Microsoft To Acquire RiskIQ In Zero Trust Security Push

The planned acquisition of RiskIQ, which specializes in attack surface management and threat intelligence, comes as customers ‘embrace the concept of Zero Trust,’ Microsoft said in its announcement.


Microsoft on Monday announced a deal to acquire attack surface management firm RiskIQ to bolster the tech giant’s capabilities around providing security across both cloud and on-premises environments.

Microsoft did not disclose the financial terms of the acquisition, but a Bloomberg report said the acquisition of RiskIQ will have a price tag of $500 million, and will be a cash deal. CRN has reached out to Microsoft for comment.

[Related: 5 Things To Know About Microsoft’s Windows 11 Security Strategy]

Sponsored post

The planned acquisition comes as Microsoft is seeking to enable “zero trust” security for its customers, based around the principle that no user should be trusted by default since they could be compromised.

“As organizations pursue this digital transformation and embrace the concept of Zero Trust, their applications, infrastructure, and even IoT applications are increasingly running across multiple clouds and hybrid cloud environments,” wrote Eric Doerr, vice president for cloud security at Microsoft, in a blog post announcing the RiskIQ acquisition deal. “Effectively the internet is becoming their new network, and it’s increasingly critical to understand the full scope of their assets to reduce their attack surface.”

RiskIQ’s technology enables the discovery and assessment of a customer’s security across the entire attack surface, including “in the Microsoft cloud, AWS, other clouds, on-premises, and from their supply chain,” Doerr wrote.

“With more than a decade of experience scanning and analyzing the internet, RiskIQ can help enterprises identify and remediate vulnerable assets before an attacker can capitalize on them,” he wrote.

The San Francisco-based company also provides threat intelligence that is crowdsourced from security researchers and then analyzed with machine learning technologies.

“The combination of RiskIQ’s attack surface management and threat intelligence empowers security teams to assemble, graph, and identify connections between their digital attack surface and attacker infrastructure and activities to help provide increased protection and faster response,” Doerr wrote in the blog post.

The planned acquisition also comes amid the rise of ransomware attacks and in the wake of the massive SolarWinds hack, which have ensnared Microsoft and its platforms in numerous ways. The past year, in particular, has seen Microsoft get far more vocal and aggressive around the need for increasing security.

In a separate blog post, RiskIQ CEO and founder Lou Manousos said that company’s community of security researchers has reached more than 100,000 professionals who “we’re excited to have as partners in this journey. We’ll continue to support, nurture, and grow this community with Microsoft.”

RiskIQ will also “continue to grow and work with the valued members of our Interlock Partner Program,” Manousos said.

Ultimately, the company is joining Microsoft “to extend and accelerate our reach and impact,” he said.