Microsoft Challenges Cyber Security Space

Owners of Cyber Security firms should take note that Microsoft is out to get you.

A recent article:


Microsoft poses the biggest threat to incumbents in the sector as it sells multiple products to companies in discounted deals. and is directly challenging CrowdStrike, Okta, Splunk and others. MSFT is also a rival of Palo Alto.

Its security business now brings in $15 billion in annual revenue. It’s growing 40% each year. Microsoft bundles products at its Azure cloud computing business and Office 365 platform. See that? Bundles, just like they put Teams into Office 365 and spent lots of money attaching Zoom. They have been slowly adding security products to their premium MS365 subscriptions.

While MSFT used to be somewhat of a security joke with quick and buggy software releases, it appears their reputation has changed according to analysts. It scores very well with Gartner and third-party evaluation platforms. And, the Microsoft product suite is very strong, enabling it to bundle products for customers."

They lured away Amazon cloud exec Charilie Bell from Amazon/AWS and Charile
plans to use AI tools to improve cybersecurity against ransomware attacks and other hacker tools. They have also been slowly acquiring private cybersecurity firms over the last 8 years.

MSFT will spend $20B over next 5 years to develop and end-to-end, integrated security platform.

Microsoft’s main challenge, analysts say, is developing security products that protect non-Microsoft data and other cloud computing platforms.

They compete with CRWD in end-point security and are also expanding their identity access management (IAM) offerings.

Analysts expect Microsoft and industry incumbents to duke it out in a threat detection technology called XDR. The acronym stands for extended detection and response.

Large XDR vendors such as CrowdStrike, Palo Alto Networks, SentinelOne and Microsoft are expanding their XDR products to cover more endpoints, better automate detection and remediation capabilities, integrate with more add-on modules and increase the size of their partner ecosystems," said William Blair’s Ho. “In addition, a portion of these large vendors’ partner ecosystems are increasingly including managed services because there has been a big uptick in their adoption.”

It might be worth reviewing quarterly MSFT Conf Call notes to see if they think they are starting to take market share from any cybersecurity firms we like. (the article said they would be the largest individual security company.)


While it’s true that Microsoft is a competitor in the cybersecurity space, the article is misleading and comes across more like an advertisement for MSFT than an objective viewpoint on the industry.

That makes is sound like Microsoft is the new kid on the block ready to take on the old and antiquated incumbents. That’s absurd. They’ve been competing for years vs the likes of SentinelOne and Crowdstrike and have lost ground, not gained. Kurtz has often mentioned large customers ditching Microsoft for Crowdstrike.

5 Star reviews on Gartner:

SentinelOne: 85%
Crowdstrike: 86%
Microsoft: 44%

Being the copy and paste company they are, I’m not suggesting Microsoft should be ignored as a competitor in the space. I noticed they now offer a fully managed service similar to Crowdstrike’s. And they naturally decided to name/brand a relatively new security solution as “Microsoft Sentinel.” Good grief!

Worth keeping an eye on, but, I’m not sure investors in likes of Crowdstrike, SentinelOne, Zscaler, etc., need to abandon ship just yet (Unless, of course, you’re not happy with what you see in an earnings report :wink:).




Brian, I don’t anyone should be trembling in their boots, but MSFT does have very deep pockets and they have earnings that can support expansion. When they started Azure, people probably laughed at a spreadsheet company trying to compete in cloud services, but look at them now. Just saying that people should pay attention to results in that segment and see if they appear to be taking away market share. They can afford to buy lots of upstarts that can compete and nibble at the edges. Some companies that have no earnings may not be able to fend off an attack from Mr. Softie.


I’m only adding to this thread because, as it turns out, Tomer Weingarten - SentinelOne CEO - was asked specifically about Microsoft as a competitor in S1’s earnings call Q & A. Weingarten included in his answer the misperception about Microsofts pricing structure that is presented as less expensive when included with MFST’s software packages, but, unsurprisingly, turns out isn’t really the case. And he plainly refutes any notion that Microsoft is displacing next-gen competitors - it’s more of the opposite.

Saket Kalia of Barclays asks: "I was wondering if you could just talk a little bit about the competitive landscape a bit, and in particular, Microsoft. I am wondering if you see them more in customer evaluations and how you think customers are viewing a Microsoft Defender option versus a specialist tool like Singularity or like other next-gen solutions out there, any thoughts?

Tomer Weingarten:

"Yes. I think that, by and large, the competitive dynamics stays relatively the same as we have seen in the past few quarters, past couple of years. All in all, folks look at best-of-breed security pretty much in the same token as they have had.

It’s also worth mentioning that while Microsoft offering as it pertains to the software piece might be included and perceived as free. If you look at integration costs, management costs and then DDR services or any affiliated service that actually bumps up the price in a pretty significant manner. So if you look at the overall TCO, it stays relatively comparable with best-of-breed offerings.

The second dynamic I want to highlight is that we have seen more and more Microsoft displacements, customers rebounding from Microsoft offering. Some citing it as eventually an eventual cost terms, the most expensive solution they had to manage over the years.

So we feel the competitive environment versus Microsoft is relatively sustained. We haven’t seen any major shift, and again, if at all, we are seeing more displacement (of Microsoft). And we feel that better be security, even in an environment where people focus on cost will still prevail in a lot of the cases."

All the best,



MSFT is rapidly capturing the home PC market and displacing Trend, Norton, and McAfee. This is because it is bundled free with Windows and does a reasonable job. My cyber friends tell me it is “good enough”.

MSFT will capture a certain segment of the enterprise business because it will bundle it with other paid services. For example Team pretty much comes for free if you have purchased MS email. These customers only need to spend a little on what is “good enough”. Generally this enterprise cyber segment is considered as ‘immature’ cyber customers. This is Not the segment that Sentinel or Crowdstrike are pursuing. They are focused on ‘mature’ or ‘advanced’ cyber customers who have a clear understanding of what they are buying and why. These mature customers are also not likely to put all their eggs into one backet. Nor do they require a lot of education and hand holding.