Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

11/16/2018
03:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance

BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.

BlackBerry has agreed to buy endpoint security firm Cylance for $1.4 billion cash in a deal expected to close before February 2019, the two companies announced today.

Once famous for its keyboarded smartphones, BlackBerry has since pivoted to enterprise software. The acquisition of artificial intelligence-based threat prevention firm Cylance is BlackBerry's largest buy in seven years, according to Bloomberg data, and it signifies BlackBerry is pushing further to add security and AI to its portfolio. Execs indicate Cylance will also help BlackBerry with IoT security as it focuses on connected devices.

Cylance was founded in 2012 by co-founders Stuart McClure, chairman and CEO, and Ryan Permeh, chief scientist. The Irvine, Calif.-based company applies artificial intelligence, algorithms, and machine learning to proactively identify threats without using signatures. Its idea is to detect "unknown unknowns" at the endpoint before they cause damage.

This year has been a busy one for Cylance, which announced a $120 million Series E funding round in June 2018 and reported annual revenues exceeding $130 million for the 2018 fiscal year. The company has raised a total of $297 million in funding over five rounds and reportedly has 3,500 active enterprise customers, including more than 20% of the Fortune 500.

Cylance was headed for an IPO before BlackBerry swooped in to make an offer, executives reported on a media conference call today. McClure said the reason behind its decision lay in BlackBerry's application of security into embedded and mobile technology. He sees an intersection between Cylance, which focuses on detection and prevention for endpoints and servers, and BlackBerry, which aims to secure a broad range of devices.

When looking at the company's mission and discuss where cyberattacks go, McClure said, they target cloud, mobile, endpoint, IoT, and embedded systems. "Wherever there is a target for an adversary … you're going to have an adversary," he noted. The BlackBerry acquisition will bring Cylance's technology to a wide range of devices and platforms.

John Chen, BlackBerry's executive chairman and CEO, expects Cylance will complement several aspects of its portfolio, most notably Unified Endpoint Management (UEM) and QNX, an operating system intended for embedded systems, particularly connected and self-driving cars.

"One area I think we're going to have a strong influence [in] is transportation," said Chen on the call, adding that 120M cars today use BlackBerry's embedded technology. He explained how UEM and Cylance tech will both be introduced into the connected vehicle space.

Chen also pointed to opportunities within the enterprise of things (EoT) and said Cylance's capabilities will be a "big, big help to making this platform a reality." It seems BlackBerry plans to integrate AI and machine learning into BlackBerry Spark, its platform for connecting the EoT.

In terms of cross-selling opportunities for BlackBerry, Chen said the company would like to get into the Cylance customer base by providing security solutions for device management and application management in the mobile world – a shift from Cylance's focus on PCs and laptops.

Following the deal's close, BlackBerry expects Cylance will operate as a separate business unit within BlackBerry Limited. Read more details in its press release on the news.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "The security team seem to be taking SiegeWare seriously" 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16770
PUBLISHED: 2019-12-05
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.
CVE-2019-19609
PUBLISHED: 2019-12-05
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
CVE-2019-16768
PUBLISHED: 2019-12-05
Exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation m...
CVE-2012-1105
PUBLISHED: 2019-12-05
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
CVE-2019-16769
PUBLISHED: 2019-12-05
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash...