Windows Security

Microsoft Buys Hexadite to Toughen Windows Security

Microsoft on Thursday said it has agreed to buy a Hexadite, which incorporates artificial intelligence in its automated responses to cyberthreats.

Microsoft was in talks to buy the firm for US$100 million, according to earlier published reports. However, Microsoft and Hexadite did not disclose terms of the official agreement.

The acquisition will help bolster the company's efforts to help commercial Windows 10 customers deal with advanced attacks on their networks, Microsoft said. It currently offers Windows Defender Advanced Threat Protection to detect zero-day attacks, ransomware and other advanced threats, and the Hexadite technology will build on that.

The acquisition will include Hexadite's endpoint security automated remediation. Support for activations of WDATP, which currently protects 2 million devices, will continue.

"Our vision is to deliver a new generation of security capabilities that helps our customers protect, detect and respond to the constantly evolving and ever-changing cybersecurity landscape," said Terry Myerson, EVP of the Windows and devices group at Microsoft.

"Hexadite's technology and talent will augment our existing capabilities and enable our ability to add new tools and services to Microsoft's robust enterprise security offerings," he said.

Automation and Orchestration


"Hexadite is not detection technology," said Dan Cummins, senior analyst for security at 451 Research.

"Rather, it is incident response automation and orchestration, fed by data that originates -- usually -- on detection sensors or systems and then is processed by a SIEM, where it's correlated and perhaps enriched with other data, internal or external," he explained.

"Hexadite further enriches and prioritizes," Cummins told the E-Comerce Times.

"Their primary differentiation, I believe, is their belief in nearly full automation of investigation, response and closeout, even for complex incidents," he noted.

Good Fit


"Broadly speaking, IT vendors pursue acquisitions because buying existing technology is generally faster and cheaper than building it themselves," noted Charles King, principal analyst at Pund-IT.

"The technology being acquired should fit well within the buyer's strategy and skill sets. That's clearly the case here, given both companies' focus on and innovative work in proactive security services, AI, machine learning and the needs of enterprise customers," he told the E-Commerce Times.

"In addition, it helps if there are existing connections between the companies," King continued.

"One of Hexadite's early investors is Moshe Lichtman of Israel Venture Partners, who spent two decades as a senior executive with Microsoft, including five years running the company's Israel R&D center," he noted. "It doesn't require a stretch of the imagination to consider how Lichtman may have vetted and facilitated the deal."

Rapid Detection


Hexadite was cofounded in 2014 by CEO Eran Barak, Chief Product Officer Barak Klinghofer and CTO Idan Levin. The three executives previously worked at Elbit Systems, where Barak led the company's cybertraining and simulation team, Klinghofer was cybersolutions architect, and Levin was a cybersoftware engineer.

The founders developed a new ground-up method of rapid detection and response to cyberthreats after working on military and other threat scenarios.

"After seeing first hand how companies around the world investigated threats and anticipated a massive increase in subsequent alerts compounded by a global skills shortage, they knew that automation would be the only way security teams had a chance," said Nathan Burke, marketing director for Hexadite.

The company's Automated Incident Response Solution uses technology that is able to detect, investigate and respond to cyberthreats within minutes, compared to more traditional methods, which could take weeks to deal with similar situations.

Hexadite early last year received $8 million in series A funding from Hewlett Packard Ventures, Ten Eleven Ventures and YL Ventures, which also had invested in the company's seed round.

At the time, Hexadite had grown to protect more than 500,000 devices worldwide across various industries, based on initial seed money of about $2.5 million. Hexadite's customers include IDT, Nuance and Telit.

In connection with that early investment, Mark Hatfield, cofounder of Ten Eleven Ventures, joined the Hexadite board. Hatfield has a strong track record in the technology industry, with prior investments in Cylance, CounterTack, Trust Digital, Resilient Systems (CO3) and Digital Guardian.

Hexadite and HPE last year entered a reseller agreement, which [provided that Hexadite's AIRS technology would be offered in combination with HPE's Arcsite detection technology, using AI to manage cyberthreats.

The acquisition of Hexadite provides Microsoft with important resources for enterprise security based on AI, said Jim McGregor, principal analyst at Tirias Research.

"Hexadite appears to provide multiple benefits to Microsoft," he told the E-Commerce Times, including "a security service for enterprise and cloud solutions, customers for security services, and valuable IP and expertise for AI applications."

Automation/orchestration is a growing area in cybersecurity, noted Ed Cabrera, chief cybersecurity officer at Trend Micro.

Trend Micro earlier this year entered a partnership with CyberSponse to provide automated incidence response to cyberthreats, he told the E-Commerce Times.

Main Focus

The deal represents one of Microsoft's most important cybersecurity acquisitions since its 2015 purchase of Adallom, a specialist in cloud security, for about $250 million. Microsoft used Adallom's technology to bolster its ability to protect its Azure and Office 365 services from cyberthreats.

Dealing with security threats has been top of mind a Microsoft. The company was at the center of the massive Wannacry Ransomware attack in May, which hit more than 300,000 computers in at least 150 countries worldwide. The attack was linked to the Shadow Brokers' suspected theft of hacking tools -- originally developed by the National Security Agency -- that attacked legacy Windows systems that were not properly patched.

Microsoft earlier this year announced a series of upgrades to its enterprise security toolkit, including Azure SQL Database Threat Detection, which uses machine learning to find suspicious database activity; and Enterprise Threat Detection, which uses machine analytics and proprietary telemetry sources to monitor for advanced threats. The rollout was part of a $1 billion annual investment that Microsoft made in addressing security threat issues.

Microsoft has called for a Digital Geneva Convention, which would create a global regulatory system to manage cybersecurity issues.

Hexadite, which has a team of researchers in Tel Aviv, will be fully absorbed into Microsoft's Windows and Devices group at the close of the acquisition.

Source:

Comments