IBM bolsters cyber security offerings with Randori acquisition

IBM logo on the site of a glass building
(Image credit: Shutterstock)

IBM plans to acquire Randori, an attack surface management (ASM) and offensive cyber security provider based in Boston, it revealed yesterday.

Randori helps customers to identify external facing assets that are visible to attackers, and prioritise which poses the greatest risk. IBM hopes the acquisition will advance its hybrid cloud and AI skills and capabilities. This will be its fourth acquisition of 2022 and it revealed it has acquired over 20 companies since Arvind Krishna became CEO in April 2020.

The new acquisition provides software to help security teams discover gaps, assess risks, and improve their security over time. Its attack surface management product maps a customer’s attack surface to help identify shadow IT risks and potential entry points for ransomware.

IBM aims to integrate Randori’s software with the extended detection and response (XDR) capabilities of IBM Security QRadar. Security teams will be able to use Randori’s real-time attack surface visibility for intelligent alert triage, threat hunting, and incident response. IBM hopes this can help eliminate the need for customers to manually monitor new critical applications and respond quickly when new issues or emerging threats arise on their perimeter.


Secure hybrid cloud for dummies

Accelerate transformation with hybrid cloud


"Our clients today are faced with managing a complex technology landscape of accelerating cyber attacks targeted at applications running across a variety of hybrid cloud environments – from public clouds, private clouds and on-premises," said Mary O'Brien, general manager of IBM Security. "In this environment, it is essential for organisations to arm themselves with the attacker's perspective in order to help find their most critical blind spots and focus their efforts on areas that will minimise business disruption and damages to revenue and reputation."

Randori is also able to provide businesses with a product that combines attack surface management with continuous automated red teaming (CART) to stress test defence and incident response teams. IBM plans to use this to complement its X-Force Red hacker lead offensive security services.

The Boston-based company is backed by Accomplice, .406 Ventures, Harmony Partners and Legion Capital. The financial terms of the deal weren’t disclosed, and the transaction is expected to close in the next few months.

Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.