Looking to strengthen its position in cloud security, Microsoft on Monday announced a definitive agreement to acquire RiskIQ, a cloud-based threat intelligence and attack surface management vendor best known for its PassiveTotal product.
In a blog post, Eric Doerr, vice president of Microsoft Cloud Security, said companies need better visibility into their assets and exposure to the internet, regardless if they run in multi-cloud or hybrid cloud environments – and understanding that exposure and how to reduce bad actors from exploiting those vulnerabilities has become paramount in the new hybrid work model.
Doerr said with more than a decade of experience scanning and analyzing the internet, RiskIQ helps enterprises identify and remediate vulnerable assets before attackers can capitalize on them. He said the combination of RiskIQ’s attack surface management and threat intelligence lets security teams assemble, graph and identify connections between their digital attack surface and the infrastructure and activities of the attacker, providing increased protection and faster response.
This acquisition further illustrates Microsoft’s commitment to the security market, said Peter Firstbrook, a research vice president with Gartner who covers security.
“It gives them additional global telemetry on the attack landscape to improve their protection capability, and provides an attack surface management product that helps organizations inventory internet-facing assets and identify risks,” he said.
Frank Dickson, program vice president for security and trust at IDC, added that RiskIQ gives Microsoft an opportunity to extend digital defense to the external attack surface and to incorporate threat hunting and threat intelligence capabilities into their portfolio. He said it also enhances Microsoft’s ability to create a vocabulary of communication between the CEO, the CISO, the CFO and the CIO.
“CISOs like to use metrics that relate to activity: number of alerts addressed, mean time to respond, mean time to remediate, and dwell time,” said Dickson. “CFOs are looking for metrics associated with risk and security posture. Essentially, CFOs want to know if the organization is ‘safe.’ The best practice is to establish a set of metrics of risk that communicate the needed information. This does not mean that the CISO teaches the CFO all about cybersecurity. It means that a CISO changes the manner in which he or she communicates. There are a number of risk scoring metrics that can help. RiskIQ helps.”