Microsoft today announced it is buying CyberX, developer of a platform to protect industrial control systems. Terms of the deal weren’t disclosed, but TechCrunch reports it’s around $165 million. The acquisition shores up Microsoft’s strategic positioning in the autonomous systems market, which it entered in 2018 with its purchase of Bonsai (now Project Bonsai). The Project Bonsai team applies AI to industrial control systems across markets, and CyberX’s technology promises to shield those control systems from cyberattacks.
“CyberX will complement the existing Azure IoT security capabilities and extends to existing devices, including those used in industrial IoT, operational technology, and infrastructure scenarios,” said Microsoft’s cloud and AI security CVP Michal Braverman-Blumenstyk and Azure IoT CVP Sam George in a blog post. “With CyberX, customers can discover their existing IoT assets and both manage and improve the security posture of those devices.”
Connected control systems help manage everything from electrical substations to fleets of robots, but they’re largely unprotected. According to a survey by Kaspersky, only 23% of respondents said their infrastructure was compliant with regulations, and 2017 saw a 29% uptick in industrial control system vulnerabilities.
UpWest Labs graduate CyberX, which was cofounded in 2012 by Omer Schneider and Nir Giller (both veterans of the Israeli Defense Forces’ elite cyber unit), aims to stop attacks with a platform that continuously monitors any control system. The company employs tech it calls industrial finite state modeling (IFSM) to identify deviations from normal behavior, in part through a deterministic, sequential view of system states and transitions. In this way, CyberX is able to spotlight protocol violations that might indicate active exploitation of a vulnerability and recognize signs of both generic and targeted malware.
CyberX also employs heuristics to suss out atypical machine-to-machine communications and flag problems like the intermittent connectivity that precedes equipment failure. The company’s solution supports a range of control systems and protocols from vendors such as Rockwell Automation, Schneider Electric, Siemens, and GE, and it doesn’t lean on rules or prior knowledge of environments. Moreover, it can be deployed as either a virtual or physical appliance, and it doesn’t directly impact the networks over which it’s deployed. It also integrates with existing IT security stacks like those supplied by Splunk, IBM Security, Palo Alto Networks, Cisco, RSA NetWitness, and ServiceNow.
CyberX claims it can deliver insights in less than an hour, on average. Prior to the acquisition, its clients included two of the top five U.S. energy providers, a top five global pharmaceutical company, a top five U.S. chemical company, and national electric and gas utilities across Europe and Asia-Pacific.
“Nir and I founded CyberX with the goal of delivering a scalable solution that would be easy to deploy and reduce risk for enterprises worldwide,” said Schneider, who serves as CEO, in a blog post announcing the deal. “We’re thankful to our loyal customers and partners, as well as to our dedicated employees whose innovation and hard work made it possible for us to reach this important milestone, and also to our investors for their ongoing support.”
CTO Giller added: “By joining forces with Microsoft, we will rapidly scale our business and technology to securely enable digital transformation for many more organizations. Together, CyberX and Microsoft provide an unbeatable solution for gaining visibility and a holistic understanding of risk for all IoT and OT devices in your enterprise.”
Waltham, Massachusetts-based CyberX employs 164 people and had raised $48 million prior to the acquisition. That includes $18 million secured in a strategic funding round led by Qualcomm Ventures and Inven Capital.
Microsoft’s purchase of CyberX follows a number of other cybersecurity buys in recent years. In June 2017, Microsoft snatched up security orchestration and automation provider Hexadite for a reported $100 million. In September 2015, Microsoft bought Adallom, a cloud access security broker, for over $320 million. And in November 2014, the tech giant acquired hybrid cloud security startup Aorato for an estimated $200 million.
Broadly speaking, IoT cybersecurity has been a popular acquisition target this year, in spite of the economic downturn. In February, Advent International agreed to purchase Forescout for $1.9 billion, less than two years after the company’s initial public offering. And in January, Insight Partners purchased unmanaged device security startup Armis at a $1.1 billion valuation.