So Microsoft apparently is buying the Israeli security firm Hexadite.  Hexadite, interestingly enough, makes an automation tool to support incident response.  In fact, it’s specifically designed to support (or arguably replace) human analysts in performing incident management tasks. If you want to see how the product works, you can see a demo of it on the Hexadite site here.

So this is an interesting step for Microsoft.  Microsoft, as we all know, is no stranger to security acquisitions (over the years, they’ve bought folks like Zoomit, GIANT, FrontBridge, Alacris, Komoku, Sentillion, PhoneFactor, etc., etc.) So it’s not a huge surprise on its face that they would purchase a security company now.  What is a little more interesting though is that Microsoft has said they’ll invest $1B in the space during 2017 (one assumes that includes acquisitions) – which means that there are likely more on the horizon.  Also the fact that we can expect this tool to see a lot more mainstream airtime now that they’re owned by Microsoft.

I’m a little torn on whether this is a good bet for them or not.  For the short term, it is unquestionably a win.  This tool is all about finding and fixing issues in a distributed environment; notably those running Windows software. So it’s an immediate enterprise sales play for them, it addresses immediate challenges in their customer’s environment, and it’s longer-term a great feature-set to incorporate into the Windows ecosystem.  It’s also a huge marketing win, which I’m sure brings with it some “soothing relief” after the whole WannaCry situation.

But it’s also a little, maybe… old school?  Yes, I just asked with a straight face if an AI vendor is “old school.”  By that though, I’m not referring to the technology it uses to do what it does: that’s super sophisticated and cutting edge I’m sure.  Instead, I mean the business problem it solves – and I’m not thinking right now, I’m thinking a few years from now.  In the past for example, when Microsoft bought someone like GIANT, that technology is (probably) still there in some form or another – incorporated in Windows Defender (or Security Essentials or whatever they call it nowadays).  So there’s some serious shelf-life associated with that purchase.  Will there be with this one?

Maybe.  But AIRS (the Hexabite premiere product) is all about automating remediation for distributed, on-premise, mostly Windows environments.  Yes, I know as of last year, they added support for Mac and Linux – but each platform they support exponentiates the support overhead.  So it might be a while before they support Android, and IOS, and the other IOS, and embedded platforms, and cloud environments, and all the other crap that’s coming next.  Workstations will of course always be there, so that problem won’t go away – and this tool is a workhorse for that problem.  And maybe some flavors of IoT (e.g. BusyBox) can be added in short order because of the Linux support (could happen)… But will there be the shelf life that a GIANT or PhoneFactor has?  Not sure.