Microsoft Is Piecing Together Desktop-to-Cloud Cybersecurity
The software giant can leverage its operating systems but won't necessarily displace competing approaches
Thursday, April 9, 2020
By John Hintze
Cybersecurity threats are so numerous, technically challenging and constantly evolving that technology companies are rarely so bold as to claim they have an all-encompassing solution. Large corporations tend to take a so-called best of breed approach, their defenses consisting of offerings from multiple providers.
However, some top names in IT have the scale and leverage to tackle big security problems. IBM last year announced an effort, with Bank of America collaborating, to make public cloud networks sufficiently secure and compliant to handle mission-critical financial services operations.
Now Microsoft Corp. is rolling out an integrated offering that can deliver comprehensive and cost-efficient security throughout the financial industry and its infrastructure - with which Microsoft, like IBM, has close technological ties - as well as for nonfinancial corporations.
“If these companies are planning a Windows 10 upgrade in 2020, it's going to be very complementary,” said Joseph Krull, senior analyst at Aite Group and author of a recent report on 2020's top cybersecurity trends.
Mark Chaplin, principal of the London-based Information Security Forum (ISF), said organizations of all sizes should ultimately benefit from a technical platform that reduces exposure to attacks and misuse. For smaller organizations, he said, it can help ensure that basic technical measures are in place to protect against common attacks such as phishing, ransomware and other types of malware.
An effective soup-to-nuts solution can help simplify and consolidate security architecture, reduce or stabilize costs, and allow resources to be directed to critical areas of infrastructure protection, Chaplin said.
Chaplin added that that large organizations, such as those in the financial, technology and energy sectors, will still buy products and services from current and emerging security vendors. “In doing so, they will need to develop new security architecture, integrate new capabilities and features, and provide assurance of the protection provided - whether embedded in platforms or bolted on,” he said.
Aite's Krull said that Microsoft has been acquiring cybersecurity product companies since 2014. He believes that in 2020, the software giant will “aggressively” try to displace traditional vendors with a coordinated and interlocked product strategy, extending from the desktop to the cloud.
“Although the majority of CISOs [chief information security officers] will continue to procure what they believe to be the best-of-breed cybersecurity solutions, Microsoft's offerings may complement existing defensive capabilities,” Krull said in the report.
Microsoft is uniquely positioned, with its operating systems embedded in most organizations' computing frameworks. Chaplin said he was unaware of any other technology companies seeking to provide the same level of security capabilities via an operating system.
“However, pure play cybersecurity vendors and other technology companies, such as Symantec, Check Point Software Technologies and Palo Alto Networks, continue to develop their cyber protection capabilities as well as acquire innovative start-ups that bolster their offerings,” Chaplin pointed out.
Rollout Expected This Year
Microsoft provided information about its various cyber capabilities but did not respond to queries about “knitting together” its assets into a “coordinated ecosystem,” as Krull described it.
Krull, who is located in Israel, a hub of Microsoft's cybersecurity R&D, is expecting the company to roll that out this year.
“We're already seeing it in certain markets, but over the course of the next 12 months we will see a concerted approach,” he said. He added that Microsoft already licenses the infrastructure software on which other applications run, so the vendor's “pitch” will be that organizations simply need to upgrade their licenses to get the broader capabilities.
“They're really putting all the pieces together, and their teams are going to go out and say, 'Why buy all these products from different security vendors when Microsoft can bundle it in with their other products?'” Krull said, noting organizations that have strong Microsoft relationships may be able to cut deals and reduce costs.
An industry source knew of at least three U.S. company CISOs who had been pitched by Microsoft account managers to use more cybersecurity capabilities by upgrading licenses for Microsoft Office 365 E5, which comes with advanced security, compliance, voice and analytical capabilities.
The components being pulled together include Office 365 Advanced Threat Protection (ATP), Windows Defender ATP, Azure Active Directory (AD) Identity Protection, Azure ATP, and Microsoft Cloud App Security. Also included, Krull said, will be security information and event management (SIEM) capabilities, mobile device management, and security alert automation.
“Microsoft's apparent focus is to collect telemetry and threat data from millions of endpoints and servers running Microsoft operating systems and applications as well as detect and help disrupt pre-attack and attack activities,” the report says. “The company has also invested heavily in protection for cloud applications and integrated identity and access management.”
A familiar tenet of risk management is not to put all eggs in one basket. Although doing so could pay significant dividends in this case, companies are not precluded from adding other security tools. Krull said Microsoft will have to make a compelling business case for adopting its integrated cybersecurity, but benefits such as easier integration, potential cost savings, and only having to deal with one vendor make for a “pretty compelling approach.”
Chaplin at ISF said organizations leveraging Microsoft's “built-in capabilities” can benefit from consolidating security features, using established interfaces and management consoles, enabling more security features, and producing more meaningful reporting.
“Increased integration of security features helps organizations move closer to a secure-by-default approach, where increased protection comes as part of the underlying platform,” Chaplin said. “It also means data relating to threats and vulnerabilities is provided in concentrated areas of infrastructure, helping to support better monitoring, analysis and quantification of risk.”
He added that embedding security features such as data encryption, malware protection, software updates and event monitoring into operating systems will help organizations keep pace with adversaries. Using multiple vendors brings benefits but also challenges, including developing security architecture, integration, monitoring and reporting, that can slow down efforts.
However, Chaplin said, organizations will have to be careful that adoption of more integrated or built-in security features doesn't introduce unanticipated exposures. He added that they will also have to evaluate how Microsoft's capabilities, obtained through acquisition and integration, compare to best-of-breed alternatives in terms of quality, capability and scope.