Right now, Microsoft introduced that it has acquired Waltham, Massachusetts-based mostly internet-of-points (IoT course) and industrial control system (ICS) stability vendor CyberX. While the invest in value was not disclosed, media experiences are speculating that the invest in price tag was somewhere concerning $150–$165 million. Launched in 2013, CyberX has raised $48 million in enterprise funds, so this offer offers a very good return to investors.
CyberX’s main solution can keep track of IoT course and ICS environments (passively or actively) to receive asset information and facts, risk and vulnerability information and facts, and actual-time alerts about threats and malfunctioning operational tools. The strategic intent behind the merger seems to be to expand the current Microsoft Azure Stability stack into ICS/operational technological know-how (OT) environments.
These are our main takeaways from the Microsoft/CyberX deal:
- Massive security suppliers continue to extend into IoT course and ICS safety. This offer represents the fourth major acquisition of an ICS security seller by a larger IT stability vendor in the final 18 months, following Tenable’s purchase of Indegy in December 2019, Cisco’s acquisition of Sentryo in August 2019, and Forescout’s purchase of SecurityMatters in November 2018. The whole worth of these offers exceeds $400 million. The Microsoft/CyberX combination is the latest (but very likely not the previous) endeavor to go soon after this eye-catching market place segment.
- Protecting critical infrastructure techniques is a high-progress cybersecurity priority. The rise of cyberincidents towards vital infrastructure vendors, whether or not by way of ransomware targeting out-of-date Home windows devices or ICS-specific malware environments, has elevated the precedence of ICS/OT cybersecurity, as perfectly as curiosity from regulators and governing administration companies that observe critical infrastructure. With CyberX, Microsoft now has a solution to compete in the ICS industry versus the substantial vendors pointed out in the past bullet and other independent ICS stability pure-performs these as Claroty, Dragos, and Nozomi Networks.
- This deal makes a faster on-ramp towards IT/OT convergence. With CyberX, Microsoft is raising its capabilities to protected non-IT belongings this kind of as the industrial internet of things course, SCADA, DCS, and far more. Protection operations facilities shifting to the new Sentinel SIEM platform will enjoy having all protection logs in 1 location. At the 2020 RSA Meeting, CyberX announced an API integration with Azure Protection Center.
- This tech could also be employed to strengthen the resiliency of Microsoft info centers. As enterprises demand much more resiliency from their cloud providers, facts centers are becoming extra like industrial amenities and have to have additional visibility and defense of OT parts utilized in these information facilities. So whilst the CyberX acquisition will permit Microsoft to handle customers’ OT/ICS use situations, Microsoft could also leverage the very same tech internally to increase visibility and resiliency of its facts facilities.
Forrester expects that the achievement of this acquisition will hinge on the adhering to factors:
- How perfectly can Microsoft integrate the CyberX offering into its existing alternatives?
- How nicely can Microsoft position this supplying to a single business customer? ICS/OT initiatives are often managed outside of IT security, so Microsoft will require to build relationships within these buyers, which are generally outside of Microsoft’s classic IT purchaser.
You can also go through extra about the ICS protection vendor landscape in our 2019 report, “New Tech: Industrial Control Systems (ICS) Stability Alternatives, Q1 2019.”