Microsoft Said To Be Buying Hexadite Security Firm -- Redmondmag.com

Microsoft Said To Be Buying Hexadite Security Firm

By Kurt Mackie
05/24/2017

Microsoft reportedly has agreed to buy software security firm Hexadite for $100 million.

Update 6/8: The Hexadite buy was confirmed today by Microsoft in an announcement. Hexadite's remediation technology will be added to Microsoft's Windows Defender Advanced Threat Protection service and the Hexadite team will become part of Microsoft's Windows and Devices Group.

The agreement and price were mentioned in this Calcalist (Israel) press account, as cited in a Reuters story today. However, there was no confirmation from Microsoft, with a spokesperson saying only that "the company has nothing to share at this time."

Three-year-old Hexadite has its headquarters in Boston but its research and development facilities are located in Israel. The company makes a solution that automates the investigation and remediation aspects of addressing network breaches.

Hexadite was founded by three former members of an "elite intelligence unit of the Israel Defense Forces," according to the company's Web site. Its main product is the Hexadite Automated Incident Response Solution (AIRS), which was first launched in March of 2015.

AIRS works with other software security solutions to automatically apply remediation actions. Hexadite's partners include security solutions providers such as Carbon Black, Check Point, CrowdStrike, Cybereason, Cylance, Exabeam, Hewlett Packard Enterprise, Palo Alto Networks and Securonix.

Hexadite is described as a "security automation and orchestration" (SAO) provider in a Forrester Research report. The SAO market is described as a new space that started about three years ago, according to the report. Other vendors profiled in Forrester's SAO report include CyberSponse, Demisto, Phantom Cyber and Swimlane. The idea behind SAO solutions is that they can speed up investigation and remediation time following network security breaches.

One challenge for Hexadite is to get security and response professionals to accept that human investigators can be replaced by an automated process such as the AIRS product, according to Forrester's report. AIRS, described as "security middleware," is designed to model the actions of investigators.

Microsoft has its own post-breach analysis solution called the "Windows Defender Advanced Threat Protection" service. It uses machine learning to investigate network security breaches. It's primarily a forensics tool, but Microsoft had indicated back in December that remediation capabilities would be arriving in the Windows Defender Advanced Threat Protection service with the release of the Windows 10 "creators update." The Windows 10 creators update was released last month as a "current branch" test release for organizations.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.