“Today’s CISOs are now responsible for protecting three times the attack surface”
Operational Technology (OT) security remains the flavour of the month in many vendor boardrooms — even if potential industrial customers remain wary of having their systems prodded and poked by IT security “specialists” who they fear wouldn’t know a SCADA system if it slapped them in the face.
Microsoft today proved its appetite is no exception, as it snapped up OT security specialist CyberX to bake its capabilities into Azure’s IoT offering and extend Azure security to “devices including those used in industrial IoT, Operational Technology and infrastructure scenarios,” as Microsoft put it.
Israel-founded, Massachusetts-based CyberX says its systems help guard two of the US’s five largest energy utilities, a top five global pharmaceutical company and a top five US chemical company. Partners have included IBM, Deutsche Telekom, Palo Alto Networks, DXC Technology, Splunk, Optiv, and McAfee.
The company didn’t put a price tag on the deal — Techcrunch sources put it at $165 million — but it comes two years after Microsoft promised $5 billion of investment in IoT to build a platform “for our customers and partners to build connected solutions – no matter where they are starting in their IoT journey.”
“With CyberX, customers can discover their existing IoT assets, and both manage and improve the security posture of those devices” Microsoft said in a press release, touting its ability to help customers “see a digital map of thousands of devices across a factory floor or within a building and gather information about their asset profile and vulnerabilities.”
CyberX’s team added in a short blog: “It has certainly has been an amazing trajectory since we started the company in 2013… We continue to be driven by a larger sense of purpose to protect the world from adversaries who are threatening the IoT and industrial networks upon which we all depend for safety, health, food, water, energy, transportation, and national defense.
“These networks today are often unmanaged, unpatched, and invisible to IT, allowing threat actors to easily bypass existing controls. And with the proliferation of digital transformation and Industry 4.0, today’s CISOs are now responsible for protecting three times the attack surface compared to just a few years ago — making the work we do more critical than ever.”