IBM buys Randori to address multicloud security messes
Big Blue joins the hot market for infosec investment
RSA Conference IBM has expanded its extensive cybersecurity portfolio by acquiring Randori – a four-year-old startup that specializes in helping enterprises manage their attack surface by identifying and prioritizing their external-facing on-premises and cloud assets.
Big Blue announced the Randori buy on the first day of the 2022 RSA Conference on Monday. Its plan is to give the computing behemoth's customers a tool to manage their security posture by looking at their infrastructure from a threat actor's point-of-view – a position IBM hopes will allow users to identify unseen weaknesses.
IBM intends to integrate Randori's software with its QRadar extended detection and response (XDR) capabilities to provide real-time attack surface insights for tasks including threat hunting and incident response. That approach will reduce the quantity of manual work needed for monitoring new applications and to quickly address emerging threats, according to IBM.
Attack surfaces are expanding, IBM said, citing research from analyst outfit Enterprise Strategy Group (ESG) that found 67 percent of organizations expanded their external attack surface over the past two years. That growth came from increased use of clouds, third-party services, and the Internet of Things (IoT). The research also found that 69 percent of organizations were compromised via internet-facing assets.
"In this environment, it is essential for organizations to arm themselves with attackers' perspective in order to help find their most critical blind spots and focus their efforts on areas that will minimize business disruption and damages to revenue and reputation," Mary O'Brien, general manager of IBM Security, explained in a statement.
Perimeter 81 becomes a Unicorn
IBM's Randori announcement came the same day that Perimeter 81 – a network security startup that also launched in 2018 – reached unicorn status with a $100 million Series C funding round that lifted the total amount it has raised to $165 million and boosted its valuation beyond $1 billion. The company, which offers cloud-delivered services including zero-trust network access and firewall-as-a-service, has focused on the secure access service edge (SASE), but says its platform is more suited for the nascent secure service edge (SSE) space.
"To securely empower the modern workforce, we've built a highly intuitive platform that streamlines network security management and enables businesses to easily secure remote access, network traffic, and endpoint devices," co-founder and CEO Amit Bareket wrote in a blog post.
The two announcements are the latest examples of cybersecurity vendors working to secure organisations that adopt multicloud strategies and see their IT environments stretch beyond traditional datacenter into the cloud and out to the edge. They are looking for tools to shrink their attack surfaces and protect their far-flung data and applications.
- SentinelOne pays $617m for identity biz Attivo Networks
- Google's plan to win the cloud war hinges on its security aspirations
- Google buys threat intel giant Mandiant for $5.4bn
- UK gov blocks the acquisition of Welsh graphene fiddler Perpetuus Group over national security concerns
The demand for cybersecurity products and services only accelerated with the COVID-19 pandemic and the rapid shift to remote work. The drumbeat of acquisitions by established players looking to build more complete cybersecurity portfolios and the massive amounts of money being invested in startups further reflects the importance of the technologies.
Cybersecurity advisory firm Momentum Cyber in a report noted that in 2021 – which it described as a "landmark and record smashing year" – there was $77.5 billion in M&A volume in the cybersecurity space and $29.3 billion in private equity (PE) and venture capital (VC) investments.
"Right now, large companies are trying to buy security companies to build a portfolio and/or marketshare," John Bambenek, principal threat researcher at cybersecurity vendor Netenrich, told The Register in an email.
"We know there is 'big money' in cybersecurity because there are huge losses due to security incidents and, meanwhile, cyber insurance is pulling back and/or hiking premiums. At this point, it's like a 'curing cancer' problem. Whoever can figure it out will get all the money."
Many enterprises have mature cybersecurity postures, but they're still getting breached, Bambenek said, adding that the "metrics suck and aren't tied to the reality on the ground. The security industry isn't solving fundamental problems. Ten years in we still have ransomware."
Also at RSA
Also at RSA, CySafe, which was founded in 2014, announced Monday it closed a $28 million Series B round, bringing its total amount raised to $40 million. CySafe's software platform helps companies manage human cyber risks via security awareness and training.
Last week, JupiterOne, like Randori another startup in attack-surface management space, announced $70 million in Series C funding, driving the total amount raised to more than $119 million and – like Perimeter 81 – hitting a valuation of more than $1 billion.
Beyond Identity in February said it raised $100 million in Series C funding, bringing its valuation to $1.1 billon. Other companies announcing recent investments include Semperis ($200 million), Ordr ($40 million) and Seemplicity ($32 million). Meanwhile, an alliance announced Monday between Netskope and Deloitte to help joint customers adopt SASE comes less than a week after Netskope bought IoT security startup WootCloud.
Proofpoint has seen both sides of this. The cloud-based cybersecurity vendor was bought last year by venture capital firm Thoma Bravo for $12.3 billion and earlier this year acquired Dathena, a data security startup.
Netenrich's Bambenek said that given the current state of cyber threats, don't expect the hyperactive cybersecurity M&A and investment trends to slow anytime soon.
"Breaches and costs are increasing due to security failures," he opined. "It's known at the board level what the business risks to cybersecurity failures are and those costs are driving willingness to invest. That willingness means there is a bigger pool of money to fight for, which means the VC and PE crowd understand there is opportunity there." ®