Skip to content

Microsoft Is Changing The Cybersecurity Market

With their own offerings, acquisitions, and software marketing deals, cloud computing giants are altering the cybersecurity market. However, Microsoft (MSFT) poses the greatest threat to industry veterans because it sells multiple products to businesses at discounted prices.

Microsoft competes with cybersecurity companies like CrowdStrike Holdings (CRWD), Okta (OKTA), Splunk (SPLK), and the startup Netskope, among others, with its expanding product line. Additionally, Palo Alto Networks (PANW), which has developed a cloud-based security platform through acquisitions, is a competitor of Microsoft.

The software giant has informed analysts that its security division now generates $15 billion annually. It is increasing by 40% annually. At its Azure cloud computing business and Office 365 platform, Microsoft bundles products.

During the bear market in technology companies in 2022, MSFT stock has lost 24%. In the meantime, cybersecurity stocks are currently trailing the S&P 500.

According to Jonathan Ho, an analyst at William Blair, Microsoft has overcame its reputation for poor security caused by hacking attacks. Its Windows operating systems and web browsers were the targets of those attacks.

“Because of the data breaches, Microsoft was historically not thought to be very good at security. Ho stated in an interview that cybersecurity professionals did not trust its products. Everything has altered. Strong cloud native products have been created by Microsoft. It gets very high marks from Gartner and other evaluation platforms. Additionally, Microsoft is able to bundle products for customers due to the strength of its product suite.

Cloud Technology: Cloud computing giants are not the only ones moving into cybersecurity. Microsoft isn’t the only one. Amazon Web Services, a subsidiary of (AMZN), has created its own cloud-based security solutions. CrowdStrike, Splunk, and Zscaler (ZS) are just a few of the companies that have made it an important sales channel.

One of the most popular subcategories on the AWS Marketplace, an online marketplace for small businesses, is computer security. Cloud computing service providers rent computer servers and data storage, but businesses load their own applications.

Additionally, this year, Google-parent Alphabet (GOOGL) paid all cash for Mandiant in a $5.4 billion acquisition. Now a part of Google’s cloud computing business, Mandiant According to reports, Microsoft also considered purchasing Mandiant.

However, Google’s cybersecurity division is significantly smaller than Microsoft’s and AWS’s. Ho claims that Microsoft has an advantage over Google due to its substantial corporate market sales force.

In the meantime, Microsoft gained an advantage over AWS by hiring Charlie Bell, an Amazon cloud veteran, to lead its cybersecurity division. Bell intends to utilize AI tools at Microsoft to enhance cybersecurity against ransomware attacks and other hacker tools.

In 2022, more cybersecurity M&A?
Cybersecurity companies have been actively acquired by private equity firms. However, Microsoft and Google, as well as cash-rich incumbents Palo Alto Networks, Check Point Software Technologies (CHKP), Fortinet (FTNT), and CrowdStrike, are mentioned in a Morgan Stanley report as potential acquirers for the company in 2022.

Microsoft has bought startups Aorato, Adallom, Hexadite, and CyberX since 2014 to accelerate its move into cybersecurity. In July 2021, Microsoft also bought security threat management company RiskIQ. In 2021, Microsoft also acquired CloudKnox Security.

Keith Bachman, an analyst at BMO Capital Markets, claims that Microsoft intends to expand security research and development. He recently met with management at Microsoft.

In a recent note to clients, he stated, “Microsoft is creating an integrated, end-to-end security platform.” “Management stated that MSFT will improve in a variety of different security areas as a result of its $20 billion investment in security over the next five years,”

“Added he: In addition, management stated that they can clearly see this security investment increasing revenue and margins. Under Charlie Bell’s direction, all security engineering teams have been brought together to collaborate more across products, and MSFT’s plans place a greater emphasis on integration. We believe that Microsoft’s previous security products and approach to market have not been well integrated or organized, so the consolidation of the organization ought to be beneficial.”

According to Microsoft, the company has 8,500 security employees and 785,000 security customers. According to analysts, the development of security products that safeguard non-Microsoft data and various cloud computing platforms is Microsoft’s primary obstacle.

“At the core of Microsoft’s staggering security momentum is its bundling strategy,” MoffettNathanson analyst Sterling Auty stated in a recent report to clients. “Microsoft strengths in cybersecurity” Microsoft has been gradually adding security products to its premium Microsoft 365 subscriptions, just as it was able to rapidly expand its Teams collaboration app by bundling it into agreements.

Auty continued, “We believe it would be the largest individual security company if Microsoft broke out the segment as a stand-alone company, and identity is the cornerstone of the firm’s revenue.” Microsoft has built a leading identity business by leveraging its prominence in the enterprise directory market, where businesses manage user information. Microsoft’s solutions, on the other hand, touch on endpoint, cloud, data, and even network security.”

Email and endpoint security account for the majority of Microsoft Security’s revenue. Microsoft upsells advanced anti-phishing and threat prevention tools in addition to the anti-spam and malware protection that are included in the base Office 365 plans.

Microsoft competes with CrowdStrike and many others in the endpoint market. Malware is found on laptops, mobile phones, and other devices that connect to corporate networks by endpoint security tools.

When compared to Okta and other vendors, analysts assert that Microsoft has also gained ground in identity and access management, or IAM. The identity of users of a computer network is verified by IAM software. Employees, partners, and customers’ usernames, passwords, and access policies are managed by the tools.

Software distributors were recently surveyed by analyst Joseph Gallo of Jefferies regarding issues such as Microsoft’s impact on the market.

According to a report, Gallo stated, “Email, cloud, and identity access management were identified as the most susceptible to disruption from Microsoft.” Zscaler, Palo Alto, Fortinet, Check Point, and Varonis stand to benefit from the fact that threat intelligence, network security, and internal threats were deemed to be the most resistant to Microsoft’s reach.”

XDR, a threat detection technology, is expected to be the battlefield for cybersecurity battles between Microsoft and established competitors in the industry, according to analysts. Extended detection and response is the acronym.

XDR deployment will be made simpler for businesses by cloud computing.

Security information and event management are improved by the technology. Web and email gateways, as well as endpoints, are monitored and analyzed by XDR security platforms. They also look at cloud business workloads, IT infrastructure, and firewalls for web applications.

Additionally, in order to find indications of malicious activity, XDR makes use of automated tools to collect network incident data, also known as telemetry.

According to William Blair’s Ho, “large XDR vendors like CrowdStrike, Palo Alto Networks, SentinelOne (S), and Microsoft are expanding their XDR products to cover more endpoints, better automate detection and remediation capabilities, integrate with more add-on modules, and increase the size of their partner ecosystems.” Additionally, as a result of a significant increase in their adoption, a portion of the partner ecosystems of these large vendors are increasingly including managed services.”

He claims that signal, threat, and alert data are automatically gathered, correlated, and analyzed by Microsoft 365 Defender. It does this from every endpoint, email, application, and identity in the Microsoft 365 environment. It uses automation and artificial intelligence to stop attacks and start responses on its own.

Between July 2021 and June 2022, threat activities originating from state actors on critical infrastructure doubled from 20% to 40%, primarily from Russia and targeting NATO member states following the start of the Ukraine war, according to Microsoft’s Digital Defense Report 2022.