Microsoft Acquires CyberX Focusing on Network Security Monitoring and Legacy Support

Two years ago, Microsoft laid out a few parameters regarding its future Internet of Things (IoT) digital security strategy and the company’s long-term commitment to enhancing Azure’s capabilities. More specifically, Microsoft outlined a US$5 billion investment plan between 2018 to 2024, an all-inclusive plan to tackle prominent IoT challenges with a clear focus on industrial settings and extending its list of IoT partners for Azure’s IoT suite across a wide application range for both private enterprises and governments. On June 22, 2020, the company made its latest addition to its IoT security strategy by finalizing the acquisition of CyberX, an innovative Israeli startup operating in industrial cybersecurity for approximately US$165 million.

Microsoft’s acquisition of CyberX is an excellent strategic step toward bolstering Azure’s IoT security capabilities in Industrial IoT (IIoT). Microsoft Azure already enjoys a widespread implementation across many key markets, from business Information Technology (IT) to industrial settings, and additional investments will only further cement its leading position going forward and keep the competition—mainly Amazon Web Services (AWS) and Google—on their toes. Two Microsoft VPs outlined the rationale behind this move and its two key objectives: first, to address network and device visibility concerns and second, to manage the security of brownfield devices.

Regarding the first objective, network visibility and security monitoring have emerged as a primary security feature in Industrial Control Systems (ICS) driven by the increased digitization demands. Microsoft has also extended its list of partners that offer similar security services for IoT, ICS, or Operational Technology (OT) (including healthcare) environments with companies like Attivo Networks, Firedome, CyberMDX, and SecuriThings. ABI Research has interviewed many organizations during the past two years that fit this profile. As it currently stands, network and security monitoring is the primary service offered by cybersecurity startups since it requires purely Artificial Intelligence (AI) and Machine Learning (ML)-focused investments with less risk than other industrial security options, and is therefore a great entry point to extend one’s market footprint and secure valuable partnerships with leading vendors. When involved with a cloud powerhouse like Azure IoT, this list of partners, combined with CyberX’s acquisition and Microsoft’s existing rapport with leading industrial vendors like Schneider Electric, will greatly enhance Azure’s capabilities in OT environments, create additional monetization options and pricing models (in this case based on device monitoring and legacy interoperability support), allow for greater flexibility for IoT device management, and shed light onto the untracked, hidden devices operating in industrial and healthcare markets.

Second, managing the security of brownfield devices is another prominent issue that the company chose to invest in and, in this case, its overarching plan extends far beyond the confines of IIoT. Regarding the recent acquisition, Microsoft states that “managing the security on existing IoT devices (referred to as ‘brownfield devices’) that have been historically difficult due to a myriad of custom protocols,” and goes on to mention that “one of the biggest hurdles for customers is securing IoT devices—both for new digitization initiatives as well as for legacy Operational Technology and industrial control system environments.” There is, however, another hidden aspect for managing brownfield devices and one that Microsoft is directly involved in: support for legacy devices and obsolete, unsupported versions of Windows Operating Systems (OS).

Microsoft is indeed a great innovator, with leading software products implemented across key high-value markets. However, the a) popularity of the Windows OS combined with b) the rapid industrial digitization and IoT demands and c) the industry’s dependence upon legacy communication protocols has exceeded Microsoft’s capacity to provide support for previous-generation devices with a significantly longer lifecycle (10+ years). This challenge can be found across key OT environments including manufacturing, chemical, oil and gas, healthcare, and in some cases even critical infrastructure and power plants. Multiple rounds of interviews with cybersecurity providers and IoT and industrial vendors revealed that many devices—including everything from ICS and industrial laptops for OT engineers to healthcare equipment and even Automated Teller Machines (ATMs)—still operate using obsolete versions of Windows OS.

Even though Microsoft has done its part over the years to alert customers and partners that it has pulled support for older versions with no additional firmware updates and companies should upgrade to later iterations of the OS, many industrial facilities still continue to run unsupported OS versions tied to legacy equipment. Interviewed ICS cybersecurity vendors mentioned, for example, that devices with Windows 2008 can still be found running on industrial floors worldwide. Microsoft’s recent turn toward legacy and brownfield devices will also aim to protect and transition long-life assets that are tied to inherently insecure OS and legacy protocols like Modbus and Distributed Network Protocol 3 (DNP3). Additionally, combined with the network visibility investment turn of its other key endeavor, this will allow for higher quality security monitoring and versatile IoT device and network monitoring options for greenfield versus brownfield devices and legacy versus next-generation IoT devices, while also bridging the gap between OT and IT security tools.

Microsoft is prudently planning to transition legacy equipment into the future and bridging the gap with obsolete, insecure technologies, OS versions, and legacy protocols. Although this latter aspect related to the protocols is virtually impossible to be solved by one company alone due to massive proprietary-owned protocols and severe legacy infrastructure dependence, it is still a step in the right direction. We are currently in the middle of the company’s US$5 billion IoT security investment plan and, at least in the near term, Azure IoT’s future is looking better with each passing quarter.