Why Did Microsoft Acquire CyberX?
Dale Peterson
ICS Security Catalyst, Founder of S4 Events, Consultant, Speaker, Podcaster, Get my newsletter friday.dale-peterson.com/signup
The rumors started in February and became reality this week. Microsoft acquired CyberX. The price is not a material event for Microsoft. It will never be officially released. A recent article claimed the price was $165M, and I predicted it would be substantially less if it occurred based on the acquisition prices of fellow Tier 2 vendors Indegy and Sentryo.
Why Did Microsoft Acquire CyberX
Azure ... as Microsoft wrote:
CyberX will complement the existing Azure IoT security capabilities, and extends to existing devices including those used in industrial IoT, Operational Technology and infrastructure scenarios.
CyberX is a good fit for Microsoft. They had great tech and a strong technical team. All that ICS protocol and system understanding, existing code and ability to quickly spin up support for other ICS and IoT protocols is the value in this sale. Plus Microsoft had experience working with CyberX to integrate the CyberX solution into their Azure IoT Hub and Azure Security Center for IoT.
It was CyberX's operations/sales/marketing that held them back from being Top Tier in the ICS Detection Space. And since they weren't Top Tier, the acquisition price, even if it was $165M, was less than acquiring a Top Tier solution. CyberX's installed base was likely not of great importance to Microsoft.
So the CyberX technology will become a part of a Microsoft branded Azure IoT Edge / Azure IoT Hub offering, and the CyberX team will help Microsoft understand and develop what is needed for the higher end, ICS and IIoT, not IoT, customer in the Azure Security Center for IoT. How they will get the data that CyberX sensors detect to Azure is an open question, unless you believe the CyberX sensors will survive. I hope to get Microsoft on the podcast soon to discuss their ICS strategy.
The value of CyberX technology to Microsoft could be more valuable for moving ICS and IIoT contextual data into Azure than for security. For example, Azure IoT Edge now has support to read data via Modbus and OPC UA. They now have the ability to support a lot more ICS and ICS protocols to pull a lot more data into Azure. OSIsoft may have more to worry from this acquisition than Claroty, Dragos or Nozomi.
What This Means For Cyber X Customers
This is not good news if you had purchased and liked the CyberX offering. It makes no sense for Microsoft to continue this product as is. The market is way too small, particularly for the CyberX management GUI. (Note: Microsoft made the same decision back in 2007 when they considered a much more logical and compelling case for a special manufacturing version of Windows.) The sensors also are likely to go away, or perhaps Microsoft spins those off or makes the technology available as open source.
To be clear, CyberX states the complete opposite:
the platform will continue to be enhanced and supported by CyberX personnel. In addition, Microsoft is committed to the channel and will continue working with CyberX’s strategic reseller and technology partners worldwide. The CyberX platform will continue to be available in a hybrid model supporting both cloud-connected and air-gapped networks.
At 22:40 in the video below, I advise asset owners to make sure they tell executive management that whatever detection product is purchased today will need to be replaced in the next two to three years. Set appropriate expectations. Acquisitions are the main reason for this. What Cisco, Forescout, Tenable and now Microsoft want out of this technology is very different than what the niche OT detection vendor envisioned.
If you are a CyberX customer this is not the time to panic and rip it out. You have a solid solution in place. Use it, but probably don't deploy a significant expansion of the solution. The market will look different in 18 - 24 months. Use your deployed CyberX solution and understand how this type of technology fits into your detection and response strategy. And let the market sort itself more you decide on your next ICS detection solution.
Managing Partner at Optiv Inc
4 年It would be worth a discussion over the legacy risk Microsoft holds when much of the OT world still operates on WindowsXP or Win7. No, it would not fix the OS, but at least surround it in the best way possible. Cant see them ignoring that legacy problem for much longer.
OT Cyber Security Principal Consultant at Jacobs Engineering (BIAF)
4 年Hypothetically, if I'm a small utility poised to integrate CyberX within a month... what do I do now?
VP sales | IT\IoT\OT Network Security | Cyber Crime Expert | GTM Leader | M&A Expert | Board Member & Mentor | Strategic Thinker | Skipper | Innovation Enthusiast
4 年Dale Peterson Microsoft Azure Stack edge is something you missed in your analysis.. https://azure.microsoft.com/en-us/products/azure-stack/edge/
Providing visibility and security for customers OT & IOT environments
4 年Martin Tarala watch the video, very interesting.
SCADA Integration and Security Engineer
4 年If you liked CyberX because of what they do with IoT, then I think you'll be okay. Microsoft is also interested in IoT. The notion that gadgets will collect data about you and send things to their cloud (Azure) is REALLY attractive. But it needs to be secured and CyberX is good at that. For example, what if you could gather information about what oven temperatures people were using in their houses and when? You'd could make assumptions based upon time of cooking and temperature as to what people were doing. Then you could figure out what they'll be buying in the supermarket and what food based futures, such as wheat, that you should invest in. On the other hand, I don't think Microsoft cares as much about SCADA or ICS. So if you like CyberX for that, well, enjoy it now. I'm not sure I'd be as confident of that part of the company's future.