Microsoft has confirmed it's buying RiskIQ, a San Francisco-based cybersecurity company that provides threat intelligence and cloud-based software as a service for organizations.
Terms of the deal, which will see RiskIQ's threat intelligence services integrated into Microsoft's flagship security offerings, were not disclosed, although Bloomberg previously reported that Microsoft will pay more than $500 million in cash for the company. Microsoft declined to confirm the reported figure.
The announcement comes amid a heightened security landscape as organizations shift to remote and hybrid working strategies.
RiskIQ scours the web, mapping out details about websites and networks, domain name records, certificates and other information, like WHOIS registration data, providing customers visibility into what assets, devices and services can be accessed outside of a company's firewall. That helps companies lock down their assets and limit their attack surface from malicious actors. It's that data in large part that helped the company discover and understand Magecart, a collection of groups that inject credit card stealing malware into vulnerable websites.
Microsoft says that by embedding RiskIQ's technologies into its core products, its customers will be able to build a more comprehensive view of the global threats to their businesses as workforces continue to work outside of the traditional office environment.
The deal will also help organizations keep an eye on supply-chain risks, Microsoft says. This is likely a growing priority for many: An attack on software provider SolarWinds last year affected at least 18,000 of its customers, and just this month IT vendor Kaseya fell victim to a ransomware attack that spread to more than 1,000 downstream businesses.
Eric Doerr, vice president of cloud security at Microsoft, said: "RiskIQ helps customers discover and assess the security of their entire enterprise attack surface — in the Microsoft cloud, AWS, other clouds, on-premises, and from their supply chain. With more than a decade of experience scanning and analyzing the internet, RiskIQ can help enterprises identify and remediate vulnerable assets before an attacker can capitalize on them."
RiskIQ was founded in 2009 and has raised a total of $83 million over four rounds of funding. Elias Manousos, who co-founded RiskIQ and serves as its chief executive, said he was "thrilled" at the acquisition.
“The vision and mission of RiskIQ is to provide unmatched internet visibility and insights to better protect and inform our customers and partners’ security programs," said Manousos. "Our combined capabilities will enable best-in-class protection, investigations, and response against today’s threats.”
The acquisition is one of many Microsoft has made recently in the cybersecurity space. The software giant last year bought Israeli security startup CyberX in a bid to boost its Azure IoT business, and just last month it acquired Internet of Things security firm ReFirm Labs.