IBM to Acquire Randori – Enhancing Security via the “Attacker’s Perspective”

By Charles King, Pund-IT®  June 8, 2022

Equating business with military strategies and tactics has been popular for years. In fact, not too long ago, you could scarcely attend an industry event or company conference without finding executives waxing poetic about the commercial usefulness of musings by Sun Tzu and Carl von Clausewitz. While many of these notions stretch credulity, some offer common wisdom that is applicable to specific business circumstances, including the development of innovative new solutions.

For example, IBM’s planned acquisition of Randori, a leading attack surface management (ASM) and offensive cybersecurity provider, clearly evokes Sun Tzu’s famous comment in The Art of War: “Know the enemy and know yourself in a hundred battles you will never be in peril. When you are ignorant of the enemy but know yourself, your chances of winning or losing are equal. If ignorant both of your enemy and of yourself, you are certain in every battle to be in peril.”

Let’s consider that point more closely.

Attack surface complexity and evolution

Evidence of the dangers that enterprises and public sector organizations face from cybercriminals has become increasingly commonplace during the past decade. Thefts of consumer information troves, exploits targeting valuable intellectual property and ransomware attacks that effectively cripple or shutter operations have all been on the rise. There is no shortage of supposed solutions but preventing cybercrimes has come to resemble a game of Whack-a-Mole—stop one attack or attacker and others quickly pop up to replace it.

There have been plenty of cases where organizations employed flawed or inadequate solutions, resulting in the victims of attacks shouldering the blame along with their attackers. Conversely, the monetary value of cyberattacks has grown so lavish that well-financed sponsors from organized crime to rogue nations have entered the fray, challenging even the best-prepared businesses.

However, another issue is also contributing substantially to organizations’ security woes: the rapid evolution, development and deployment of Internet-facing solutions, such as cloud, IoT, hybrid cyber-physical systems and third-party services. At first this seems counterintuitive. After all, aren’t these technologies supposed to represent the leading edge of new and next generation business innovation?

Absolutely, yes. But along with providing access to business insights and value, they can also vastly expand attack surfaces and opportunities for cybercriminal exploits. That situation can become doubly dangerous and difficult if businesses are unaware of or fail to accurately assess security gaps and vulnerabilities as they occur. It is akin to someone remodeling or improving their home, then forgetting about or neglecting to secure the windows and doors in the new addition.

IBM, Randori and the “attacker’s perspective”

What does any of this have to do with IBM’s interest in and acquisition of Randori?

Randori describes itself as “a hacker-led company” whose cloud native solution is designed to help customers discover security gaps and exposure points, assess potential risks, and improve their security posture. The company’s attack surface management solution uses “adversary” logic—looking at circumstances from the point of view of bad actors based on real-world cyberattacks—and offers recommendations based on both risk levels and asset attractiveness.

The process begins with Randori entering an email domain to map a customer’s attack surface, a process that helps identify entry points for ransomware attacks, “shadow IT” risks and other problems. The company also offers a solution that combines attack surface management with continuous automated red teaming (CART) to stress test defenses and train incident response teams.

According to IBM, Randori will advance its hybrid cloud strategy and strengthen its AI-enabled cybersecurity portfolio. After the acquisition closes, IBM plans to integrate Randori’s attack surface management software with the extended detection and response (XDR) capabilities of IBM Security QRadar. That will provide real time attack surface visibility to enterprise customers, enabling them to enhance threat hunting, incident response and alert triage processes.

Randori-based insights will also be offered through IBM’s Managed Security Services organization. The acquisition is expected to close in the next few months.

Final analysis

One of the most challenging points organizations face in dealing with cyberattacks is unfamiliarity with the sociopathology and other tendencies that drive criminal and rogue organization attackers. Simply “latching” virtual doors and windows seldom offers true security. It is better to understand how cyber enemies think. To know them and to know yourself, as Sun Tzu famously noted.

That point is vital to understanding both the value that Randori offers businesses and IBM’s desire to acquire the company and integrate its solutions into the IBM Security portfolio. Overall, this is a deal that should provide essential value to IBM and Randori, and to both companies’ myriad customers and partners.

© 2022 Pund-IT®. All rights reserved.