Microsoft acquires threat intelligence startup RiskIQ

Microsoft has confirmed its acquiring security software firm RiskIQ as it seeks to bolster the security of its core products.

Terms of the deal were not disclosed, though Microsoft is said to be purchasing the security company in a $500 million (roughly £361 million) deal, according to Bloomberg, as it seeks to integrate RiskIQ’s services into its flagship products and improve the overall resilience for customers.

RiskIQ provides customers with cloud-based software as a service (SaaS) protection to detect phishing attacks, fraud attempts and malware infections. The company’s SaaS platform taps into a global Internet Intelligence graph that’s mapped billions of relationships between online elements within every organisation and hackers. 

Commenting on the deal, RiskIQ Cofounder and CEO Elias Manousos said: “The vision and mission of RiskIQ is to provide unmatched internet visibility and insights to better protect and inform our customers and partners’ security programmes.

“We’re thrilled to add RiskIQ’s Attack Surface and Threat Intelligence solutions to the Microsoft Security portfolio, extending and accelerating our impact. Our combined capabilities will enable best-in-class protection, investigations, and response against today’s threats.”

The acquisition plays into the trend of Microsoft adding more security-oriented tools to platforms like Windows and Azure in recent years as the prospect of cyber threats continues to swell. 

Last year, for example, Microsoft announced a strategic shift to compile its detection and event management services under the Microsoft Defender brand, alongside a host of new services and tools that customers can adopt. The firm described Microsoft Defender, at the time, as the “broadest resource coverage” of any portfolio across the industry, spanning identity protection, endpoints, cloud applications and infrastructure. 

This has come alongside a recruitment drive to add staff to examine Microsoft’s products for vulnerabilities, respond to attacks that its clients face, as well as run the Microsoft threat Intelligence Center, Bloomberg also reports.

Microsoft also struck a partnership with the cyber security organisation MITRE to integrate its adversarial tactics, techniques and common knowledge (ATT&CK) framework into Azure to build a foundation for developing threat models.

This integration saw the organisations jointly launch the Security Stack Mappings for Azure research project, which introduced a library of mappings that connect built-in Azure security controls to the techniques, identified by ATT&CK, that they’re designed to protect against. 

In June, meanwhile, Microsoft also acquired Internet of Things (IoT) security firm ReFirm Labs for an undisclosed fee. Microsoft highlighted the open source Binwalk software, which analyses thousands of device types for firmware issues, as a key reason for why it pursued the acquisition. The firm added these analytical capabilities would help secure IoT and operational technology (OT) devices through Azure Defender for IoT. 

Microsoft, alongside a number of other major companies, has been struggling to deal with the fallout of several major attacks. The most recent has been the Kaseya cyber attack, although this is just the latest in a particularly devastating series of events including the SolarWinds Orion hack as well as the Microsoft Exchange Server incident.