Microsoft To Acquire RiskIQ To Bolster Cybersecurity

Microsoft is to acquire San Francisco-based cybersecurity firm RiskIQ to help companies bolster their cyber defences.

Redmond announced the acquisition on Monday, but did not disclose how much it will pay for the firm that specialises in helping customers identify their “attack surfaces” and it also utilises “threat intelligence from a global, outside-in perspective.”

RiskIQ was the firm that identified the “skimming” group called Magecart, that had carried out the attack of BA systems in 2018 that stole data from hundreds of thousands of passengers and staff.

RiskIQ purchase

Microsoft in its announcement said that organisations are now having to deal with two pressing issues.

The first is the increasing threat landscape they are facing, coupled with the demand to adapt to a hybrid working model as staff seek to combine both home and office working in a post Covid world.

“Today, Microsoft is announcing that we have entered into a definitive agreement to acquire RiskIQ, a leader in global threat intelligence and attack surface management, to help our shared customers build a more comprehensive view of the global threats to their businesses, better understand vulnerable internet-facing assets, and build world-class threat intelligence,” said the software giant.

“RiskIQ helps customers discover and assess the security of their entire enterprise attack surface – in the Microsoft cloud, AWS, other clouds, on-premises, and from their supply chain,” it added. “With more than a decade of experience scanning and analysing the internet, RiskIQ can help enterprises identify and remediate vulnerable assets before an attacker can capitalize on them.”

“The vision and mission of RiskIQ is to provide unmatched internet visibility and insights to better protect and inform our customers and partners’ security programs,” said RiskIQ co-founder and CEO Elias Manousos.

“We’re thrilled to add RiskIQ’s Attack Surface and Threat Intelligence solutions to the Microsoft Security portfolio, extending and accelerating our impact,” said Manousos. “Our combined capabilities will enable best-in-class protection, investigations, and response against today’s threats.”

There was no word as to the financial terms of the acquisition (although Bloomberg stated it was in the region of $500 million), nor whether the acquisition will result in any ‘cost-savings’ or ‘efficiencies’ (i.e. layoffs and redundancies).

Microsoft incidents

Microsoft of course has had its own cybersecurity challenges this year.

The most notable one was when Chinese-linked group Hafnium breached the company’s Exchange email service in March this year.

That incident follows the hack last year of SolarWinds’ widely used Orion IT monitoring tool, which also in turn compromised Microsoft systems.

That compromise resulted in the theft of Microsoft customer data and also allowed the hackers to view Microsoft source code.