TodayMicrosoft announced that it has acquired Waltham, Massachusetts-based internet-of-things (IoT) and industrial control system (ICS) security vendor CyberX. While the purchase price was not disclosed, media reports are speculating that the purchase price was somewhere between $150–$165 million. Founded in 2013CyberX has raised $48 million in venture capital, so this deal provides a good return to investors.

CyberX’s core solution can monitor IoT and ICS environments (passively or actively) to obtain asset information, risk and vulnerability information, and real-time alerts about threats and malfunctioning operational equipment. The strategic intent behind the merger appears to be to expand the existing Microsoft Azure Security stack into ICS/operational technology (OT) environments.

These are our main takeaways from the Microsoft/CyberX deal:

  1. Large security vendors continue to expand into IoT and ICS security. This deal represents the fourth major acquisition of an ICS security vendor by a larger IT security vendor in the last 18 months, following Tenable’s purchase of Indegy in December 2019Cisco’s acquisition of Sentryo in August 2019, and Forescout’s purchase of SecurityMatters in November 2018. The total value of these deals exceeds $400 million. The Microsoft/CyberX combination is the latest (but likely not the last) attempt to go after this attractive market segment.
  2. Protecting critical infrastructure systems is a high-growth cybersecurity priority. The rise of cyberincidents against critical infrastructure providers, whether via ransomware targeting outdated Windows machines or ICS-specific malware environments, has increased the priority of ICS/OT cybersecurity, as well as interest from regulators and government agencies that monitor critical infrastructure. With CyberX, Microsoft now has a solution to compete in the ICS market against the large vendors mentioned in the previous bullet and other independent ICS security pure-plays such as Claroty, Dragos, and Nozomi Networks.
  3. This deal creates a faster on-ramp toward IT/OT convergence. With CyberX, Microsoft is increasing its capabilities to secure non-IT assets such as the industrial internet of things, SCADA, DCS, and more. Security operations centers moving to the new Sentinel SIEM platform will appreciate having all security logs in one place. At the 2020 RSA Conference, CyberX announced an API integration with Azure Security Center.
  4. This tech could also be used to improve the resiliency of Microsoft data centers. As enterprises demand more resiliency from their cloud providers, data centers are becoming more like industrial facilities and require additional visibility and protection of OT components used in those data centers. So while the CyberX acquisition will enable Microsoft to address customers’ OT/ICS use cases, Microsoft could also leverage the same tech internally to enhance visibility and resiliency of its data centers.

Forrester expects that the success of this acquisition will hinge on the following factors:

  • How well can Microsoft integrate the CyberX offering into its existing solutions?
  • How well can Microsoft position this offering to a single enterprise buyer? ICS/OT initiatives are often managed outside of IT security, so Microsoft will need to build relationships within these users, which are often outside of Microsoft’s traditional IT buyer.

You can also read more about the ICS security vendor landscape in our 2019 report, “New Tech: Industrial Control Systems (ICS) Security Solutions, Q1 2019.”