WithSecure takes a fluff-free approach with its 'co-security' vision and AI limitations

WithSecure interim CEO Antti Koskela on stage at SPHERE24
(Image credit: Future)

Throughout its Sphere 2024 event in Helsinki, WithSecure has worked to paint a clearer picture of its path in the enterprise security space, with a focus on restoring confidence in the mid-market through a modular package of cloud security solutions and services.

Beginning his opening keynote Antti Koskela, interim CEO at WithSecure, says he wanted to do something different with the company’s events, epitomized by its ‘co-security unconference’ tagline.

Elaborating on this in conversation with ITPro, he explains he wanted WithSecure’s event to stand out from the crowd with a more pronounced focus on the cyber security big picture. This was evident from the beginning of Sphere 2024, with the keynote lineup dominated by thought leaders from outside the organization.

The term ‘co-security’, has received some scrutiny in the past for lacking a clear definition. But at Sphere 2024, the company leaned into this as emblematic of its collaborative approach with its partners and customers. Through its announcements at the event, WithSecure has laid out its strategy and emphasized the opportunities it can leverage along the way – a far cry from the company's lack of direction just two years ago.

Co-security as a unique selling point

The major product launches at the event added context to the term, all of which fall under the company’s flagship, cloud-native Elements Cloud platform. Each was framed in terms of how they fit into this vision of collaboration between WithSecure, its partners, and the end user.

Koskela outlines how the Elements Cloud embodies their co-secure objectives through a collaborative, modular security platform targeting mid-sized organizations. He believes this approach differentiates WithSecure’s offerings from some of its larger competitors.

“Often in security, in the large company playbook, you buy tools and you hire teams who work 24/7 and then you have a massive security operations center. So the minimum is usually seven people and the cost for that would be anywhere between $700,000 to $1,000,000 just for the people cost, and these mid-sized companies don't have that kind of money.”

In contrast, Koskela explains, WithSecure is targeting a model where these medium-sized organizations have access to their co-security services as modular capabilities as part of Elements Cloud, while still able to offer the software as a standalone solution for those who don’t need the extra support.

“The key word is modularity, so we adjust our model to the way our partner wants to work,” he tells ITPro. “Some of our partners are pure [managed service providers] (MSPs), they are security providers and they don’t need anything from us, they just take the software – and that’s perfectly fine.”

Koskela contrasts this approach with that of WithSecure’s larger competitors, which he says lock customers into paying for a complex web of products they lack the personnel to properly leverage.

“[Organizations] in the mid-market usually have maybe one IT  person that looks after them,” he notes, adding “When you buy large bundled licenses … you are alone and end up buying a lot more for the services..

“Because once the licensing guy has sold it, you never see them again, and then you need to contact the service partner to actually run a [security operations center] (SOC) for you, and that’s going to cost you”.

Moving forward, Koskela says, WithSecure will work to position itself as the more flexible enterprise security option for medium-sized companies. Its modular approach and ongoing support will be available either in-house or through partners.

In this sense, WithSecure’s efforts to clarify where it sees the future of the business have been largely successful.  The strategy itself looks to put the company in a good position within the security market, considering the ongoing issues smaller businesses are experiencing with managing a complex attack surface in an increasingly hostile threat landscape.

The company’s other verticals – WithSecure Consulting and Cloud Protection for Salesforce, leftover from the split with F-Secure in 2022 – are separate from their Elements strategy. Koskela adds that WithSecure will continue to look for strategic options in this area and doesn’t rule out the potential for divestment in the future.

A limited by design approach to generative AI

The biggest announcement of Sphere 2024 was the official launch of WithSecure’s generative AI platform Luminen, which Koskela says will be a core part of the company's mid-market appeal.

Luminen will be natively embedded into Elements Cloud and promises to bring intuitive human user experience to security dashboards, to boost situational awareness through natural language explanations of security events.

This sounds much like many of the other generative AI plays we have seen in the security industry over the past few years, such as Copilot for Security or Gemini in Security Command Center. But WithSecure’s approach aims to largely sidestep the AI hype and direct comparisons with hyperscaler AI tools, with a focus on cost-effective value. 

Carefully dubbed a generative AI ‘experience’, Koskela explains that WithSecure doesn’t want to be seen as adding to the pile of yet another security AI copilots in what is already a crowded market. Luminen is intended to bring a more integrated experience without the security risks associated with chatbots.


To achieve this, WithSecure says it will ‘take ownership of the prompt’, with Luminen disallowing users from entering custom prompts to lessen the risk of hallucinations. Instead, customers choose internally generated prompts rooted in their enterprise data.

Not only does this remove the chance for malicious actors to jailbreak the system using prompt engineering techniques, it also ensures Luminen’s capabilities are only being pushed when really needed. 

The rush to get in on the generative AI boom has led to a number of products hitting the market without a clear business use case, and Koskela said he didn’t want  Luminen to fall into the same trap, noting the sustainability concerns associated with generative AI and its intense data demands.

It’s a refreshing approach in an incredibly saturated space, reflecting a wary attitude around new technologies lacking precise value propositions. It’s clear  that WithSecure is looking to meet the worries of its customers when it comes to the security or energy impact of generative AI, having made a point of limiting Luminen to vital and valuable tasks.

This has been echoed throughout Sphere 2024, as WithSecure executives worked to avoid vague promises of what could be possible in the future.

WithSecure’s considered approach to entering the generative AI market reflects a newfound clarity around its co-security strategy. With its Elements Cloud targeting mid-sized enterprises through a flexible cloud security software and services ecosystem and its straightforward generative AI platform aiming to simplify security management, WithSecure has made significant progress in demonstrating a viable strategy to compete in the enterprise security space.

Solomon Klappholz
Staff Writer

Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.