Microsoft acquired Israeli startup, CyberX Labs today in a move that gets Microsoft Azure into the IoT security market. We have been tracking CyberX for a couple years and have generally categorized it as an emerging player in the Operational Technology Access Control (OTAC) market. More recently, it has smartly repositioned itself as an IoT network discovery, posture assessment and management company. We see OTAC as an adjacent market to an existing, more IT-oriented security market called Enhanced Network Access Control (ENAC). Microsoft explains that CyberX will extend its Azure IoT security capabilities towards devices used in industrial IoT, Operational Technology and infrastructure scenarios, and that, it will allow customers to discover their existing IoT assets, manage and improve security posture of these devices.
We see this move by Microsoft as encroaching into the network security space a bit further than it had before. And, it is using IoT and industrial operations as a means to enter. We sill see the CyberX portfolio as an OTAC company, but since many IoT devices are just Internet Protocol (IP) connected devices, the CyberX portfolio can perform many of the tasks of that of an ENAC system. And so, this puts Microsoft quite closely in competition with the existing leaders in the much-larger ENAC market, namely, Cisco, HPE Aruba, Forescout and Fortinet (listed as a partner on the CyberX Labs website). Cisco and Forescout have announced OTAC products recently, as well. HPE Aruba, a big player in ENAC, had integrated CyberX into its Clearpass ENAC product in 2019 and featured CyberX at its user conference in 2019.
So, given Microsoft is acquisitive these days and clearly has an interest in beefing up its Azure IoT capabilities, and given that Forescout is in the midst of a failed merger bid from investor Advent, perhaps it is time for Microsoft to take a closer look at Forescout.