Category Archives: cyber security

Grim ‘Reaper’ Botnet Could Come for Your Candy

'Reaper' Botnet


By Tony Ramsey, Practice Manager, Networking & Security

IoT devices and gadgets which are the primary target of the ‘Reaper’ botnet present a new attack vector and easy-to-exploit vulnerabilities. These vulnerabilities. coupled with the number of IoT devices, have certainly helped the ‘Reaper’ botnet reach the critical mass needed to deliver a massive DDoS attack or a crippling payload to its victims. But don’t fret, it hasn’t done so yet. When compared to the Mirai botnet attack last year, the good news is that security experts are more prepared for it. 

The major concern is the sheer number of infected devices and their combined computing power harnessed by botnet controllers through injection of malicious code that has the potential to cause massive problems.  

The numbers provided by 360 Netlab are impressive:

Infected bots connected to one controller: About 28,000 infected devices

Number of devices vulnerable to ‘Reaper’ botnet: As far as two million

It’s important to note, however, that this botnet has already lost the element of surprise. The ‘Reaper’ botnet controllers and some of its code are now known to the internet security community. Its method of infection: exploiting known vulnerabilities and its propagation between devices are also being analyzed.

Therefore, it is no longer a question of detection but prevention.  

This is certainly the time for device vendors to provide security patches for hardware and software platforms to address the specific exploitable vulnerabilities.

There’s much anxiety in the internet security community since we’ve not yet seen any attacks or malicious activity and the Reaper botnet still seems to be in the expansion phase; its intention for a concerted malicious attack is yet unknown, but we know that its potential magnitude of damage is quite large. 

Some of the infected networked devices are mainly for home and SOHO use, so education and awareness is needed by consumers who aren’t necessarily accustomed to applying security patches and in-depth configurations for threat mitigation.

‘Reaper’ Botnet Update:

The original claim in the security world that this is one of the largest botnet infections ever has been significantly reduced. As of today, the prediction is that the ‘Reaper’ botnet isn’t as far reaching as expected, but it could change at any moment. The question is, will the ‘Reaper’ botnet cause more widespread damage than the infamous Mirai?


Intel grows despite the PC continuing its slow decline

IntelIntel has reported 3% growth, including a 5% boost in its data centre business, though the client computing unit continues its slow decline, reports

The company’s efforts to redefine itself are seemingly beginning to pay dividends as a 3% year-on-year decline to $7.3 billion in the client computing business unit was offset by healthy performances elsewhere in the organization. The data centre unit brought in $4 billion in revenues, up 5%, whereas IoT accounted for $572 million, an increase in 2%, and the security portfolio grew 10% to $554 million for the quarter. The Programmable Solutions group also saw a 30% boost to $465 million. Overall quarterly earnings grew 3% to $13.5 billion.

“Our top line results for the quarter came in right in line with outlook, and profitability this quarter exceeded our expectations,” said Brian Krzanich, Intel CEO. “Year-over-year growth this quarter was 3% overall, as we transform Intel into a company that powers the cloud and billions of smart connected devices. We continue to focus on growth in line with this transformation, as evidenced by results in the data centre, IoT, and Programmable Solutions business this quarter.”

Looking forward, the team is forecasting Q3 will bring in revenues of roughly $14.9 billion, which would represent 3% year-on-year growth. Client computing is expected to continue its decline in the high single digits, while double-digit growth is anticipated in the data centre business, funded by cloud players in the second half of the year. CFO Stacy Smith believes growth in the IoT, data centre and memory businesses will counteract any negative impact of client computing.

While the data centre business continues to demonstrate growth for Intel, overnight trading saw share price decline by 3% following the earnings announcement. Investors were anticipating higher growth levels for the data centre group, as Intel forecasted double digit growth previously.

Intel’s efforts to redefine the focus and perception of the business has been ongoing for some time, as the personal computing market segment, Intel’s traditional cash cow, has continued to erode. Back in April, Krzanich outlined the company’s future focus on the company blog, which is split into five sections; cloud technology, IoT, memory and programmable solutions, 5G and developing new technologies under the concept of Moore’s law.

“Our strategy itself is about transforming Intel from a PC company to a company that powers the cloud and billions of smart, connected computing devices,” said Krzanich in the blog entry. “But what does that future look like? I want to outline how I see the future unfolding and how Intel will continue to lead and win as we power the next generation of technologies.

“There is a clear virtuous cycle here – the cloud and data centre, the Internet of Things, memory and FPGA’s are all bound together by connectivity and enhanced by the economics of Moore’s Law. This virtuous cycle fuels our business, and we are aligning every segment of our business to it.”

While the IoT business only grew 2% year-on-year, it would be worth noting this is off the back of a healthy Q1 which saw the unit grow 22%. Krzanich linked the Q2 performance, which was below the teams expectations, to an inventory burn following a strong performance in the first quarter. The team now anticipate double-digit growth through the remainder of 2016.

This was also the second consecutive quarter in which the security portfolio was listed as a separate business unit, previously being incorporated into the software and services unit. The group itself has demonstrated healthy growth over the course of 2016, but has been the topic of speculation surrounding a sale.

Only last month the team were rumoured to be considering a sale of its security business, which was created following the $7.6 billion acquisition of antivirus specialists McAfee in 2010. Although security is one of the larger sections of the Intel business, it was not specifically mentioned as a focus point for the future business strategy during Krzanich’s blog entry in April. While the prospective sale has not been confirmed by the Intel team, separating the unit in the financials could indicate it is attempting to provide a greater level of transparency for potential buyers.

Security still viewed as a barrier to progress – Dell

Security CCTV camera in office buildingA recent survey from Dell demonstrates security is still seen as a hindrance to innovation as companies aim to develop a more digitally orientated proposition for the market, reports

While a substantial 89% of the respondents highlighted their organization was in the middle of a digital transformation project, 76% agree security is brought into the equation too late in the development process, with 85% saying they actively avoid bringing security experts in due to the belief they will slow or even scupper the project.

“This survey produced some eye-opening results and reinforces what we’ve been hearing directly from our customers,” said John Milburn, GM of One Identity Products at Dell. “Organisations face challenges securing their digital transformations and recognise that their current security measures are exposing the business to risk.

Security has been one of the biggest talking points within the telecommunications and technology industry, generally due to a lack of understanding. Until recently, security challenges would appear to have been pushed to the side as there have not been any clear routes to success. It would seem companies are not willing to allow security concerns to stop progress, instead aiming to secure products retrospectively.

The survey demonstrates attitudes towards are still relatively negligent. While numerous CEO’s and board members have highlighted security would be considered at the top of the agenda, surveys such as this tell a different story, much to the disappointment of security professionals and vendors alike. One conclusion which could be drawn from the survey is security is still considered a barrier to success when driving towards innovation. In fact 37% of respondents agreed with the statement “it is likely that the security team will delay or block a new initiative presented to us today”, and 49% agreed with “our security team does have a reputation for blocking projects based on the past, but now we do a better job of enabling the business”.

“Our goal is to provide our customers with solutions that address these needs. When done right, security can enable organisations to aggressively adopt new technologies and practices that can have a direct, positive impact on revenue, profits, employee productivity and the customer experience. Done right, security also helps CISOs open their own ‘Department of Yes,’ empowering them to deliver the strategic projects and innovative initiatives that drive businesses forward.”

Security is, and will continue to be, a paramount facet of any organization, though the implications which can be drawn from this survey suggest there is still some way before organizations would consider themselves secure. One encourage factor from the survey is 91% of respondents agreed if the security team was given more resources they could do a better job. What is unclear is whether CEOs and other board members will follow up on the promise security will receive more investment.

Are cyber attacks covering up server inadequacies at Pokémon Go?

Pokemon GO 2Pokémon Go users have continued to struggle as the app’s developer Niantic Labs recovers from hacker attacks and unprecedented demand for the game, reports

Claimed attacks from various hacker groups would have appeared to cover up server inadequacies at Niantec Labs, as the team seemingly struggles to meet capacity demands following the games launch in 27 countries worldwide.

Over the course of the weekend, various hacker groups including PoodleCorp and OurMine have claimed responsibility for a distributed denial of service (DDoS) attack, causing a slow and clunky experience for many players around the world. Although the Niantec Labs team has played down the incidents, disruptions have continued into Monday morning with the editorial team unable to access the game effectively. Whether this can be attributed to the claimed attacks or a lack of server capacity is unclear for the moment.

The hacker saga would have appeared to have started over the weekend, with OurMine stating on its website, “Today We will attack “Pokemon Go” Login Servers! so no one will be able to play this game till Pokemon Go contact us on our website to teach them how to protect it! We will attack it after 3-4 hours! Be ready! We will update you!” This was followed by another statement declaring the servers were down. PoodleCorp claimed the day before (June 16), it had caused an outage, though also said to expect a larger attack in the near future.

While both of these attacks have attracted headlines, it would also appear to have covered up shortcomings on the company’s infrastructure and its ability to deal with high demand. The launch of Pokémon Go has been well documented over the last few weeks as it has been lauded by numerous sources as the biggest mobile game in US history. Even before its official release in the UK, EE announced it saw 350,000 unique users of Pokémon GO on its network.

“This is the fastest take up of an app or game we’ve ever seen – and that’s before it’s officially launched! People across the country are going to be relying on a mobile data network that’s everywhere they go,” said Matt Stagg, EE head of video and content strategy.

Despite claims the server problems have been addressed, complaints have continued to be voiced. Server status tracking website Downdetector stated 39,013 complaints were registered at 22.00 (EST) on July 17. The Niantic Labs team are seemingly underestimating demand for Pokémon Go with each launch, which would be a nice problem to have.

While was unable to identify Niantic Labs specific cloud set-up, other reports have identified Google as the chosen platform. Although there are no specific announcements linking the two organizations, Niantec was spun out of Google in October last year, and currently has John Hanke at the helm, who was previous VP of Product Management for Google’s Geo division, which includes Google Earth, Google Maps and StreetView. A job vacancy is also on the company’s website which asks for experience in dealing with Google Cloud or AWS.

Although AWS has been listed on the job vacancy, it would be fair to assume it is not involved currently as CTO Werner Vogels couldn’t resist making a joke at the affair stating “Dear cool folks at @NianticLabs please let us know if there is anything we can do to help!” on his twitter account. This could imply some insider knowledge from Vogels as it would be most likely the company would take a swipe at its closest rivals in the public cloud market segment, namely Google or Microsoft Azure.

The claims of the DDoS attacks would appear to have come at an adequate time, as it has taken the heat off the cloud infrastructure inadequacies. According to Business Insider, Hanke said the international roll-out of the game would be “paused until we’re comfortable”, with relation to the server capacity issues. It would seem the company is prepared to ride the wave of demand, as well as complaints, and fix the server problem later, as launches and server issues continued following that interview.

What did we learn from EMC’s data protection report?

a safe place to workEMC has recently released its Global Data Protection Index 2016 where it claims only 2% of the world would be considered ‘leaders’ in protecting their own assets, reports

Data has dominated the headlines in recent months as breaches have made customers question how well enterprise organizations can manage and protect data. Combined with transatlantic disagreements in the form of Safe Habour and law agencies access to personal data, the ability to remain secure and credible is now more of a priority for decision makers.

“Our customers are facing a rapidly evolving data protection landscape on a number of fronts, whether it’s to protect modern cloud computing environments or to shield against devastating cyber-attacks,” said David Goulden, CEO of EMC Information Infrastructure. “Our research shows that many businesses are unaware of the potential impact and are failing to plan for them, which is a threat in itself.”

EMC’s report outlined a number of challenges and statistics which claimed the majority of the industry are not in a place they should be with regard to data protection. While only 2% of the industry would be considered leaders in the data protection category, 52% are still evaluating the options available to them. Overall, 13% more businesses suffered data loss in the last twelve months, compared to the same period prior to that.

But what are the over-arching lessons we learned from the report?

Vendors: Less is more

A fair assumption for most people would be the more protection you take on, the more protected you are. This just seems logical. However, the study shows the more vendors you count in your stable, the more data you will leak.

The average data loss instance costs a company 2.36TB of data, which would be considered substantial, however it could be worse. The study showed organizations who used one vendor lost on average 0.83TB per incident, two vendors 2.04TB and three vendors 2.58TB. For those who used four or more vendors, an average of 5.47TB of data was lost per incident.

Common sense would dictate the more layers of security you have, the more secure you will be, however this is only the case if the systems are compatible with each other. It should be highlighted those who lost the larger data sets are likely to be the larger companies, with more data to lose, though the study does seem to suggest there needs to be a more co-ordinated approach to data protection.

And they are expensive…

Using same concept as before, the average cost of lost data was $900,000. For those who have one vendor, the cost was $636,361, for those with two, 789,193 and for those with three vendors the cost was just above the average at 911,030. When companies bring in four or more vendors, the average cost of data loss rises to 1.767 million.

China and Mexico are the best

While it may be surprising, considering many of the latest breakthroughs in the data world have come from Silicon Valley or Israel, China and Mexico are the two countries which would be considered furthest ahead of the trend for data protection.

EMC graded each country on how effective they are were implementing the right technologies and culture to prevent data loss within the organizations themselves. 17 countries featured ahead of the curve including usual suspects of the UK (13.5% ahead of the curve), US (8%), Japan (1%) and South Korea (9%), however China and Mexico led the charge being 20% and 17% respectively ahead.

While it may not be considered that unusual for China to have a strong handle on data within its own boarders, Mexico is a little more surprising (at least to us at The country itself has gone through somewhat of a technology revolution in recent years, growing in the last 20 years from a country where only 10% of people had mobile through to 68% this year, 70% of which are smartphones. Mexico is now the 11th largest economy in terms of purchasing power, with the millennials being the largest demographic. With the population becoming more affluent, and no longer constrained by the faults of pre-internet world, the trend should continue. Keep up the good work Mexico.

Human error is still a talking point

When looking at the causes of data loss, the results were widespread, though the causes which cannot be controlled were at the top of the list. Hardware failure, power loss and software failure accounted for 45%, 35% and 34% respectively.

That said the industry does now appear to be taking responsibility for the data itself. The study showed only 10% of the incidents of data loss was blamed on the vendor. A couple of weeks ago we spoke to Intel CTO Raj Samani who highlighted to us the attitude towards security (not just data protection) needs to shift, as there are no means to outsource risk. Minimizing risk is achievable, but irrelevant of what agreements are undertaken with vendors, the risk still remains with you. As fewer people are blaming the vendors, it would appear this responsibility is being realized.

Human error is another area which still remains high on the agenda, as the study showed it accounts for 20% of all instances of data loss. While some of these instances can be blamed on leaving a laptop in the pub or losing a phone on the train, there are examples where simple mistakes in the workplace are to blame. These will not be removed, as numerous day-to-day decisions are based off the back of intuition and gut-feel, and a necessity for certain aspects of the business.

An area which could be seen as a potential danger would be that of artificial intelligence. As AI advances as a concept, the more like humans they will become, and thus more capable of making decisions based in intuition. If this is to be taken as the ambition, surely an intuitive decision making machine would offer a security defect in the same way a human would. Admittedly the risk would be substantially smaller, but on the contrary, the machine would be making X times many more decision than the human.

All-in-all the report raises more questions than provides answers. While security has been pushed to the top of the agenda for numerous organizations, receiving additional investment and attention, it does not appear the same organizations are getting any better at protecting themselves. The fact 13% more organizations have been attacked in the last 12 month suggests it could be getting worse.

To finish, the study asked whether an individual felt their organization was well enough protected. Only 18% believe they are.

Cisco cracks open wallet for $293m CloudLock acquisition

Cisco corporateCisco has announced its intent to acquire cloud security company CloudLock in a $293 million deal which is expected to close in Q1 2017, writes

CloudLock specializes in cloud access security broker (CASB) technology which provides insight and analytics focused on user behaviour and sensitive data in the cloud. The move builds on Cisco’s ‘Security Everywhere’ strategy, its initiative designed to provide protection from the cloud to the network to the endpoint.

“As companies are migrating to the cloud, they need a technology partner that can accelerate that transition and deliver critical security capabilities for all their users, apps and data in a seamless way,” said Rob Salvagno, VP of Cisco Corporate Development. “CloudLock brings a unique cloud-native, platform and API-based approach to cloud security which allows them to build powerful security solutions that are easy to deploy and simple to manage.”

CASB technology is an aspect of cloud security which has caught the attention of a number of decision makers in recent months. When we spoke to Intel Security CTO Raj Samani earlier this month, he told us CASB solutions were set to be one of the largest talking points for the cloud security market segment in the next couple of years.

“Companies will find controls and measures to give them a level of trust in a vendor to ensure they can operate effectively,” said Samani at the time. “CASBs will be one of the biggest trends we’ll see in the next couple of years.”

“CASB is the ultimate business case, because you can do things faster and more efficiently – you can actually but an ROI and a TCO next to it.”

The purpose of CASB solutions is to sit between the cloud provider and cloud consumer to consolidate multiple types of security policies including authentication, single sign-on, encryption, tokenization and malware detection. The CASB solution offers a level of assurance for those customers who have concerns over the security provided by cloud providers themselves, as the concept of secure and risk with vary dependent on the company.

By integrating CASB solutions, a cloud consumer can dictate how many additional layers of security are placed on top of a cloud provider’s offering, to allow the cloud consumer to define their own risk profile. The concept of CASB on the whole could go some way to mitigate the security concerns for those companies who have not currently adopted the cloud for more sensitive workloads.

Aside from this acquisition, Citrix has been bolstering its security capabilities through additional purchases, including Lancope for $452.5 million last December. Lancope helps customers monitor, detect, analyse and respond to modern threats on enterprise networks through continuous network visibility and threat analysis.

Citrix is one of a number of tech giants who have been forced to reconsider their primary focus, as cloud computing continued to increase its grip on IT decision making. During the company’s most recent earnings call, IoT was outlined as a target growth segment, though the security business unit was prominent during the financials, growing 17% year-on-year.

Intel reported to be looking for security exit

IntelAlmost six years after purchasing antivirus specialists McAfee, Intel is reported to be in the market to sell off its security arm, according to the

Intel has yet to make a comment on the speculation, though those close to the deal expect it to be one of the largest in the security sector to date. The company initially announced the McAfee acquisition in August 2010 for $7.6 billion at a time where the concept of IoT was beginning to gain traction, and the size of the online security challenge was being realized.

“With the rapid expansion of growth across a vast array of Internet-connected devices, more and more of the elements of our lives have moved online,” said Paul Otellini, who was serving as Intel CEO at the time of the acquisition. “In the past, energy-efficient performance and connectivity have defined computing requirements. Looking forward, security will join those as a third pillar of what people demand from all computing experiences.”

While the introduction of cloud computing has provided smaller business and entrepreneurs a platform to innovate and challenge the tech giants, Intel are one of a number of organizations who have had to evolve their own proposition to remain relevant in the cloud-enabled world. Back in April, CEO Brian Krzanich outlined the long-term Intel strategy, which was split into five areas; cloud technology, IoT, memory and programmable solutions, 5G and developing new technologies under the concept of Moore’s law. While the security business unit is one of the larger within the Intel portfolio, security was not mentioned in the announcement.

The new strategy intends to move Intel away from the PC market place, as declining sales have continued to impact the business. Despite reporting year-on-year growth of 7% during the last quarterly earnings call, this was not enough to deter the company from announcing 12,000 job cuts, equivalent to 11% of the global workforce.

“Our results over the last year demonstrate a strategy that is working and a solid foundation for growth,” said Krzanich, who is leading the company’s shift away from client computing and towards IoT and the cloud. “The opportunity now is to accelerate this momentum and build on our strengths. These actions drive long-term change to further establish Intel as the leader for the smart, connected world. I am confident that we’ll emerge as a more productive company with broader reach and sharper execution.”

Security is an area which is seemingly gaining traction in the venture capitalist arena, as there have been numerous deals announced in recent months. Blue Coat was acquired by Symantec earlier this month from majority shareholder Bain Capital for $4.65 billion, with Bain Capital agreeing to reinvest $750 million, and Silver Lake committing to an additional investment of $500 million. Vista Equity Partners has also agreed to purchase identify management company Ping Identity for an undisclosed sum.

What did we learn at Cloud & DevOps World?

Cloud & DevOps WorldThe newly branded Cloud & DevOps World kicked off yesterday with one theme prominent throughout the various theatres; cloud is no longer a disruption, but what can be achieved through the cloud is still puzzling decision makers, reports

One word which was heard more than any other was maturity, as there would appear to be a general consensus that cloud computing had matured as a concept, process and business model. Although finding the greatest value from the cloud is still a challenge, there is a general feeling those in the IT world are becoming more adventurous and more willing to experiment.

Speaking in the Business Transformation theatre, CIO Thierry Bedos opened up the conference with a look into future trends in cloud computing. Maturity was the main driver of the talk here, as Bedos pointed out AWS’ dominant position as market leader and innovator is starting to loosen. While it would generally be considered strange to call tech giants such as Google and Microsoft challenger brands, it would be fair in the context of public cloud. But not for much longer, as the gap is slimming. For Bedos, this competition is a clear indication of a maturing market.

Along Bedos, Oracle’s Neil Sholay gave us insight into the world of data analytics, machine learning and AI in the Oracle Labs. Bill Gates famously said “Content is King”, and while this remains true, Sholay believes we can now go further and live by the rule “Corpus is King”. Content is still of value, though the technologies and business practise to deliver content have dated the phrase. The value of content is now in mastering its delivery through effective analytics to ensure automation, context and insight. A content campaign is only as good as the information you feed it to provide value to the consumer.

The Cyber & Cloud Security theatre held a slightly different story, but maturity was still a strong theme. ETSI & GSMA Security Working Group Chairperson Charles Brookson commented to us while there is still a lot of work to do to ensure security, the decision makers are maturing in the sense they have accepted 100% secure is unachievable and remaining as secure as possible for as long as possible is the new objective.

For a number of the delegates and speakers this is a new mind-set which has been embraced, however there are still some technical drawbacks. Futuristic advances such as biometric security is set to become a possibility in the near future, but Birmingham University’s David Deighton showed the team had made solid progress in the area. Failure rates are still at 2%, which was generally received as too high, but this has been reduced from 15% in a matter of months. The team would appear to be heading in the right direction, at a healthy pace.

Once again the concept of failure was addressed in the IoT & Data Analytics theatre as conference Chairperson Emil Berthelsen (Machine Research) told us the important lesson from the day was to set the right expectations. Some project will succeed and some will not, but there is no such thing as failure. The concept of IoT is now beginning to gain traction in the enterprise world, starting to show (once again) maturity, but for Berthelsen, the importance of scalability, security and data in IoT solutions was most evident throughout the day.

Day 1 showed us one thing above all else; we’re making progress, but we’re not quite there yet.

SMEs not prepared for the threat of cyber criminals – Barclaycard

Hacker performing cyber attack on laptopResearch from Barclaycard claims cyber security is not being prioritized by small businesses, putting numerous organizations at risk of attack.

The findings state only 20% of the organizations surveyed believe cyber security is a top business priority, with 10% claiming their team has not invested in cyber security at all. The average attack costs UK businesses between £75,000 and £311,000 according to HM Government’s 2015 Information Security Breaches report, as more than 50% of the respondents believe their organization is at risk of a breach within the next 12 months.

“Businesses of all sizes face a constant and growing threat from cybercrime,” said Paul Clarke, Product Director at Barclaycard. “As our research shows, many small businesses are failing take the necessary precautions, either because they don’t know how to protect themselves or, more worryingly, because they don’t think they need to. At Barclaycard we work with our customers to ensure they are aware of the growing threats they face and understand how they can protect themselves from cyber threats.”

Worryingly for business owners throughout the UK, only 13% of those who completed the survey believe they have the relevant skills to adequately protect themselves online. This statistic, combined with the lack of prioritization around security, may indicate decision makers believe their organization is safer, as cyber criminals would target the larger and more data heavy businesses in the UK.

While this may be considered a perception held by small businesses, the findings claim just under half have been hit by at least one cyber-attack in the past year, with a tenth experiencing more than four attacks.

“Cybersecurity is not a one-off investment that can then be forgotten about, especially as criminals are becoming increasingly sophisticated in the way they target businesses,” said Clarke. “For fifty years we’ve been working in partnership with customers to ensure they are not only putting the right measures in place from the outset, but are also continuously reviewing their policies to keep up with the latest industry developments.”

Microsoft launches VC to drive inorganic growth

Microsoft To Layoff 18,000Microsoft has announced the launch of Microsoft Ventures, a new capitalist venture arm to engage start-ups and entrepreneurs in areas which the business does not currently operate.

Speaking on the official Microsoft blog, Nagraj Kashyap Corporate VP for the ventures business, highlighted the launch was in line with objectives to identify start-ups which can inspire the next technology evolution, as opposed to supporting the current portfolio and business objectives.

“In Microsoft’s history of engaging with and supporting start-ups, we’ve done a lot of investing, but not a lot of early stage,” said Kashyap. “Because we would often invest alongside commercial deals, we were not a part of the early industry conversations on disruptive technology trends. With a formalized venture fund, Microsoft now has a seat at the table.”

Technology acquisition has become an intense game in recent months, as a host of tech giants have built new business units to identify potential acquisitions. While this might not be considered an unusual business activity, the trends of innovation through acquisition as opposed to organic growth have seemingly becoming more prominent. Earlier this month, HP announced the launch of its own VC business unit, which could be perceived as a means for the business to diversify its portfolio, entering new markets. These new markets could lead to direct competition with HPE.

Microsoft has a history of creating initiatives to aide and invest in start-ups, having launched the Microsoft Accelerator program, which provides tools, technology and consulting, though this unit will aim to sit between the Accelerator and the function which oversees major acquisitions. Initially the team will have a presence in San Francisco New York City and Tel Aviv, and will also look to expand to additional countries in the future.

“Given that the move to the cloud remains the single largest priority for the industry, identifying the bleeding-edge companies who complement and leverage the transition to the cloud is key to our investment thesis,” said Kashyap.

“Companies developing product and services that complement Azure infrastructure, building new business SaaS applications, promoting more personal computing by enriching the Windows and HoloLens ecosystems, new disruptive enterprise, consumer productivity, and communication products around Office 365 are interesting areas from an investment perspective.”

Aside from technologies which can aide the company’s core capabilities, the team will also be responsible for investigating disruptions in more horizontal axis. Security and machine learning were two areas which were identified by Kashyap on the blog. “Our view is outward into the market — we focus on the inorganic growth of Microsoft, looking at where we can provide a step function, versus incremental progress.”