Arctic Wolf to Acquire Cylance for $160 Million, Enhancing Cybersecurity Offerings with EDR/XDR Integration
Arctic Wolf, a prominent figure in security operations, has announced plans to acquire the struggling Cylance endpoint security business for $160 million. This acquisition marks a strategic shift for Arctic Wolf, transitioning from a service-oriented model to a more product-focused framework aimed at enhancing its offerings for mid-market customers.
The planned acquisition of Cylance, based in Waterloo, Ontario, is expected to bolster Arctic Wolf’s capabilities in endpoint detection and response (EDR) and extended detection and response (XDR), setting it apart from its competitors. Dan Schiappa, Arctic Wolf’s Chief Product and Services Officer, stated that the integration will allow the company to adopt a SecOps-driven approach to EDR and XDR, thereby distinguishing them in a crowded market. Notably, BlackBerry had purchased Cylance for $1.4 billion in 2018 when it was gaining significant traction in the endpoint security domain.
As remote work and secure access service edge (SASE) models gain prevalence, the importance of endpoint security has intensified. Schiappa emphasized that endpoint data plays a critical role in approximately 95% of security investigations. This acquisition aims to ensure Arctic Wolf can remain competitive in scenarios where budget limitations restrict solely endpoint-focused solutions.
The acquisition structure entails an initial payment of $80 million to BlackBerry, followed by an additional $40 million approximately a year later. Following the announcement, BlackBerry’s stock rose to its highest level since May, reflecting investor optimism regarding the deal. This move also aligns with BlackBerry CFO Tim Foote’s recent comments, wherein he stated that continued investment in Cylance was not the most effective use of the company’s capital.
The CIO of Arctic Wolf stated that the synergy between their platforms, built on cloud technology using AWS and data lake methodologies, will allow for creating flexible, modular solutions tailored to customer need variations. This modular agent architecture will enable clients to select specific functionalities, whether they require telemetry protection or comprehensive XDR.
A key advantage for Arctic Wolf lies in its unique capability of combining extensive data from multiple sources such as endpoints, networks, and identities. By leveraging the substantial experience of its team, including members from companies like Sophos and Microsoft, Arctic Wolf aims to streamline the integration process, enhancing its service delivery.
In competition with established players like CrowdStrike and Microsoft, Arctic Wolf seeks to differentiate its offerings through a comprehensive, cross-attack surface intelligence approach, rather than simply aggregating alerts from various products. Schiappa highlighted that many competing XDR solutions lack the capability to analyze raw telemetry data effectively.
As this acquisition unfolds, Arctic Wolf plans to monitor key performance indicators such as revenue growth, cross-sell opportunities, and customer base expansion, which are vital for positioning the combined entity as a leader in security operations. The implementation and adoption of Cylance’s advanced technologies within Arctic Wolf’s existing framework will also be closely tracked in a bid to maximize operational effectiveness.
In examining the potential attack vectors relevant to this acquisition, tactics detailed in the MITRE ATT&CK framework, including initial access, privilege escalation, and persistence, can serve as critical lenses for understanding the broader cybersecurity landscape. This approach underscores Arctic Wolf’s commitment to delivering cutting-edge security solutions tailored to mitigate evolving threats faced by businesses today.
