Cybereason, Rapid7 and Microsoft Announce AcquisitionsDeals Focus on Bolstering Security Capabilities
Meanwhile, the DevOps security firm Sysdig made a move to add infrastructure-as-code security to its portfolio.
Rapid 7's Deal
On Monday, Rapid7 announced it had purchased the external threat intelligence firm IntSights Cyber Intelligence Ltd. for approximately $335 million in cash and stock.
Rapid7 says it will merge Insight Cyber Intelligence's external threat intelligence capabilities with its community-based threat intelligence to create a unified view of the threat landscape.
Rapid7 plans to integrate IntSights' external threat intelligence segment with its own platform, which will help enable faster threat identification and remediation.
In addition, IntSights will boost Rapid7's XDR product line and enable the company to create a standalone threat intelligence product, Rapid7 says.
"By integrating IntSights' external threat intelligence capabilities into Rapid7's XDR solution, InsightIDR, we expect to provide security teams with expanded visibility and detections of internal and external threats across their traditional and modern environments - enabling them to quickly pivot into investigations, threat hunting and containment automation all within a unified experience," Rapid7 adds.
On Tuesday, Cybereason reported it had purchased the Tel Aviv-based security analytics company empow, but financial details were not released.
Cybereason says it will incorporate empow's predictive response technology with its current XDR offering.
On July 14, the company announced a $275 million investment by Liberty Strategic Capital, led by former Trump administration Treasury Secretary Steven Mnuchin.
"The deal was likely made possible as the equity markets have been kind to Cybereason," says Frank Dickson, program vice president at the market research firm IDC. "With employees based in Israel, the acquisition likely tucks in nicely to Cybereason."
Cybereason says the technology developed by empow will strengthen its ability to protect customers at the endpoint.
Empow's integration ability, Cybereason says, will allow it to accelerate its ability to integrate with more than 70 IT and security vendors, including firewall providers, email and web gateways, cloud infrastructure, threat intelligence vendors.
Dickson says empow will help fill a gap in Cybereason's toolbox.
"Cybereason's weakness is context. Empow's algorithms look to ascertain the intent of network infrastructure generated telemetry data and correlate that information to telemetry-based network context," he says.
Peter Firstbrook, research vice president at Gartner, notes that XDR is shaping up to be a very disruptive concept in the cybersecurity market.
“Every security vendor is trying to gain an edge in delivering the future security operations center for the mainstream market. Cybereason’s acquisition of empow enables it to improve its security analytics capability to enable better consolidated incident response capability," Firstbrook says. "The Rapid7 IntSights acquisition and the Microsoft acquisition of RiskIQ are an example of how XDR is evolving to include the consolidated visibility and attack surface hardening capability.”
Microsoft on Wednesday took a step to boost its cloud security and identity capabilities with the acquisition of the cloud infrastructure entitlement management firm CloudKnox Security. The company cited the growing need to improve this aspect of its portfolio because corporate infrastructure often spans multiple clouds. Terms of the deal were not disclosed.
"As a cloud service provider, Microsoft clearly sees the importance in identity, and furthermore in the functionality of CIEM to help bring more security and controls to their ecosystem," says David Mahdi, senior research director at Gartner. "However, core to the CloudKnox value proposition is “multi-cloud,” as they support AWS, Azure, and Google Cloud. Therefore, it is in Microsoft’s best interest to ensure that they maintain (and evolve) the multi-cloud functionality”
In other M&A activity this week, Sysdig on Tuesday announced its intent to acquire Apolicy, an Israel-based infrastructure-as-code, or IaC, security company. Financial details were not released.
Dickson says this is one of the first acquisition deals made to obtain IaC technology.
Sysdig says the Apolicy deal will help move its offerings "further left," helping to enable its customers to secure their DevOps cycle from build through production. The Apolicy product offering will be incorporated in of the Sysdig secure DevOps platform.
"Apolicy complements these capabilities by strengthening cloud and Kubernetes security with compliance and governance enforcement via policy as code, auto-remediation of drift to close the loop from production to source, and faster issue resolution with risk-based prioritization," Sysdig says.
Dickson notes that Apolicy complements Sysdig's other platform features, such as image scanning, runtime visibility, threat detection and response and regulatory compliance.
Apolicy executives, including the Maor Goldberg, CEO, Eran Leib, vice product management, and Shlomi Wexler, vice president of research and development, will join the Sysdig team.
Other Big Deals
In earlier M&A activity this month, NortonLifeLock acknowledged it was in talks to buy antivirus rival Avast.
Meanwhile, Microsoft announced a definitive agreement had been signed to buy RiskIQ, an attack surface management and threat intelligence firm.