Microsoft has flexed its muscles in the cybersecurity space, and will drop a reported $500 million in cash to acquire RiskIQ, a late stage startup in the threat intelligence and attack surface management business.
The deal, believed to be Microsoft’s largest cybersecurity acquisition, gives Redmond an automatic entry point into the lucrative attack surface management and third party risk-intelligence space.
RiskIQ raised a total of $83 million over multiple venture capital funding rounds since launching in 2009 as a vendor capable of providing early warnings of data exposure on underground hacker forums. In 2015, RiskIQ acquired PassiveTotal as part of an expansion into the growing attack surface management business.
Microsoft called out the value of RiskIQ’s attack surface management capabilities as part of the impetus for the acquisition.
“As organizations pursue digital transformation and embrace the concept of Zero Trust, their applications, infrastructure, and even IoT applications are increasingly running across multiple clouds and hybrid cloud environments. Effectively the internet is becoming their new network, and it’s increasingly critical to understand the full scope of their assets to reduce their attack surface,” said Eric Doerr, Vice President of Cloud Security at Microsoft.
[ Related: For Microsoft, Security is a $10 Billion Business ]
Doerr said RiskIQ’s technology helps to manage the security of an organization’s entire attack surface — in the Microsoft cloud, AWS, other clouds, on-premises, and from their supply chain.
Microsoft has emerged as a cybersecurity powerhouse raking in more than $1 billion a year in revenues from products and and services that include Microsoft’s Azure Active Directory, Intune, Microsoft Defender for Endpoint, Office 365, Microsoft Cloud App Security, Microsoft Information and Governance, Azure Sentinel, Azure Monitoring, and Azure Information Protection.
The RiskIQ acquisition follows Microsoft’s recent purchase of IOT firmware security vendor ReFirm Labs, and CyberX, an IoT security company that provides a digital map of thousands of devices scattered throughout modern organizations.