Microsoft to Buy Cybersecurity Firm RiskIQ

For companies that use cloud computing, “it’s increasingly critical to understand the full scope of their assets to reduce their attack surface,” Mr. Doerr wrote.

Microsoft didn’t disclose the deal’s terms. Representatives for Microsoft and RiskIQ didn’t immediately respond to inquiries.

Internet vulnerabilities have drawn mounting concern this year as examples proliferate of cyberattacks with wide-ranging effects. In May, the 5,500-mile Colonial Pipeline, crucial to the East Coast’s energy infrastructure, was temporarily shut down by its operator after a cyberattack, leading to gasoline shortages in some places.

A month later, meat processor

JBS SA

said it was hit with a cyberattack that sent a portion of its beef and pork processing offline, a stoppage that reverberated through the supply chain for food.

Hospitals and municipal services have also fallen victim to recent cyberattacks in the U.S., emphasizing the threat they can pose to public safety. In a June interview with The Wall Street Journal, Federal Bureau of Investigation Director Christopher Wray said cyberattacks that use ransomware have proliferated quickly, and that prevention demands more public- and private-sector attention.

“The threat landscape has never been more complex or challenging, and security has never been more critical to our customers,” Microsoft Chief Executive

Satya Nadella

said on a conference call with analysts in April. “This is driving increased demand for our end-to-end capabilities across identity, security, compliance and management.”

Mr. Doerr said that the addition of RiskIQ will expand on Microsoft’s existing security products for commercial customers, which include security for Microsoft’s Azure cloud-computing service and its 365 Defender software.

Write to Matt Grossman at matt.grossman@wsj.com