News Analysis: As organizations struggle with staff shortages and a surge in dangerous malware attacks on Windows, Redmond is positioning itself as an end-to-end managed services security vendor. Can Microsoft overcome its own security problems?
A little more than a year after raising eyebrows with a public boast that annual cybersecurity-related revenues had hit the $10 billion mark, Microsoft is making a new set of moves to capture a larger slice of the security spending pie.
The Redmond, Wash. software giant on Monday rolled out a new suite of new managed services — called Microsoft Security Experts — aimed at the mid-market, betting that short-staffed organizations will need outside help to reduce bloating attack surfaces and mitigate an ongoing surge in dangerous malware attacks.
The three new managed services are styled as a combination of technologies, threat intelligence and skilled personnel to help businesses hunt for signs of malicious infections or outsource the handling of detection and response incidents.
“Our vision is to deliver this new category of services across security, compliance, identity, management, and privacy. The first step on that journey is offering new and expanded services for security,” said Microsoft vice president Vasu Jakkal.
Jakkal noted that the cybersecurity skills shortage — data shows nearly one in three (or 2.5 million) security jobs vacant in the United States — has created major gaps in security programs big and small, arguing that technology alone cannot defend against the surge in cybercrime.
She said the new Microsoft Defender Experts for Hunting service will be sold to organizations of all sizes, even those with robust SOCs (security operations centers). “Our experts will investigate anything they find and then hand off the contextual alert information and remediation instructions so you can quickly respond. With Experts on Demand, you can consult a Microsoft expert about a specific incident, nation-state actor, or attack vector with the simple click of a button,” she added.
Jakkal said corporate defenders will also receive specific recommendations to help understand and modernize security programs. The Defender Experts for Hunting services will be generally available later this year.
The second product line — Microsoft Defender Experts for XDR — is being positioned for businesses that need to extend the capacity of their security operations center.
Jakkal said Defender Experts for XDR will be a managed extended detection and response (XDR) service that extends beyond endpoints to provide detection and response across Microsoft 365 Defender, investigating alerts and using automation and human expertise to respond to incidents alongside your team.
The third piece – called Microsoft Security Services for Enterprise — is for larger organizations looking to outsource the entire security response stack. This component of the managed services will offer proactive threat hunting and managed XDR, using Microsoft’s SIEM and XDR stack to protect all cloud environments and all platforms.
The launch of the new managed services puts Microsoft in direct competition with multiple entrenched security vendors and comes a month after rival Google shelled out $5.4 billion to acquire Mandiant for access to the big-game security response market.
Over the last few years, Microsoft snapped up threat intelligence vendor RiskIQ and bought ReFirm Labs and CyberX to speed up its push into the IoT firmware and OT security space. The company has already announced plans to beef up its internal spend on cybersecurity R&D as it pushes ahead with its big bet on cybersecurity.
Security practitioners polled by SecurityWeek expect Microsoft to find immediate success with the new managed services. “If you’re a Windows shop and you’re already standardized on Microsoft’s cloud and infrastructure, this makes total sense. In theory, Microsoft’s engineers should be the best at threat hunting on Windows,” said one prominent CISO at a 500-person financial services outfit.
“Even if you have a modern SOC and you have a big budget, it’s hard to find technical skills and experienced incident response folks. This will be very useful in places where threat hunting is a priority,” she added.
On the flip side, some CISOs bristled at the notion of paying Microsoft to monitor and protect its own platform and products. “I don’t see a ransomware problem on macOS. Ransomware is a Windows problem. Not sure how they can square that away with selling services to deal with ransomware,” said another security engineering leader.
Microsoft’s own struggles with internal product security — zero-day attacks are surging and high-impact Azure flaw warnings have become routine — put the company in a tricky position of simultaneously boasting about its security expertise while there are major gaps in its own secure coding practices.
Redmond has largely looked past that narrative in search of security revenues. For many years, Microsoft dabbled in the anti-malware market before settling on the strategy of bundling Windows Defender into the operating system and cloud services.
The company also doubled down on its investments in security and risk management and found success with the Microsoft Azure Sentinel product, a product that falls neatly within the security information event management (SIEM) and security orchestration automated response (SOAR) categories.