Microsoft has acquired security company CyberX in a bid to extend security to more devices in industrial settings. The move to bolster its cybersecurity offerings in the Azure portfolio comes as experts warn that industrial processes are going to be the focus of attacks in the coming years in large part because there are many opportunities for hackers to wreak havoc.
Microsoft said that it has devoted significant resources to building out the Azure cloud services IoT capabilities, particularly in the realm of secure configuration and monitoring of devices. That said, executives wrote in a blog post that customers face two key challenges still:
– “Giving customers visibility into what IoT devices are already connected to their networks.
– Managing the security on existing IoT devices (referred to as “brownfield devices”) that have been historically difficult due to a myriad of custom protocols.”
CyberX’ technology is aimed at solving those issues by conducting device inventory and giving customers a digital map of those devices, whether they are on a factory floor or within a building. CyberX can then show customers a list of assets and vulnerabilities. Microsoft said visibility into assets is critical for being able to mitigate security risks and enable smart manufacturing, smart grid and other digital transformation initiatives.
Microsoft noted some areas where CyberX would be further integrated more broadly into its product portfolio with threat protection that span users, endpoints, applications, data and more. The company cited Azure Sentinel, Microsoft’s cloud-native security information and event management (SIEM)/security orchestration, automation and response (SOAR) as an example where a built-in IoT security workload would allow SecOps personnel to identify threats that span Operational Technology- and IT-converged networks that were previously challenging to detect.
Microsoft’s acquisition follows on the heels of warnings from several recent research reports about IoT security issues. The Information Security Forum (ISF) in its latest annual forecast report Threat Horizon 2022, for example, noted that edge computing for IoT industrial processes will be the main attack target because it provides multiple points of failure, while business continuity and disaster recovery plans will suffer from frequent extreme weather events. Older and unpatched IoT devices that are still connected to the network will also make great entry points for hackers.
In 2019, the global IoT security market was valued at $10.2 billion, and it is forecast to grow at $40.7 billion by 2025, with a CAGR of nearly 26% in the given timeframe.
Azure | device edge | IIoT | security | sensors | SIEM | SOAR