Microsoft has agreed to acquire RiskIQ, a security software maker, as the tech giant tries to expand its products and better protect customers amid a rising tide of global cyberattacks, according to people familiar with the matter.
The deal will be announced as soon as the next few days, said the people, who asked not to be identified speaking about an acquisition that isn’t yet public. Microsoft will pay more than US$500-million in cash for the company, one of the people said.
San Francisco-based RiskIQ makes cloud software for detecting security threats, helping clients understand where and how they can be attacked on complex webs of corporate networks and devices. Its customers include Facebook, BMW, American Express and the US Postal Service, according to the company’s website.
Known for its annual report on security called the “Evil Internet Minute”, RiskIQ has raised $83-million from firms like Summit Partners and Battery Ventures, according to Crunchbase. It was founded in 2009.
A spokesman for Microsoft declined to comment and RiskIQ didn’t immediately respond to a request for comment. Microsoft has been adding security features to products like Windows and its Azure cloud services to protect individual machines and detect attacks on networks. The company has also added personnel who probe Microsoft’s own products for vulnerabilities, help clients clean up after a cyberattack, and runs a lab called the Microsoft Threat Intelligence Centre that closely tracks nation-state hackers.
Acquisitions
The software maker has also acquired several companies to expand its security capabilities. Last month, Microsoft bought ReFirm Labs, a maker of technology to secure Internet of things devices, for an undisclosed amount. In a blog post announcing the deal, the company said it has 3 500 employees working on security at Microsoft and a mission to help protect customers “from the chip to the cloud”.
Microsoft and the rest of the US technology industry, as well as companies and government agencies, have also spent the past eight months grappling with a series of damaging and widespread cyberattacks. This month, hackers launched a mass ransomware attack that exploited multiple previously unknown vulnerabilities in IT management software made by Kaseya. In March, hackers linked to China used flaws in the code of Microsoft Exchange to break into tens of thousands of organisations, and in an attack disclosed in December, suspected Russian hackers compromised popular software from Texas-based firm SolarWinds, inserting malicious code into updates for SolarWinds software. — Reported by Katie Roof and Dina Bass, (c) 2021 Bloomberg LP