“We’ve always felt a very strong kinship with the front end of security because we also see what positive impact it makes to the reactive part of security,” Schiappa told Information Security Media Group. “So for us, the next natural evolution of vulnerability management is to move into a CTEM solution, really focus on threat exposure and a broader view of that.”
Sevco Security, founded in 2020, employs less than 30 people and has raised $38 million, having last received $17 million in new funding in 2023 from SYN Ventures. The company has been led by J.J. Guy, who spent five years in the U.S. Air Force, seven years as a technical operations officer for the U.S. government, five years as a founding engineer at Carbon Black and three years in the C-suite at JASK (see: Arctic Wolf Boosts MSP Tools, AI in Endpoint Defense Upgrade).
How Sevco, Arctic Wolf Will Unite Around Exposure Management
Vulnerability management allowed Arctic Wolf to identify known weaknesses, but CTEM expands that scope to misconfigurations, toxic combinations, privilege issues and other structural risks that may not qualify as traditional vulnerabilities but still increase attack surface. Arctic Wolf has always believed that strengthening asset awareness, exposure management and vulnerability prioritization boosts outcomes.
“One of the things that I think has made Arctic Wolf unique when we were primarily an MDR company and then moved into being a platform company was we still had a pretty heavy focus on preemptive security,” Schiappa said. “We did a lot of that through our concierge team. We expanded a little bit further into that when we launched what we call managed risk or vulnerability management solution.”
Rather than just identifying assets and known vulnerabilities, Sevco provides visibility into how those assets are configured, whether they align with best practices and whether toxic combinations or over privileged access conditions exist, he said. Arctic Wolf already collects vast amounts of security data, but its asset depth around configuration states and exposure details wasn’t as granular as Sevco’s, he said.
“When we start to identify things proactively, we can learn from the networking effect that we have within our platform what threats are out there and how the configurations of the various assets could expose them to those threats,” Schiappa said. “One of the ways we always see these attackers really find a foothold is through exposure.”
Many vendors in the exposure management space begin by identifying exposures and then working backward to understand the associated assets, but Sevco began by building a deep, normalized, comprehensive asset foundation and then layering exposure intelligence on top of that foundation. Arctic Wolf has asset data collected through integrations, endpoint agents and network sensors, he said.
“It was just a really, really good architectural fit into how we thought about assets,” Schiappa said. “If we built a CTEM solution in-house, we would have done it the same way they did it.”
What Sets Sevco’s Approach Apart From Asset Management Rivals
If a configuration weakness detected by Sevco exists on a server and Arctic Wolf sees active exploitation attempts in the wild, Schiappa said the platform can now connect those signals and elevate the urgency of remediation. The integration will help exposure data to be dynamically informed by live threat intelligence, resulting in smarter prioritization, improved remediation guidance and enhanced defense.
“It’s one thing to know if someone has an unpatched vulnerability on an asset. That’s fairly straightforward to understand, but if someone just has a configuration that’s not what it needs to be, this gives us an opportunity now to say, ‘Hey, this asset could be at risk of this potential threat that we’re seeing active in the security platform. This needs to be adjusted,'” Schiappa said.
Competitors may offer comprehensive asset discovery and configuration management, but they typically lack deep operational security data, Schiappa said. Arctic Wolf will pair exposure intelligence with real-world detection signals, MDR services, endpoint telemetry and network analytics to help the asset platform become more intelligent because of the surrounding security ecosystem, Schiappa said.
“The other competitors have lots of asset information, lots of configuration information,” Schiappa said. “They don’t have the hardcore what’s happening on the ground, hand-to-hand combat security information that really helps augment that. And that’s where the power comes.”
Over 12 to 18 months, Sevco’s asset data services will replace Arctic Wolf’s internal asset data services, with the merged system becoming the single source of truth for assets across the platform. Initially, there will be dual asset repositories, but ultimately all assets will be consolidated into a unified service as Sevco’s product continues to operate natively within the Arctic Wolf architecture, he said.
“MDR is a super important service, and it’s always going to be the DNA of how we started,” Schiappa said. “But now as a platform, it’s one of the many things that can add value to the other things in the platform.”