Report: Microsoft in Talks to Buy 'Critic' Aorato

Photo credit: dimitris_k/
Photo credit: dimitris_k/

Microsoft Corp. is reportedly in talks to acquire cybersecurity specialist Aorato, in a deal that could be worth $200 million. Ironically, the Israel-based startup has been in the news this week as a vocal Microsoft critic.

The Wall Street Journal, citing “a person familiar with the matter,” reported the talks and said the deal could close within the next two months.

Aorato and Microsoft work together extensively already, with the former recently becoming a member of Microsoft's Microsoft Active Protections Program (MAPP), which is devoted to providing up-to-date information on emerging security threats in between Microsoft's monthly security bulletins.

The company made the high-profile list earlier this week, however, with a report detailing a by-design Active Directory flaw that could potentially compromise 95% of Fortune 500 companies, as well as legions of other organizations. The vulnerability is due to weak encryption that enables attackers to change a victim’s password without being detected. Once the attacker leverages the Active Directory flaw, using the new password, the attacker can impersonate the victim to access various enterprises services and content.

Microsoft said that it was aware of the “limitation” in the software but downplayed any security implications, prompting Aorato to issue a strong critique.

"Millions of businesses are blindly trusting Active Directory as a foundation to their overall IT infrastructure," said Tal Be'ery, vice president of research at Aorato. “The unfortunate truth is that this trust is naively misplaced, leaving the vast majority of Fortune 500 enterprises and employees susceptible to a breach of personal and company data.”

According to the WSJ, Microsoft is apparently very willing to move past the kerfluffle.

Aorato has roots in nation-state security: it was founded in 2011 by veterans of the Israel Defense Forces. It recently clenched $10 million in fresh funding from Accel Partners and Innovation Endeavors, and counts Israeli VC firm Glilot Capital and founders of Trusteer as additional backers.

Neither Microsoft nor Aorato have commented on the acquisition news.

What’s Hot on Infosecurity Magazine?