Microsoft Acquires CyberX to strengthen Azure’s IIoT

Photo above: CyberX’ CEO Omer Schneider (left) and the CTO Nir Giller

Microsoft announces it is acquiring CyberX from Herzliya, Israel, to help solve IoT security and IoT security monitoring challenges in Mocrosoft’s cloud service, Azure. CyberX will complement the existing Azure IoT security capabilities, and extends to existing devices including those used in industrial IoT, Operational Technology and infrastructure scenarios.

The announcement came four months after CyberX Announces Integration with Microsoft Azure Security Center for IoT. The combination of CyberX’s agentless security platform and Azure Security Center for IoT provides comprehensive IoT device protection and zero trust security for organizations seeking to reduce risk from enterprise IoT threats as well as from industrial IoT, Smart Buildings, Smart Retail, and more.

CyberX provides industrial cybersecurity platform for continuous, non-invasive risk assessment and M2M anomaly detection inside ICS and SCADA systems. The company was founded in 2013 by Omer Schneider and Nir Giller, both veterans of an elite IDF cybersecurity unit charged with securing Israel’s national critical infrastructure. CyberX has successfully deployed its continuous ICS threat monitoring and risk mitigation platform in Global 2000 enterprises across critical infrastructures, including energy & utilities, pharmaceuticals, chemicals, oil & gas, and manufacturing.

In a message to employees in the company’s blog, Omer Schneider and Nir Giller wrote that the move enables a unified IT/OT security. “We’ll be part of the business unit managed by Yuval Eldar, Microsoft GM of IoT Security, and in worldwide sales, we’ll be working with the Cybersecurity Solutions Group (CSG).” CyberX’ platform, XSense, acts as an invisible layer that covers the operational technology network, modeling it as a state machine.

Once plugged in, XSense commences the Collection stage: It performs Deep Packet Inspection and extracts the devices of the network, and the different patterns that are used and operational processes. Than it begins the analysis stage: XSense constructs the network’s State Machine during learning mode and once in operational mode, it knows whenever the Network is in each particular state.

Once a new state is introduced, a classification process takes place. Based on multiple signals that are fed into the XSense algorithm, during the Collection and Analysis stages, XSense determines whether the new state is malicious or operational. Than the a definition of a new state as malicious or operational generates an alert that is delivered in real-time to the network operator.