Microsoft has Emerged as a Top Vendor of Enterprise Security Products
In the IT world, Microsoft has long been the villain everyone loves to hate. This is especially true for IT security professionals. Given my own tortured relationship with the company, admitting that they are now doing a lot of things right has been difficult to acknowledge. The InfoSec community may not uniformly agree, but Microsoft has emerged as a top provider of security tooling that is keeping enterprises safe.
A Brief History of Microsoft in Security
I have been telling my children that the company that provides their Xbox and Windows operating systems is not “your father’s Microsoft.” The Microsoft of my youth was led by a hyper-aggressive Bill Gates who bared little resemblance to the elder-statesman billionaire philanthropist we see today. In those days, Microsoft churned out vulnerability-ridden copies of Windows and Office software.
Within the IT community, anti-Microsoft forces were plentiful and the company was derided for its vulnerable products and tendency to copy successful software features from competitors. However, Microsoft’s software was so dominant that every developer, peripheral, and hardware provider had to integrate with it. As a result, Microsoft software maintained API connections to almost everything.
Security professionals have long known that connectivity is strongly correlated to vulnerability, so it is no surprise that Microsoft software was vulnerable to malicious activity. It became so vulnerable over the years that an entire industry evolved to address the security risks posed by introducing its software into enterprise environments. Companies like McAffee, Crowdstrike, Palo Alto, Splunk, Tenable, and many others owe their existence largely to the problem of the security risk posed by Microsoft’s software.
Let me repeat that:
Microsoft’s software was so vulnerable that IT shops across the globe paid third parties to provide protection instead of finding more secure alternatives.
I challenge you to think of another company that could do the same thing and get away with it. Yet, the Microsoft of my youth was so dominant that they not only got away with this, they thrived.
Ransomware and Extortion Forced a Change
Microsoft was dominant, and they were happy with the current arrangement from the top of their empire. That was until ransomware, social engineering, and extortion became garden-variety cybercrimes regularly executed against mainstream businesses. After Gates’s departure, the company lost its dominance on the desktop and was directly threatened by seemingly less vulnerable products including Apple’s IOS, Google’s ChromeOS, and Linux. This is when Microsoft appears to have gotten serious about securing its products rather than relying on third parties for protection.
Windows Defender is Introduced
Their first step was providing Windows Defender—a signature-based antivirus program provided for free with Windows starting in 2006. Windows Defender did not get much respect from security professionals (myself included) early on, but it steadily improved. Nearly 20 years later, it now successfully competes with modern anti-malware systems like Crowdstike and SentinelOne.
Microsoft’s Core Strength
Watching Defender evolve into a respected end-point security product reminded me that Microsoft has always been good at execution. When a software market forms, Microsoft often arrives late to the party. But when they finally do show up, they come in force.
They maintain enormous development resources and are extremely disciplined in applying those resources to build market-proven features and integrate them across their technology platforms. From Windows to Office to their Azure cloud computing platform, Microsoft has consistently approached product development in this targeted and efficient manner.
A Security Problem Became an Opportunity
About 10 years ago, Microsoft realized that enterprise security had evolved as a problem faced not only by a select group of financial institutions and technology companies but also by mainstream customers including consumer brands, service providers, and manufacturers. In other words, it was a problem that was front and center for Microsoft’s enterprise customer base. Their customers’ security problem had evolved into Microsoft’s opportunity.
Since then, they appear to have gone “all in” on security as a significant segment of their business in the same way they did with cloud computing. The results speak for themselves. Last year it was reported that revenue for Microsoft’s security business surpassed $15 billion and continues to grow at a rate of 40% annually. You don’t have to like them, but these results are impressive by any measure.
Advantages of Microsoft’s Security Products Today
Recently, as more Accord customers have searched for solutions to their security and privacy challenges, Microsoft products have jumped to the top of the list. These include:
- Sentinel SIEM/SOAR service
- Purview Data Governance Product
- Intune Endpoint Management
- Entra Identity Management
- Anti-malware product, Defender
As a veteran of many security product evaluations, I have observed a number of common attributes associated with Microsoft’s suite of security products.
Features
Microsoft is almost never “best-in-class” with its features. However, the 80/20 rule applies nearly uniformly to their products. They have 80% of the features provided by top competitors and can easily meet the requirements of most mainstream enterprises.
Ease of Implementation
From Azure to Windows to Office 365, they make it very easy to integrate with other components of Microsoft’s technology stack. Additionally (and because it is Microsoft), most implementation is “point & click.” Since most main street enterprises are largely standardized on Microsoft platforms, implementation is easy and less expensive than alternatives.
Cross-Platform Interoperability
You would think that non-Microsoft cloud services and operating systems would be at a big disadvantage, but this is not the case. Microsoft appears to recognize that today’s enterprise computing environment is a mixed bag of technologies and has gone to great lengths to ensure interoperability across platforms, even with their arch nemesis, the Linux operating system.
Automation
Microsoft understands that most enterprises do not have the resources to maintain their own 24/7 security operations centers. Unlike their competitors, they built in automation and workflows to allow security teams consisting of just a few staff members to operate efficiently. This demonstrates their understanding of customer needs in the mid-sized enterprise, where small teams of security professionals need access to the latest threat intelligence and the ability to manage alerts efficiently.
Artificial Intelligence
Microsoft is busily applying GPT-4 across its product line and we are not entirely sure how well this will work within its security product suite. However, the promise of AI hunting for threats, enabling multi-threaded investigations, and interacting directly to guide developers and system administrators is exciting.
Price
This is where they shine. In my evaluations, Microsoft has typically come in at 40-50% less than its competition in nearly every product category. With savings at those levels, they are difficult to ignore.
“I find myself reluctant and maybe even a bit embarrassed to advocate for a company that has maintained such a checkered history with the security industry. Maybe it’s because there are enormous implications if the IT Enterprises of the world standardize on Microsoft Security Products. Not the least of these concerns is the potential impact on innovation.”
It’s all about value
I find myself reluctant and maybe even a bit embarrassed to advocate for a company that has maintained such a checkered history with the security industry. Maybe it’s because there are enormous implications if the IT Enterprises of the world standardize on Microsoft Security Products. Not the least of these concerns is the potential impact on innovation.
While I must admit that I simply don’t know how this will impact security product innovation, I have been in this industry long enough to know value when I see it. If security products don’t fit within the financial constraints of organizations, then they will not get implemented. In this environment, that’s bad—very bad.
With ransomware so rampant and privacy laws closing in on nearly everyone, main street businesses need protection from threats now. For enterprises that are standardized on Office 365, Azure, and Windows, this value can no longer be ignored.
While their track record has not always been good, Microsoft now offers many non-technology enterprises their best chance of implementing meaningful information security at a sustainable price.