IBM is beefing up its cybersecurity offering with the acquisition of of Randori, an attack surface management (ASM) and offensive cybersecurity provider. Big Blue says its latest purchase will boost the security tools on offer to users of its hybrid cloud services, and the deal signifies the growing importance of security as a differentiator in the battle for cloud computing supremacy.
The deal, announced overnight, will see Boston-based Randori’s attack surface management software integrated into IBM’s Security QRadar software. Financial terms of the acquisition have not been disclosed, but it is expected to close in the next few months.
“Our clients today are faced with managing a complex technology landscape of accelerating cyberattacks targeted at applications running across a variety of hybrid cloud environments – from public clouds, private clouds and on-premises,” said Mary O’Brien, general manager at IBM Security. “In this environment, it is essential for organisations to arm themselves with attacker’s perspective in order to help find their most critical blind spots and focus their efforts on areas that will minimize business disruption and damages to revenue and reputation.”
What does Randori do?
Billing itself as a hacker-led company, Randori was founded in 2018 and has raised $30m since its inception. Its cloud-native ASM software works by exploring a client’s system and mapping the potential attack surface for cyber criminals, prioritising potential vulnerabilities. The company says can help tech teams identify shadow IT risks and potential entry points for ransomware.
This is apparently a growing problem, and IBM points to research published in January which found that 67% of organisations have seen their external attack surface expand over the past two years due to the rising use of cloud services, third-party software, IoT devices and cyber physical systems. Indeed, 69% of respondents to the poll, carried out by consultancy ESG, said they had been “compromised via unknown, unmanaged and poorly-managed internet-facing assets” in the past year.
“To stay ahead of today’s threats, you need to know what’s exposed and how attackers view your environment,” said Brian Hazzard, co-founder and CEO at Randori. “By joining forces with IBM, we can greatly accelerate our vision and strategy – leveraging IBM’s deep expertise in AI, threat intelligence, offensive security and global reach.
“Together, we can arm the industry with the attacker’s perspective – helping to give every organisation the visibility and insight needed to get in front of the next wave of attacks.”
Cloud computing giants on a cybersecurity spending spree
The acquisition is IBM’s fourth of 2022 as it continues to build its cloud capabilities to match its stated strategy of growing the company’s revenues through what it describes as hybrid-cloud services. It says it can help customers manage workloads deployed on multiple public and private clouds, as well as on-premises systems.
It faces an uphill struggle to win business in the cloud market, which is dominated by the three hyperscale public cloud providers – Amazon’s AWS, Microsoft Azure and Google Cloud. But security is increasingly being seen as a key component in this market, with many of the leading players looking to improve their offerings.
Google Cloud has been particularly active in this respect. In December it purchased Israeli security business Siemplify for $500m, and is in the process of acquiring security vendor Mandiant for $5.4bn, a deal where it reportedly saw off competition from Microsoft. While AWS has been less active, CEO Adam Selipsky said in an interview with Bloomberg in April that the company is looking to make acquisitions, with security one area where it could strengthen its portfolio.