Microsoft (NASDAQ:MSFT) recently announced that it will invest over $1 billion per year on cybersecurity research and development. That amount, which is equivalent to roughly 8% of its R&D spend over the past 12 months, doesn't include any acquisitions that Microsoft might make. Let's see why Microsoft is beefing up its cybersecurity efforts, and what that could mean for smaller players across the fragmented industry.
What cybersecurity means to Microsoft
Microsoft's Windows is the most widely used PC operating system in the world, Office is the most popular productivity suite, and Azure is the second largest cloud platform in the world after Amazon's (NASDAQ:AMZN) AWS. Much of this massive ecosystem has traditionally been protected by third party companies. Microsoft's own products -- like Windows Firewall, Windows Defender, and Microsoft Security Essentials -- were often considered inferior to third-party ones.
However, Microsoft's ecosystem has become more cohesive under CEO Satya Nadella's "One Windows" strategy, which aims to install the same OS and app store across multiple platforms. Since users would ideally download apps from the Windows Store and deliver their data to Cortana and Bing via Azure, it would be logical to add first-party, self-updating security solutions across the entire ecosystem. Microsoft claims that the number of weekly cyber attacks has risen from 20,000 to as many as 700,000 over the past two to three years.
To counter those threats while expanding its ecosystem, Microsoft acquired three Israeli cybersecurity firms over the past two years -- enterprise security start-up Aorato, cloud security firm Adallom, and data protection firm Secure Islands. Those acquisitions and its planned R&D investments could help Azure challenge AWS, which already integrates an arsenal of security features into its cloud infrastructure platform. Azure's revenue surged 93% annually last quarter, but Microsoft hasn't revealed its exact sales figures yet.
How this could hurt smaller players
As Microsoft's cybersecurity ecosystem grows, it could overlap with the services of many smaller stand-alone third-party players. For example, Microsoft recently launched Windows Defender ATP (Advanced Threat Protection) for Windows 10. That endpoint service matches events with Microsoft's cloud-based Security Graph, which gathers data across over a billion Windows devices worldwide. It also works with Microsoft's email protection services from Office 365 and Microsoft Advanced Threat Analytics.
This platform directly competes against "perimeter" players like threat prevention firm FireEye (NASDAQ:FEYE) and next-gen firewall vendor Palo Alto Networks (NYSE:PANW). During last year's RSA Conference, Microsoft principal research lead Tanmay Ganacharya told Dark Reading that Windows Defender ATP can "help capture network traffic out of a given endpoint", so that it could "detect the same attacks" as FireEye and other threat detection services.
Consider what $1 billion means to these smaller cybersecurity companies. Palo Alto and FireEye are expected to respectively generate $1.8 billion and $720 million in revenues this year -- so there's no way that they could match Microsoft's R&D investments. Windows, Office 365, Azure, Dynamics, and other platforms all give Microsoft the ability to bundle and scale up its cybersecurity services very quickly. It can also offer lower prices and offset those losses across other parts of its ecosystem.
But "best in breed" cybersecurity firms could still survive
Microsoft's growing interest in the cybersecurity market could render some smaller players obsolete, but "best in breed" players like FireEye and Palo Alto have survived similar assaults from bundled players before.
Cisco (NASDAQ:CSCO), for example, has aggressively bundled threat prevention and next-gen firewalls into its networking hardware and software. Yet FireEye still serves 5,000 customers across 67 countries, which includes nearly half of the Forbes Global 2000. Palo Alto serves over 35,500 customers in more than 140 countries, including 80 of the Fortune 100 and half of the Global 2000.
Those numbers indicate that companies will likely value a company's track record and reputation over the convenience of cheaper bundles. They also indicate that it could be smarter for Microsoft to either acquire or partner with smaller stand-alone players instead of trying to render them obsolete.
The key takeaway
Beefing up its cybersecurity business will help Microsoft counter Amazon and tighten up its "One Windows" ecosystem. While some of the new features seem destined to crush third-party security players, investors should remember that companies will likely stick with "best in breed" players instead of the cheapest bundle, and a mass switch to a new security platform can be costly and time consuming.
Therefore, investors in cybersecurity companies should be mindful of Microsoft's ambitions, but they should remember that many "best in breed" companies have weathered similar attacks from companies like Cisco before.