Endpoint Security
,
Open XDR
,
Security Operations
Deal With BlackBerry Integrates EDR for Hybrid XDR Platform for Midmarket Customers
Arctic Wolf plans to purchase the beleaguered Cylance endpoint security business for $160 million to evolve from a services-based strategy to a more product-centric one.
See Also: Revealing the Threat Landscape: 2024 Elastic Global Threat Report
The Minneapolis-area security operations stalwart said its proposed acquisition of Waterloo, Ontario-based Cylance will help Arctic Wolf drive a SecOps-focused take on EDR and XDR that will differentiate the company from its market rivals, said Chief Product and Services Officer Dan Schiappa. BlackBerry paid $1.4 billion for Cylance in February 2018, back when it was a high-flying endpoint market disruptor.
“The endpoint is becoming even more critical than ever, with things like SASE and remote workers and people not going behind the firewall becoming very common,” Schiappa said. “About 95% of all of our security investigations have tons of endpoint data core to it. When we go to the competitive landscape, frankly, there’s times when we may not win a deal because they only had budget for endpoint or EDR.”
The deal includes an $80 million payment to BlackBerry at closing and approximately $40 million more one year after closing. BlackBerry’s stock is up $0.40 – or 15.03% – to $3.10 per share Monday, which is the highest the firm’s stock has traded since May 15. BlackBerry CFO Tim Foote told investors in October that investing heavily in Cylance is no longer “the optimal use of the company’s capital” (see: BlackBerry Cuts Cylance Spend to Focus on Profitable Areas).
How Arctic Wolf, Cylance Will Come Together
The acquisition of Cylance will help Arctic Wolf offer standalone MDR or hybrid EDR/MDR solutions that align with varied customer budgets while enhancing margins and growing customer reach, Schiappa said. Buying an AI-first endpoint security pioneer will enable Arctic Wolf to deliver simplified yet powerful XDR capabilities, helping companies get superior security outcomes without needing specialized expertise.
“From a business perspective, moving us into a product-like financial profile is great for margins and things of that nature,” Schiappa said. “But for us really, the customer is at the heart of this, and to reduce the go-to-market complexity they have, and managing different vendors and pricing models and all sorts of stuff like that. And for us, that meant expanding to the endpoint.”
Schiappa said Arctic Wolf and Cylance have a high level of technological alignment, with both platforms being cloud-based, built on AWS and employing data lake architectures. The integration will result in a modular agent capable of providing tailored functionality depending on customer needs, with some customers requiring telemetry protection while others needing advanced protection or full XDR.
“The key thing is building the agent architecture so it can be broken down into various components,” Schiappa said. “I may only need the sensor piece because I’m running somebody else’s endpoint, or I only want protection because I don’t care about detection because you’re doing MDR, or I want the whole thing. That’s why we’re going to continue to focus on that architectural build for them.”
“The good news is both of our agents individually are very low resource-based agents, so neither one is taking up a lot of resources,” Schiappa said. “We even run side-by-side with Cylance today with many of our mutual customers, and the performance impact is de minimis.”
What Sets the Combined Company Apart from Rivals
Buying Cylance will help organizations tailor how they leverage Arctic Wolf’s capabilities – whether by outsourcing their SOC entirely, sharing responsibilities during specific hours, or adopting a flexible mix of product and service, Schiappa said. Many of Arctic Wolf’s team members have prior experience with companies such as Sophos and Microsoft, ensuring a strong foundation for collaboration with Cylance (see: Inside Arctic Wolf’s SecOps Growth Strategy From MDR to ITDR).
“There’s approximately 400 people that we’ll be making offers to in between sign and close,” Schiappa said. “We’ll work out those specifics. There’s no foreseeable major changes in leadership there. But that’ll depend on how things flush out between sign and close.”
While competitors such as CrowdStrike and Microsoft dominate with endpoint-centric solutions, Schiappa said Arctic Wolf offers a broader lens, integrating data across endpoints, networks, identities and other attack surfaces. Arctic Wolf’s years of running Security Operations Centers at scale helps the company deliver actionable intelligence from raw data, a capability that many XDR competitors lack, he said.
“A lot of the XDR solutions, they’re really just bringing in alerts from other products,” Schiappa said. “They’re not bringing in a lot of raw telemetry where they’re building out cross-attack surface detections and AI models to filter through and align all that context to each other. And that’s what we do, because we’re open.”
Arctic Wolf plans to track revenue growth for the combined business, cross-sell opportunities and new customer acquisition, with the company aiming to improve its position in analyst rankings and achieve greater market recognition as a leader in security operations. The company will also track the adoption of Cylance’s technologies among Arctic Wolf’s current customers and vice versa, according to Schiappa.
“We wouldn’t have made this acquisition to just tick a box if we didn’t think we want to grow it,” Schiappa said. “We want to be in a leader’s position across the analyst rankings, and really go after the market.”