News

Report: Microsoft Acquiring Security Firm for $100 Million

• By Kurt Mackie
• May 25, 2017

Update, 6/8: Microsoft has confirmed that it is acquiring Hexadite for an undisclosed amount. Hexadite's remediation technology will be added to Microsoft's Windows Defender Advanced Threat Protection service and the Hexadite team will become part of Microsoft's Windows and Devices Group. The original article follows.

Microsoft is in the midst of acquiring 3-year-old software security firm Hexadite for $100 million, according to reports.

The acquisition deal and price were mentioned in this Calcalist (Israel) press account, as cited in a Reuters story Wednesday. However, there was no confirmation from Microsoft, with a spokesperson saying only that "the company has nothing to share at this time."

Hexadite has its headquarters in Boston but its research and development facilities are located in Israel. The company makes a solution that automates the investigation and remediation aspects of addressing network breaches.

Hexadite was founded by three former members of an "elite intelligence unit of the Israel Defense Forces," according to the company's Web site. Its main product is the Hexadite Automated Incident Response Solution (AIRS), which was first launched in March of 2015.

AIRS works with other software security solutions to automatically apply remediation actions. Hexadite's partners include security solutions providers such as Carbon Black, Check Point, CrowdStrike, Cybereason, Cylance, Exabeam, Hewlett Packard Enterprise, Palo Alto Networks and Securonix.

Hexadite is described as a "security automation and orchestration" (SAO) provider in a Forrester Research report. The SAO market is described as a new space that started about three years ago, according to the report. Other vendors profiled in Forrester's SAO report include CyberSponse, Demisto, Phantom Cyber and Swimlane. The idea behind SAO solutions is that they can speed up investigation and remediation time following network security breaches.

One challenge for Hexadite is to get security and response professionals to accept that human investigators can be replaced by an automated process such as the AIRS product, according to Forrester's report. AIRS, described as "security middleware," is designed to model the actions of investigators.

Microsoft has its own post-breach analysis solution called the "Windows Defender Advanced Threat Protection" service. It uses machine learning to investigate network security breaches. It's primarily a forensics tool, but Microsoft had indicated back in December that remediation capabilities would be arriving in the Windows Defender Advanced Threat Protection service with the release of the Windows 10 Creators Update. The Windows 10 Creators Update was released last month as a "current branch" test release for organizations.