Why Microsoft acquired RiskIQ

Sheila Zabeu -

July 22, 2021

Microsoft recently acquired cybersecurity software developer RiskIQ. The transaction did not have its value disclosed by the company, however, according to Bloomberg, which cited sources familiar with the acquisition, $500 million in cash was paid for RiskIQ.

According to Microsoft, RiskIQ can provide threat intelligence gathered from the Internet through its PassiveTotal community of security researchers and analyzed by machine learning systems. This intelligence from RiskIQ can be exploited to understand context about the origin of attacks and have clues to the compromise in order to neutralize attacks quickly. How Microsoft will integrate RiskIQ’s technology into its product portfolio has not yet been revealed in detail.

RiskIQ’s services and solutions will join Microsoft’s suite of native cloud security products, including Microsoft 365 Defender, Microsoft Azure Defender, and Microsoft Azure Sentinel, said Eric Doerr, vice president of cloud security at Microsoft.

RiskIQ’s services include global threat intelligence gathered through the PassiveTotal community. The company uses machine learning applications to analyze threats and “gain context about the source of attacks, tools, and systems, and indicators of compromise to quickly detect and neutralize attacks,” Doerr explains.

RiskIQ was not the first nor will it be the last cybersecurity company acquired by Microsoft. In an interview with SDxCentral, Frank Dickson, vice president at IDC, said that this transaction reaffirms Microsoft’s emphasis on ensuring security resilience in its offerings. We are seeing this movement of acquisitions as Microsoft looks to improve its posture and take security more and more seriously.

Prior to RiskIQ, Microsoft’s most recent acquisition in the cybersecurity field was ReFirm Labs, developer of the open-source Binwalk software used to analyze and reverse engineer firmware images, often in search of flaws and vulnerabilities in IoT devices or other systems with embedded firmware. According to Microsoft, the intention is to use Binwalk to drive advances in the company’s current security capabilities and thus help protect IoT and OT devices through Azure Defender for IoT, which has been enhanced with technologies from CyberX, another recently acquired company.

Microsoft’s own products have fallen victim to recent massive attacks. In March 2021, Exchange servers had vulnerabilities exploited by hackers, which were described in a Microsoft Security Response Center (MSRC) publication. Coincidence or not, Microsoft illustrated the scope of the attack using RiskIQ’s own telemetry.

Back in June, as a result of Microsoft’s ongoing investigations into cyberattacks, the company identified that a customer service employee’s computer had been hacked. Customer data was stolen, and attacks were targeted at least three organizations using password spraying and brute force techniques against login servers.

Microsoft’s investigations to identify the authors of attacks associated with its name have also helped other companies. In July, Microsoft notified SolarWinds of zero-day vulnerabilities found in the Serv-U Managed File Transfer Server and Serv-U Secured FTP products that could be exploited to remotely execute arbitrary code with privilege.