News

Microsoft Acquires SaaS Security Firm RiskIQ

• By Kurt Mackie
• July 13, 2021

In a move aimed at strengthening its cyberthreat protection capabilities, Microsoft this week announced it it is acquiring San Francisco-based RiskIQ.

The terms and closing details of the deal also weren't mentioned, although a Bloomberg article called it a "$500 million in cash" transaction, citing an anonymous source.

RiskIQ, founded in 2009, provides software-as-a-service security solutions for organizations. It has "built a strong customer base and community of security professionals who we will continue to support, nurture, and grow," Microsoft's announcement indicated. "RiskIQ's technology and team will be a powerful addition to our security portfolio to best serve our mutual customers."

RiskIQ's security community "has grown to more than 100,000 security professionals," according to Lou Manousos, RiskIQ's CEO, in an announcement acknowledging the acquisition. In addition, RiskIQ has partnerships with "hundreds of the Global 2,000" companies.

Manousos suggested that RiskIQ's solutions would be integrated into Microsoft's offerings.

"We'll work closely with our customers as we integrate RiskIQ's complementary data and solutions with Microsoft's Security portfolio to enable best-in-class solution attack surface visibility, threat detection, and response," he said.

RiskIQ has more than 160 employees, and counts more than 80,000 security analysts and more than 300 enterprises among its customers, per a company overview document (PDF download). Its approach to security is to track threat information outside organizations. To that end, it scans more than 730 billion Web pages per year and collects more than 300 million domain records, according to its company landing site description.

RiskIQ offers products to assess an organization's overall attack surface, including the risks of being subject to malicious JavaScript injection attacks and information skimming. It offers forensic tools for discovering attacks and threats, plus there are automated monitoring and remediation solutions.

How the acquisition would affect organizations currently using RiskIQ products wasn't mentioned. However, it seems that RiskIQ products are getting integrated into Microsoft's solutions at some point.

Last month, Microsoft announced the acquisition of ReFirm Labs, a provider of Internet of Things (IoT) and edge device security solutions. The ReFirm Labs buy was said to bolster IoT security capabilities that Microsoft had acquired when it bought CyberX the year before. While the RiskIQ purchase is yet another security company addition for Microsoft, it's centered more on cloud and Internet security.