News

Security Vendor Reportedly Bought by Microsoft

The company, Hexadite, is a security automation and orchestration provider.

• By Kurt Mackie
• 05/25/2017

Security can never be far from an IT administrator's mind. That was proved again recently with the WannaCry ransomware virus.

It's never far from Microsoft's mind either, which is why it has reportedly bought a security software vendor.

The company is Hexadite, for which Microsoft allegedly paid $100 million.

The agreement and price were mentioned in this Calcalist (Israel) press account, as cited in a Reuters story. However, there was no confirmation from Microsoft, with a spokesperson saying only that "the company has nothing to share at this time."

Three-year-old Hexadite has its headquarters in Boston, but its research and development facilities are located in Israel. The company makes a solution that automates the investigation and remediation aspects of addressing network breaches.

Hexadite was founded by three former members of an "elite intelligence unit of the Israel Defense Forces," according to the company's Web site. Its main product is the Hexadite Automated Incident Response Solution (AIRS), which was first launched in March of 2015.

AIRS works with other software security solutions to automatically apply remediation actions. Hexadite's partners include security solutions providers such as Carbon Black, Check Point, CrowdStrike, Cybereason, Cylance, Exabeam, Hewlett Packard Enterprise, Palo Alto Networks and Securonix.

Hexadite is described as a "security automation and orchestration" (SAO) provider in a Forrester Research report. The SAO market is described as a new space that started about three years ago, according to the report. Other vendors profiled in Forrester's SAO report include CyberSponse, Demisto, Phantom Cyber and Swimlane. The idea behind SAO solutions is that they can speed up investigation and remediation time following network security breaches.

One challenge for Hexadite is to get security and response professionals to accept that human investigators can be replaced by an automated process such as the AIRS product, according to Forrester's report. AIRS, described as "security middleware," is designed to model the actions of investigators.

Microsoft has its own post-breach analysis solution called the "Windows Defender Advanced Threat Protection" service. It uses machine learning to investigate network security breaches. It's primarily a forensics tool, but Microsoft had indicated back in December that remediation capabilities would be arriving in the Windows Defender Advanced Threat Protection service with the release of the Windows 10 "creators update." The Windows 10 creators update was released last month as a "current branch" test release for organizations.