Microsoft on Monday announced a deal to acquire attack surface management firm RiskIQ to bolster the tech giant’s capabilities around providing security across both cloud and on-premises environments.
Microsoft did not disclose the financial terms of the acquisition, but a Bloomberg report said the acquisition of RiskIQ will have a price tag of US$500 million (AU$668 million) and will be a cash deal.
The planned acquisition comes as Microsoft is seeking to enable 'zero trust' security for its customers, based around the principle that no user should be trusted by default since they could be compromised.
“As organizations pursue this digital transformation and embrace the concept of Zero Trust, their applications, infrastructure, and even IoT applications are increasingly running across multiple clouds and hybrid cloud environments,” Microsoft cloud security vice president Eric Doerr wrote in a blog post announcing the RiskIQ acquisition deal.
“Effectively the internet is becoming their new network, and it’s increasingly critical to understand the full scope of their assets to reduce their attack surface.”
RiskIQ’s technology enables the discovery and assessment of a customer’s security across the entire attack surface, including “in the Microsoft cloud, AWS, other clouds, on-premises, and from their supply chain,” Doerr wrote.
“With more than a decade of experience scanning and analyzing the internet, RiskIQ can help enterprises identify and remediate vulnerable assets before an attacker can capitalize on them."
The company also provides threat intelligence that is crowdsourced from security researchers and then analyzed with machine learning technologies.
“The combination of RiskIQ’s attack surface management and threat intelligence empowers security teams to assemble, graph, and identify connections between their digital attack surface and attacker infrastructure and activities to help provide increased protection and faster response,” Doerr wrote in the post.
The planned acquisition also comes amid the rise of ransomware attacks and in the wake of the massive SolarWinds hack, which have ensnared Microsoft and its platforms in numerous ways. The past year, in particular, has seen Microsoft get far more vocal and aggressive around the need for increasing security.
In a separate blog post, RiskIQ chief executive and founder Lou Manousos said that the company’s community of security researchers has reached more than 100,000 professionals who “we’re excited to have as partners in this journey. We’ll continue to support, nurture, and grow this community with Microsoft.”
RiskIQ will also “continue to grow and work with the valued members of our Interlock Partner Program,” Manousos said.
Ultimately, the company is joining Microsoft “to extend and accelerate our reach and impact,” he said.