Cloud computing giants are changing the cybersecurity market with their own offerings, acquisitions and software marketing deals, but Microsoft poses the biggest threat to incumbents in the sector as it sells multiple products to companies in discounted deals.
Microsoft's growing slate of offerings competes with cybersecurity firms such as CrowdStrike Holdings, Okta, Splunk, startup Netskope and others. In addition, Microsoft is a rival of Palo Alto Networks, which has used acquisitions to build a cloud-based security platform.
Now, the software behemoth has told analysts that its security business now brings in $15 billion in annual revenue. It's growing 40% each year. Microsoft bundles products at its Azure cloud computing business and Office 365 platform.
MSFT stock has retreated 24% in 2022 amid the bear market in technology companies. Meanwhile, cybersecurity stocks have lagged the S&P 500 in 2022.
William Blair analyst Jonathan Ho says Microsoft has overcome a reputation for poor security tied to hacking attacks. Those attacks targeted its Windows operating systems and web browsers.
"Historically, Microsoft was not viewed as being very good at security with the data breaches. Its products weren't trusted by cybersecurity," Ho said in an interview. "All that has changed. Microsoft has developed strong cloud native products. It scores very well with Gartner and third-party evaluation platforms. And, the Microsoft product suite is very strong, enabling it to bundle products for customers."
Cloud Computing: Giants Move Into Security
Microsoft isn't the only cloud computing giant venturing into cybersecurity turf. Amazon Web Services, part of Amazon.com, has developed its own security products that were born in the cloud. It also has become an important sales channel for companies like CrowdStrike, Splunk and Zscaler.
Computer security is one of the biggest categories on the AWS Marketplace, an online store for independent sellers. While companies rent computer servers and data storage from cloud computing service providers, they load their own applications.
Further, Google-parent Alphabet's this year acquired Mandiant in an all-cash $5.4 billion deal. Mandiant is now part of Google's cloud-computing business. Microsoft also considered buying Mandiant, according to reports.
But Google's cybersecurity business is smaller than Microsoft's as well as AWS's. William Blair's Ho says that Microsoft's big sales force for the corporate market gives it an edge over Google.
Meanwhile, Microsoft got a leg up on AWS when it lured longtime Amazon cloud executive Charlie Bell to head its cybersecurity business. At Microsoft, Bell plans to use artificial intelligence tools to improve cybersecurity against ransomware attacks and other hacker tools.
More Cybersecurity M&A In 2022?
Private equity firms have been actively acquiring cybersecurity firms. But a Morgan Stanley report cites Microsoft and Google as well as cash-rich incumbents Palo Alto Networks, Check Point Software Technologies, Fortinet and CrowdStrike as possible acquirers in 2022.
To speed up its push into cybersecurity, Microsoft since 2014 acquired startups Aorato, Adallom, Hexadite and CyberX. Also, Microsoft in July 2021 acquired RiskIQ, a security threat management company. Microsoft also bought CloudKnox Security in 2021.
At BMO Capital Markets, analyst Keith Bachman says Microsoft plans to increase security research and development. He met recently with Microsoft management.
"Microsoft is creating an integrated, end-to-end security platform," he said in a recent note to clients. "Management commented that its $20 billion investment in security over the next five years reflects this commitment and will result in MSFT improving in a number of different security areas."
He added: "Further, management commented that they see a clear path to driving revenue and margins with this security investment. MSFT's plans involve a greater focus on integration and under Charlie Bell's leadership, all security engineering teams have been brought together to work more across products. Our take is that Microsoft's historical security products and go-to market have not been well integrated nor well organized, so the organizational consolidation should help."
Microsoft says it has 785,000 security customers and 8,500 security employees. Microsoft's main challenge, analysts say, is developing security products that protect non-Microsoft data and other cloud computing platforms.
Microsoft Strengths In Cybersecurity
"At the core of Microsoft's staggering security momentum is its bundling strategy," MoffettNathanson analyst Sterling Auty said in a recent report to clients. "In the same way that Microsoft was able to rapidly grow its Teams collaboration app by bundling it into Microsoft 365 agreements, Microsoft has been gradually adding security products to its premium Microsoft 365 subscriptions."
"If Microsoft broke out the segment as a stand-alone company, we believe it would be the largest individual security company, and identity is the cornerstone of the firm's revenue," Auty went on to say. "Over the years, Microsoft has leveraged its prominence in the enterprise directory space, where companies manage user information, and built a leading identity business. However, many of Microsoft's solutions touch other key areas of security including endpoint, data, cloud, and even network."
Most Microsoft security revenue comes from email and endpoint security. While basic Office 365 plans offer anti-spam and malware protection, Microsoft upsells advanced anti-phishing and threat prevention tools.
In the endpoint market, Microsoft competes versus CrowdStrike and many others. Endpoint security tools detect malware on laptops, mobile phones and other devices that access corporate networks.
Analysts say Microsoft has also gained traction in identity and access management, or IAM, vs. Okta and others. IAM software verifies the identity of computer network users. The tools manage the usernames, passwords and access policies of employees, customers and partners.
Jefferies analyst Joseph Gallo recently surveyed software distributors on topics including Microsoft's market impact.
"Email, cloud and identity access management were identified as the most susceptible to disruption from Microsoft," Gallo said in a report. "Threat intelligence, network security and internal threats were viewed as the most resilient to Microsoft's reach, which is a positive to Zscaler, Palo Alto, Fortinet, Check Point and Varonis."
Cloud Computing And A Cybersecurity Battleground
Analysts expect Microsoft and industry incumbents to duke it out in a threat detection technology called XDR. The acronym stands for extended detection and response.
Cloud computing will make it easier for companies to deploy XDR.
The technology improves upon security information and event management. XDR security platforms monitor and analyze endpoints as well as web and email gateways. They also examine web application firewalls, cloud business workloads and information technology infrastructure.
In addition, XDR uses automated tools to gather network incident data, also called telemetry, to identify signals of malicious activity.
"Large XDR vendors such as CrowdStrike, Palo Alto Networks, SentinelOne and Microsoft are expanding their XDR products to cover more endpoints, better automate detection and remediation capabilities, integrate with more add-on modules and increase the size of their partner ecosystems," said William Blair's Ho. "In addition, a portion of these large vendors' partner ecosystems are increasingly including managed services because there has been a big uptick in their adoption."
He says Microsoft 365 Defender automatically collects, correlates, and analyzes signal, threat and alert data. It does so from across the Microsoft 365 environment, including endpoint, email, applications, and identities. It uses artificial intelligence and automation to automatically stop attacks and initiate responses.