Microsoft recently announced its US$165 million acquisition of CyberX, an industrial cybersecurity startup specializing in managing Internet of Things (IoT) and Operational Technology (OT) networks and devices (notably for critical infrastructure, such as SGN, Adani Power, IDE Americas, among others). The move will bring CyberX under Microsoft’s IoT Azure offerings, where it already provides multi-layer IoT security—secure hardware, secure Operating System (OS), and secure cloud onboarding and management through Azure Sphere—and IoT security monitoring with Azure Sentinel, Microsoft’s Security Information and Event Management (SIEM)/Security Orchestration Automated Response (SOAR) solution.
The Race for Market-Leading Industrial Cybersecurity
|
IMPACT
|
The acquisition allows Microsoft to expand its IoT security offerings and cover brownfield implementations in addition to the latest generation of connected devices. This means that the tech firm can now provide security coverage for legacy industrial control systems including high-value markets like critical infrastructure—a hot market for digitization. CyberX already integrates with many existing network security solutions including IBM Security, Cisco Systems, Palo Alto Networks, Splunk, and now Azure Sentinel. Microsoft can now claim to provide comprehensive IoT/OT security across the board, beyond the limitations of Azure Sphere, which is restricted to newer IoT devices. For industries undergoing digitization, Microsoft will now appear as an ideal security provider: one that can help clients visualize, secure, manage, and monitor both smart and legacy devices.
Industrial cybersecurity is becoming an increasingly crowded market. Invested in primarily by startups and defense contractors, a move is being made by Information Technology (IT) and tech vendors to stake their claim in this quickly digitizing industrial real estate. Cisco is a notable example, and one with which Microsoft is now directly competing. Cisco acquired French outfit Sentryo in 2019, which has now been folded into the Cisco Cyber Vision platform. Sentryo brought asset visibility and cybersecurity solutions for industrial control systems to Cisco, enabling it to fold it in with its vast portfolio and expertise in networking and offer secure network management of both legacy and newer Industrial IoT (IIoT). However, it is lacking what Microsoft now brings to the table with its Azure Sphere portfolio: device-level hardware-based secure elements as well as deep cloud connectivity. Not only can Microsoft now provide network security for industrial contexts with CyberX, it can also provide a hardware root of trust at every individual device level for fine-grained Identity and Access Management capabilities through Azure Sphere. It remains to be seen how integration with other cloud providers by Microsoft will be enabled to ensure the widest possible flexibility for clients.
OT Cybersecurity: The Missing Scion
|
RECOMMENDATIONS
|
Providing digital security for IoT, and securing greenfield operations, is becoming easier, with a wide range of solutions for many different verticals now available in the market. Digitization is the key strategy for many industrial stakeholders, but the perennial problem is one of securing the brownfield as it transforms itself into a smart infrastructure (legacy devices, decades-old operating systems, un-updatable firmware, air-gapped networks, proprietary protocols, the list goes on). The acquisition is further evidence of Microsoft targeting the industrial vertical following the acquisition of Affirm Networks and their work with Rockwell and PTC on Factory insights as a service, as discussed in ABI Research’s PTC, Rockwell, and Microsoft Create Factory Insights as a Service Joint Offering (IN-5850) Application Analysis Report.
The first steps to managing them have been to first identify and then securely connect them. Many great startups have excelled at this first stage. The second is longer in coming: applying security policies, provisioning and onboarding them onto networks/platforms, troubleshooting security events and responding to incidents. All of these functions are still slow to come to market, with stakeholders having to go through all the control systems currently in use in industrial applications, which can vary significantly by country and vertical, one by one.
Whether using agent-based technologies or gateways to analyze network traffic, the market is only now starting to deliver comprehensive industrial cybersecurity solutions—i.e., ones that can effectively visualize all OT and Industrial Control Systems (ICS), provide secure management features, and integrate them into broader IT and cybersecurity platforms. The tech vendors see the space as ripe for acquisition—an opportunity to round out their IoT and IIoT security offerings with that OT security piece to provide a truly converged cybersecurity platform. MSFT will need to continue to build relationships with SIs as they are often the gatekeeper for the introduction of new technologies on factory floors. Azure is the anchor solution and the other capabilities cement the firm in the manufacturing space.
