Cloud computing giants are changing the cybersecurity market with their own deals, acquisitions, and software marketing deals, but Microsoft (MSFT) poses the biggest threat to incumbents in the industry, as it sells several products to businesses under discounted deals.
Microsoft’s growing range of offerings compete with cybersecurity firms such as CrowdStrike Holdings (CRUD), Okta (OKTA), Splunk (SPLK), Netskope startup and others. Additionally, Microsoft is a competitor of Palo Alto Networks (PANW), which used acquisitions to create a cloud-based security platform.
Now the software giant has told analysts its security business now brings in $15 billion in annual revenue. It increases by 40% every year. Microsoft bundles products from its cloud computing company Azure and its Office 365 platform.
MSFT stock fell 24% in 2022 amid the bear market for tech companies. Meanwhile, cybersecurity actions lagged the S&P 500 in 2022.
William Blair analyst Jonathan Ho said Microsoft has overcome a reputation for poor security linked to hacking attacks. These attacks targeted its Windows operating systems and web browsers.
“Microsoft was historically not considered very good at security with data breaches. Its products weren’t reliable when it came to cybersecurity,” Ho said in an interview. “All of that has changed. Microsoft has built strong cloud-native products. It scores very well with Gartner and third-party review platforms. And Microsoft’s product suite is very strong, which allows it to bring together products for customers.”
Cloud Computing: the giants turn to security
Microsoft isn’t the only cloud computing giant venturing into the realm of cybersecurity. Amazon Web Services, which is part of Amazon.co.uk (AMZN), has developed its own born-in-the-cloud security products. It has also become an important sales channel for companies such as CrowdStrike, Splunk and Z-scale (SZ).
IT security is one of the largest categories on AWS Marketplace, an online store for independent sellers. While companies rent computer servers and data storage from cloud service providers, they upload their own applications.
Additionally, Google-parent Alphabetit is (GOOGL) this year acquired Mandiant in a $5.4 billion all-cash deal. Mandiant is now part of Google’s cloud computing business. Microsoft also considered buying Mandiant, according to reports.
But Google’s cybersecurity business is smaller than that of Microsoft and AWS. William Blair’s Ho says Microsoft’s large sales force for the enterprise market gives it an edge over Google.
Meanwhile, Microsoft has taken a step ahead of AWS by luring longtime Amazon cloud executive Charlie Bell to lead its cybersecurity business. At Microsoft, Bell plans to use artificial intelligence tools to improve cybersecurity against ransomware attacks and other hacking tools.
More cybersecurity mergers and acquisitions in 2022?
Private equity firms have been actively acquiring cybersecurity companies. But a Morgan Stanley report cites Microsoft and Google as well as cash-rich incumbents Palo Alto Networks, Check Point Software Technologies (CHKP), Fortinet (FTNT) and CrowdStrike as possible acquirers in 2022.
To accelerate its push towards cybersecurity, Microsoft has since 2014 acquired startups Aorato, Adallom, Hexadite and CyberX. Additionally, Microsoft in July 2021 acquired RiskIQ, a security threat management company. Microsoft also bought CloudKnox Security in 2021.
At BMO Capital Markets, analyst Keith Bachman says Microsoft plans to increase security research and development. He recently met with the management of Microsoft.
“Microsoft is building an end-to-end integrated security platform,” he said in a recent note to customers. “Management said its $20 billion investment in security over the next five years reflects this commitment and will result in improvements to MSFT in a number of different security areas.”
He added, “Furthermore, management said they see a clear path to generate revenue and margins with this investment in security. MSFT’s plans involve a greater focus on integration and under the leadership from Charlie Bell, all security engineering teams have been brought together to work more across products Our view is that Microsoft’s legacy security products and baseline market have not been well integrated or well organized , so organizational consolidation should help.
Microsoft claims to have 785,000 security customers and 8,500 security employees. Analysts said Microsoft’s main challenge is to develop security products that protect non-Microsoft data and other cloud computing platforms.
Microsoft strengths in cybersecurity
“At the heart of Microsoft’s staggering security momentum is its consolidation strategy,” MoffettNathanson analyst Sterling Auty said in a recent report to clients. “In the same way that Microsoft was able to rapidly expand its Teams collaboration application by integrating it into Microsoft 365 agreements, Microsoft has gradually added security products to its premium Microsoft 365 subscriptions.”
“If Microsoft exited the segment as a standalone company, we believe it would be the largest individual security company, and identity is the cornerstone of company revenue,” Auty continued. “Over the years, Microsoft has leveraged its preeminence in the enterprise directory space, where companies manage user information, and built a leading identity business. However, many of Microsoft’s solutions touch on other key areas of security, including endpoint, data, cloud and even network.”
Most of Microsoft’s security revenue comes from email and endpoint security. While basic Office 365 plans offer anti-spam and anti-malware protection, Microsoft sells advanced anti-phishing and threat prevention tools.
In the terminal market, Microsoft competes with CrowdStrike and many others. Endpoint security tools detect malware on laptops, cell phones, and other devices that access corporate networks.
Analysts say Microsoft has also gained ground in identity and access management, or IAM, over Okta and others. IAM software verifies the identity of computer network users. The tools manage usernames, passwords, and access policies for employees, customers, and partners.
Jefferies analyst Joseph Gallo recently surveyed software vendors on topics including Microsoft’s impact on the market.
“Email, cloud, and identity access management were identified as most likely to be disrupted by Microsoft,” Gallo said in a report. “Threat Intelligence, Network Security, and Insider Threats were considered the most resilient within Microsoft’s reach, which is positive for Zscaler, Palo Alto, Fortinet, Check Point, and Varonis.”
Cloud Computing and a Cybersecurity Battleground
Analysts expect Microsoft and incumbents to go head-to-head in a threat detection technology called XDR. The acronym stands for Extended Detection and Response.
Cloud computing will make XDR deployment easier for enterprises.
Technology improves security information and event management. XDR security platforms monitor and analyze endpoints as well as web and email gateways. They also examine web application firewalls, enterprise cloud workloads, and information technology infrastructure.
Additionally, XDR uses automated tools to collect network incident data, also known as telemetry, to identify signals of malicious activity.
“Major XDR vendors such as CrowdStrike, Palo Alto Networks, SentinelOne (S) and Microsoft are expanding their XDR products to cover more endpoints, better automate detection and remediation capabilities, integrate with more add-ons, and increase the size of their partner ecosystems,” said William Blair’s Ho. , a part of these large vendor partner ecosystems are increasingly including managed services as their adoption has increased dramatically. »
It says Microsoft 365 Defender automatically collects, correlates, and analyzes signal, threat, and alert data. It does this from across the entire Microsoft 365 environment, including endpoint, messaging, apps, and identities. It uses artificial intelligence and automation to automatically stop attacks and initiate responses.
According to Microsoft’s Digital Defense Report 2022, threat activity from state actors on critical infrastructure doubled from 20% to 40% between July 2021 and June 2022, mostly from Russia and targeting member states of NATO after the start of the war in Ukraine.
Follow Reinhardt Krause on Twitter @reinhardtk_tech for updates on 5G wireless, artificial intelligence, cybersecurity and cloud computing.
YOU MIGHT ALSO LIKE:
IBD Digital: Unlock IBD’s premium stock listings, tools and analysis today
Learn to Time the Market with IBD’s ETF Market Strategy
How to use the 10 week moving average to buy and sell
Get Free IBD Newsletters: Market Readiness | Technical report | How to invest