Microsoft confirms acquisition of CyberX to boost security in its Azure IoT business

Another big acquisition out of Israel this week points to how bigger tech companies are using the economic slowdown to focus on their longer-term strategies and shore up assets to support that. Today Microsoft announced that it would be acquiring CyberX, a security startup that focuses specifically on detecting, stopping, and predicting security breaches on internet of things networks and the networks of large industrial organizations. Terms of the deal are not being disclosed — we’re asking still — but sources say that it’s in the region of $165 million.

“CyberX will complement the existing Azure IoT security capabilities, and extends to existing devices including those used in industrial IoT, Operational Technology and infrastructure scenarios” said Michal Braverman-Blumenstyk, CVP, CTO, Cloud + AI Security, and Sam George, CVP, Cloud + AI Azure IoT in a blog post. “With CyberX, customers can discover their existing IoT assets, and both manage and improve the security posture of those devices.”

The deal caps off months of speculation that Microsoft would acquire the company. The reports started back in February, then went quiet, and then started to reappear again in May. Between then and now, the rumoured price also went up to $165 million from $150 million, which may have meant that the delay in closing the deal hinged on the valuation (or simply went up as others started to look at the company).

Microsoft’s interest in the company touches on two key areas that the company has been working on building up over the last several years: IT services for large enterprises, and cybersecurity — specifically cybersecurity leveraging AI to identify and tackle next-generation challenges.

The two have a large overlap in the form of CyberX, which works with major energy utilities, telecoms carriers, chemical producers and other industrial companies that utilise a lot of “unmanned” machines managed across sprawling networks for essential services: it applies behavioural analytics and other AI-based techniques to continuously monitor network activity and detect anomalies that could indicate breaches.

Microsoft’s also betting big on IoT: it’s invested $5 billion into the area in the last couple of years on a wider platform for building — and critically for Azure operating — IoT solutions as part of its larger enterprise push. Security has to be a major cornerstone of that, with too many examples racking up of flaws in poorly built or maintained systems proving to be doorways into wider vulnerabilities across entire networks.

It looks like the whole company, including the founders, will be joining Microsoft with this deal.

“Nir and I founded CyberX with the goal of delivering a scalable solution that would be easy to deploy and reduce risk for enterprises worldwide,” said Omer Schneider, co-founder and CEO of CyberX, in a blog post announcing the deal. “We’re thankful to our loyal customers and partners as well as to our dedicated employees whose innovation and hard work made it possible for us to reach this important milestone, and also to our investors for their ongoing support.”

“By joining forces with Microsoft, we will rapidly scale our business and technology to securely enable digital transformation for many more organizations,” add Nir Giller, co-founder, GM International, and CTO of CyberX. “Together, CyberX and Microsoft provide an unbeatable solution for gaining visibility and a holistic understanding of risk for all IoT and OT devices in your enterprise.”

CyberX offers various tools to customers to help better manage the IoT networks (and specifically industrial IoT networks) they have in place, in particular around the concept of “digital transformation” and customers not just upgrading systems but getting a better grip on what they already have.

Among the functionality will be letting end users identify and connect with existing IoT assets across wider physical footprints (like factory floors); and then also identifying security issues and fix them within those footprints.

The idea will also be to use this as a springboard to upsell to other Microsoft services, for example Azure Sentinel to have a wider picture of how and where the IoT systems might interconnect with a company’s wider IT network — visibility that’s important for being able to identify vulnerabilities and their consequences.

As with Intel and its May acquisition of Israeli mapping startup Moovit (which it acquired just weeks ago for $900 million), Microsoft already had a relationship with CyberX: most recently, the two announced a deal in March of this year to integrate Microsoft’s Azure cloud platform into the CyberX ecosystem, so that CyberX customers using Azure could continue to have those services covered by CyberX’s security systems, along with the rest of their on-premises network activity.

Unlike Intel’s strategic relationship, it appears that Microsoft was not among CyberX’s investors: the startup had raised just under $48 million from backers that included Norwest Venture Partners, Qualcomm Ventures, Flint Capital, Glilot and OurCrowd, as well as individuals like Facebook’s Stan Chudnovsky and Gigi Levy-Weiss.

More generally, Microsoft’s been a prolific investor and acquirer in Israel, and recent cybersecurity-specific M&A have included purchasing AoratoAdallom, Secure Islands and Hexadite.

On the enterprise front, it’s also been making acquisitions big and small, with the most recently before this being the acquisition of a small outfit in the US called ADRM that had built extensive data-modelling maps for different industries (some 75 in all), useful for helping businesses visualise how and where data moves and where tech or human investments might be necessary within an organization. It, too, is becoming a part of the Azure machine.