Katie Roof and Dina Bass (Bloomberg) -- Microsoft Corp. said it has agreed to acquire RiskIQ, a security software maker, as the tech giant tries to expand its products and better protect customers amid a rising tide of global cyberattacks.
The company announced the deal Monday on its web site and didn’t disclose terms. Bloomberg on Sunday reported the purchase, citing people familiar with the matter. Microsoft is paying more than $500 million in cash for the company, said one of the people, who declined to be named discussing confidential matters.
San Francisco-based RiskIQ makes cloud software for detecting security threats, helping clients understand where and how they can be attacked on complex webs of corporate networks and devices. Its customers include Facebook Inc., BMW AG, American Express Co. and the U.S. Postal Service, according to the company’s web site.
Known for its annual report on security called the “Evil Internet Minute,” RiskIQ has raised $83 million from firms like Summit Partners and Battery Ventures, according to Crunchbase. It was founded in 2009.
Microsoft has been adding security features to products including Windows and its Azure cloud services to protect individual machines and detect attacks on networks. The company has also added personnel who probe Microsoft’s own products for vulnerabilities, help clients clean up after a cyberattack and run a lab called the Microsoft Threat Intelligence Center that closely tracks nation-state hackers.
The software maker has also acquired several companies to expand its security capabilities. Last month, Microsoft bought ReFirm Labs, a maker of technology to secure Internet of Things devices, for an undisclosed amount. In a blog post announcing the deal, the company said it has 3,500 employees working on security at Microsoft and a mission to help protect customers “from the chip to the cloud.”
Microsoft and the rest of the U.S. technology industry, as well as companies and government agencies, have also spent the past eight months grappling with a series of damaging and widespread cyberattacks.
This month, hackers launched a mass ransomware attack that exploited multiple previously unknown vulnerabilities in IT management software made by Kaseya Ltd. In March, attackers linked to China used flaws in the code of Microsoft Exchange to break into tens of thousands of organizations, and in a breach disclosed in December, suspected Russian hackers compromised popular software from Texas-based firm SolarWinds Corp., inserting malicious code into updates for SolarWinds software.