Security Experts:

Connect with us

Hi, what are you looking for?



Microsoft Flexes Security Vendor Muscles With Managed Services

Microsoft Building

Microsoft Building

News Analysis: As organizations struggle with staff shortages and a surge in dangerous malware attacks on Windows, Redmond is positioning itself as an end-to-end managed services security vendor. Can Microsoft overcome its own security problems?

A little more than a year after raising eyebrows with a public boast that annual cybersecurity-related revenues had hit the $10 billion mark, Microsoft is making a new set of moves to capture a larger slice of the security spending pie.

The Redmond, Wash. software giant on Monday rolled out a new suite of new managed services — called Microsoft Security Experts — aimed at the mid-market, betting that short-staffed organizations will need outside help to reduce bloating attack surfaces and mitigate an ongoing surge in dangerous malware attacks.

The three new managed services are styled as a combination of technologies, threat intelligence and skilled personnel to help businesses hunt for signs of malicious infections or outsource the handling of detection and response incidents.

“Our vision is to deliver this new category of services across security, compliance, identity, management, and privacy. The first step on that journey is offering new and expanded services for security,” said Microsoft vice president Vasu Jakkal.

Jakkal noted that the cybersecurity skills shortage — data shows nearly one in three (or 2.5 million) security jobs vacant in the United States — has created major gaps in security programs big and small, arguing that technology alone cannot defend against the surge in cybercrime.

[ READ: For Microsoft, Security is a $10 Billion Business ]

She said the new Microsoft Defender Experts for Hunting service will be sold to organizations of all sizes, even those with robust SOCs (security operations centers). “Our experts will investigate anything they find and then hand off the contextual alert information and remediation instructions so you can quickly respond. With Experts on Demand, you can consult a Microsoft expert about a specific incident, nation-state actor, or attack vector with the simple click of a button,” she added.

Jakkal said corporate defenders will also receive specific recommendations to help understand and modernize security programs. The Defender Experts for Hunting services will be generally available later this year.

The second product line — Microsoft Defender Experts for XDR — is being positioned for businesses that need to extend the capacity of their security operations center. 

Jakkal said Defender Experts for XDR will be a managed extended detection and response (XDR) service that extends beyond endpoints to provide detection and response across Microsoft 365 Defender, investigating alerts and using automation and human expertise to respond to incidents alongside your team. 

[ READ: Google to Acquire Mandiant for $5.4 Billion in Cash ]

The third piece – called Microsoft Security Services for Enterprise — is for larger organizations looking to outsource the entire security response stack.  This component of the managed services will offer proactive threat hunting and managed XDR, using Microsoft’s SIEM and XDR stack to protect all cloud environments and all platforms. 

The launch of the new managed services puts Microsoft in direct competition with multiple entrenched security vendors and comes a month after rival Google shelled out $5.4 billion to acquire Mandiant for access to the big-game security response market. 

Over the last few years, Microsoft snapped up threat intelligence vendor RiskIQ and bought ReFirm Labs and CyberX to speed up its push into the IoT firmware and OT security space. The company has already announced plans to beef up its internal spend on cybersecurity R&D as it pushes ahead with its big bet on cybersecurity.

Security practitioners polled by SecurityWeek expect Microsoft to find immediate success with the new managed services.  “If you’re a Windows shop and you’re already standardized on Microsoft’s cloud and infrastructure, this makes total sense. In theory, Microsoft’s engineers should be the best at threat hunting on Windows,” said one prominent CISO at a 500-person financial services outfit.

[ READ: Google, Mandiant Share Data on Record Pace of Zero-Day Discoveries ]

“Even if you have a modern SOC and you have a big budget, it’s hard to find technical skills and experienced incident response folks. This will be very useful in places where threat hunting is a priority,” she added.

On the flip side, some CISOs bristled at the notion of paying Microsoft to monitor and protect its own platform and products.  “I don’t see a ransomware problem on macOS.  Ransomware is a Windows problem.  Not sure how they can square that away with selling services to deal with ransomware,” said another security engineering leader.

Microsoft’s own struggles with internal product security — zero-day attacks are surging and high-impact Azure flaw warnings have become routine — put the company in a tricky position of simultaneously boasting about its security expertise while there are major gaps in its own secure coding practices.

Redmond has largely looked past that narrative in search of security revenues. For many years, Microsoft dabbled in the anti-malware market before settling on the strategy of bundling Windows Defender into the operating system and cloud services.

The company also doubled down on its investments in security and risk management and found success with the Microsoft Azure Sentinel product, a product that falls neatly within the security information event management (SIEM) and security orchestration automated response (SOAR) categories.

Related: Microsoft Buys ReFirm Labs to Expand IoT Firmware Security Push

RelatedMicrosoft Acquires Industrial Cybersecurity Company CyberX

Related: Microsoft to Acquire Threat Intelligence Vendor RiskIQ

Related: Microsoft to Acquire GitHub for $7.5 Billion 

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek


Twenty-one cybersecurity-related M&A deals were announced in December 2022.