by Jared Weiner | 06/24/2020

What Happened?

Following months of speculation, Microsoft, announced on Monday its acquisition of CyberX, a cybersecurity startup that provides a continuous monitoring and vulnerability management platform built for OT networks. Terms of the deal were not officially disclosed, though several media outlets, including TechCrunch, reported the acquisition will cost Microsoft approximately $165 million.

VDC’s View

Microsoft made waves in early 2018 when it announced its intention to invest $5B to reinvigorate its IoT and intelligent edge strategy, pledging to expand its partner ecosystem and develop a wide range of new IoT tools, solutions, and services. The acquisition of CyberX underscores Microsoft’s commitment to this strategy and bolsters the exisiting cybersecurity capabilities Microsoft offers under the Azure IoT umbrella.

Though industrial implementations make up only a small portion of Microsoft’s broader IoT strategy, the company was still among the leading suppliers of software platforms for the industrial IoT, as noted in VDC’s recently-published study The Global Market for Industrial IoT Platforms. By integrating CyberX’s OT cybersecurity technology within Azure IoT, Microsoft can significantly boost the viability of its IoT platform in manufacturing and other industrial environments. The addition of the CyberX team itself further strengthens the in-house expertise Microsoft can provide to its customers and ecosystem partners.

Of course, this acquisition will also have a considerable impact on the market for industrial cybersecurity solutions, a particularly dynamic space that has been shaped by a number of acquisitions and high-profile partnerships in recent years. Of note:

• Claroty and Rockwell Automation announced a global partnership centered on the former’s anomaly detection software (February 2017). Rockwell would later be among those participating in Claroty’s Series B funding, along with Schneider Electric, Siemens, and others (June 2018).
• 
  Honeywell acquired ICS security supplier Nextnine (June 2017) and later announced the launch of a new security consulting program called CyberVantage Security Consulting Services (October 2018).
• 
  Forescout Technologies acquired SecurityMatters to extend its ICS security capabilities (November 2018).
• 
  Nozomi Networks and Schneider Electric announced a global partnership to secure and protect critical infrastructure. (January 2018).
• 
  Dragos, Inc. acquired NexDefense and subsequently released NexDefense’s asset discovery and identification tool as part of a free-to-use community toolset, Dragos Community Tools. (March 2019).
• 
  Tenable, Inc. acquired Indegy to add industrial cybersecurity to its portfolio of “cyber exposure” solutions. (December 2019)

In announcing this acquisition, Microsoft emphasized its focus on integrating CyberX’s technology within its broader suite of IoT and cybersecurity solutions. The company’s long-term intentions for CyberX as a standalone offering, however, are less clear. As such, the implications of this acquisition within the market for industrial cybersecurity solutions will manifest as Microsoft’s long-term strategy for the CyberX brand unfolds.

Looking Ahead

Cybersecurity has become a particularly critical element of industrial organizations’ Industry 4.0 journey. As high-profile breaches make headlines and raise awareness across all areas of industry, manufacturers and other operators have become increasingly proactive in addressing the security of their OT systems. Consequently, ICS-focused cybersecurity startups will remain attractive acquisition targets for larger players in a number of adjacent technology markets.

VDC explored these topics and more in our recently published reports, The Global Market for Industrial Cybersecurity Software & Services and The Global Market for Industrial IoT Platforms. Please visit our website or contact us for more details!