With their own products, acquisitions, and software marketing partnerships, cloud computing titans are transforming the cybersecurity marketplace. However, Microsoft, which offers a variety of products at discounts to businesses, poses the biggest threat to incumbents in the industry.

A large number of cybersecurity companies, startup Netskope, and others, compete with Microsoft’s expanding portfolio of products. Additionally, Microsoft competes with Palo Alto Networks (PANW), which has built a cloud-based security platform through acquisitions.

The software behemoth recently disclosed to analysts that its security business now generates $15 billion in sales annually. It is expanding by 40% annually. Microsoft offers package deals for its Office 365 platform and Azure cloud computing service.

Microsoft isn’t the first household name in cloud computing to go into cybersecurity. A division of Amazon.com (AMZN), Amazon Web Services has created its own line of cloud-based security products. Additionally, it has developed into a crucial sales channel for businesses like CrowdStrike, Splunk, and Zscaler (ZS).

One of the largest categories on the AWS Marketplace, an online marketplace for independent vendors, is computer security. Companies load their own applications while renting computer servers and data storage from cloud computing service providers.

Also this year, Mandiant was purchased by Alphabet (GOOGL), the parent company of Google, for an all-cash sum of $5.4 billion. Mandiant is currently a component of Google’s cloud computing division. According to sources, Microsoft also contemplated purchasing Mandiant.

However, Google’s cybersecurity division is less significant than Microsoft’s and AWS’s. According to William Blair’s Ho, Microsoft has an advantage against Google because to its big corporate market sales force.

As a result of luring former Amazon cloud executive Charlie Bell to lead its cybersecurity division, Microsoft gained an advantage over AWS. Bell intends to leverage artificial intelligence techniques at Microsoft to strengthen cybersecurity defences against ransomware and other hacking tools.

Cybersecurity companies are being actively acquired by private equity groups. In contrast, a Morgan Stanley study names Microsoft and Google as potential acquirers in 2022, along with cash-rich incumbents Palo Alto Networks, Check Point Software Technologies (CHKP), Fortinet (FTNT), and CrowdStrike.

Microsoft has been acquiring startups Aorato, Adallom, Hexadite, and CyberX since 2014 in order to accelerate its drive into cybersecurity. Additionally, in July 2021, Microsoft purchased RiskIQ, a business that manages security threats. In 2021, Microsoft also acquired CloudKnox Security.

According to analyst Keith Bachman of BMO Capital Markets, Microsoft intends to enhance security research and development. The managers of Microsoft just met with him.

In a recent interview, he stated that Microsoft is developing an integrated, end-to-end security platform and added that management had claimed they saw a clear route to increasing revenue and profits with this security investment. MSFT’s goals include a stronger emphasis on integration, and all security engineering teams have been brought together to collaborate more across products under Charlie Bell’s leadership. We believe that the organizational unification will be beneficial because Microsoft’s prior security products and go-to market have not been adequately integrated or organized.

Microsoft claims to have 8,500 security personnel and 785 thousand security clients. The creation of security tools that safeguard non-Microsoft data and alternative cloud computing platforms, according to observers, is Microsoft’s biggest problem.

Microsoft’s Cybersecurity Strengths

Microsoft’s bundling strategy, according to MoffettNathanson analyst Sterling Auty is at the foundation of their astounding security momentum. Auty says that Microsoft has been progressively adding security products to its premium Microsoft 365 subscriptions, in the same way that Microsoft was able to swiftly build its Teams collaboration tool by bundling it into Microsoft 365 agreements.

The cornerstone of the company’s earnings, according to Auty, is identification. He went on to suggest that if Microsoft separated out the segment as a stand-alone company, it would be the largest individual security company. “Microsoft has developed a major identity business by utilizing its dominance in the enterprise directory market, where businesses handle user information. However, many of Microsoft’s products also address endpoint, data, cloud, and even network security—all important areas of security.”

Email and endpoint security generate the majority of Microsoft’s security income. Microsoft upsells sophisticated anti-phishing and threat prevention features while free Office 365 plans provide anti-spam and virus protection.

Microsoft competes against CrowdStrike and several other companies in the endpoint sector. Malware is discovered by endpoint security technologies on laptops, smartphones, and other devices that connect to corporate networks.

Analysts claim that Microsoft has outperformed Okta and rivals in identity and access management, or IAM. The identification of computer network users is verified using IAM software. The tools control how consumers, partners, and workers’ usernames, passwords, and access policies are handled.

Software distributors were recently surveyed by Jefferies analyst Joseph Gallo about issues such as Microsoft’s influence on the market.

According to a survey by Gallo, “Email, cloud, and identity access management were recognised as the most susceptible to disruption from Microsoft.” The best defences against Microsoft’s reach were perceived to be threat intelligence, network security, and internal threats, which is good news for Zscaler, Palo Alto, Fortinet, Check Point, and Varonis.

Companies to find it easier to adopt XDR thanks to cloud computing

The system enhances security event and information management. Web and email gateways, as well as endpoints, are tracked and analyzed by XDR security platforms. They also look at information technology infrastructure, cloud business workloads, and web application firewalls.

In order to detect signs of malicious activity, XDR also uses automated technologies to collect network incident data, often known as telemetry.

William Blair Ho claims that Microsoft 365 Defender automatically collects, correlates, and assesses signal, threat, and alarm data. This action is performed in the Microsoft 365 environment, which consists of endpoint, email, applications, and identities. It uses automation and artificial intelligence to automatically thwart attacks and launch defences.

The threat actions coming from state actors against critical infrastructure grew from 20% to 40% between July 2021 and June 2022 with the commencement of the Ukraine crisis, particularly from Russia and aimed at NATO member nations, according to Microsoft’s Digital Defense Report 2022.