Microsoft (MSFT -3.58%) recently agreed to purchase CyberX, a developer of cybersecurity solutions for the industrial IoT (Internet of Things) market. Microsoft didn't disclose the value of the deal, but TechCrunch claims it was worth roughly $165 million.

Microsoft will integrate CyberX's tools, which can digitally map and gather data on thousands of devices in a building, into its broader portfolio of IoT security services. Microsoft claims CyberX provides "a fundamental step to securely enable smart manufacturing, smart grid, and other digitization use cases across production facilities and the supply chain."

A man uses cybersecurity software on a notebook computer.

Image source: Getty Images.

Microsoft claims the acquisition will also strengthen Azure Sentinel, its cloud-native security platform, and complement its other cybersecurity services. On its own, the CyberX acquisition might not seem all that significant for Microsoft, which ended last quarter with $11.7 billion in cash and equivalents. Startup tracker Growjo estimates CyberX only generated about $33.5 million in annual revenue last year -- a drop in the ocean compared to Microsoft's projected revenue of $141.5 billion this year.

But it we track Microsoft's growing list of cybersecurity investments, we'll notice it's gradually becoming a powerhouse in the growing sector. Let's see why Microsoft is expanding its cybersecurity portfolio, and how it could threaten smaller players in the space.

Microsoft's cybersecurity and IoT ambitions

Prior to buying CyberX, Microsoft bought security software maker XDegrees in 2002, rootkit security software maker Komoku in 2008, enterprise security firm Aorato in 2014, security firms Adallom and Secure Islands in 2015, and cybersecurity firm Hexadite in 2017. Adallom was its biggest cybersecurity acquisition to date, with a reported value of $320 million.

Those acquisitions buoyed the growth of Microsoft's paid cybersecurity services, which include tools like Office 365 Security and Azure Security Center. Microsoft also recently expanded its subscription-based Microsoft Defender ATP platform to Macs and Android devices. Microsoft doesn't disclose its revenue from these services separately.

Two years ago, Microsoft announced it would invest $1 billion annually in its growing cybersecurity ecosystem. That same year, it pledged to invest $5 billion in the IoT market over the following four years.

Cybersecurity icons against a blue background.

Image source: Getty Images.

Its IoT expansion included the introduction of Azure IoT Central, a cloud-based service for monitoring IoT devices; Azure Sphere, an end-to-end IoT product for Linux-based microcontrollers; and Azure IoT Edge, which runs Azure and AI services on the network edge.

Microsoft is expanding its cybersecurity and IoT portfolios for two reasons. First, baking in first-party security services into its broader ecosystem -- which includes Windows, Azure, and its other commercial cloud services -- tightens its grip on its own software and reduces the need for third-party security software.

Second, expanding its reach across the IoT market with new operating systems (like Windows IoT) and services (like Azure IoT) could expand Microsoft's reach beyond its mature PC and server markets. Doing so could widen its moat against challengers like SoftBank's ARM and tether non-PC devices more tightly to its software ecosystem.

The global IoT market could still grow at a compound annual growth rate of 24.7% between 2019 and 2026, according to Fortune Business Insights. That's why Microsoft is investing heavily in new IoT platforms and security solutions -- it can't afford to lose this sprawling market as it did with smartphones.

Could Microsoft disrupt the cybersecurity market?

Simply put, Microsoft wants to turn its software platforms into walled gardens that rely less on third-party services, including web browsers, cloud services, and security services.

In this context, Microsoft's growing interest in the cybersecurity market could be bad news for stand-alone security companies. Microsoft's acquisition of CyberX, along with its expanding platform of IoT and security services, strongly suggests that it can fully run and secure smart factories without additional third-party services.

Yet we shouldn't assume companies will eagerly tether themselves to Microsoft's ecosystem. Other tech giants, like Amazon and Cisco, also offer bundled IoT security solutions -- and they still haven't killed smaller IoT security players like FireEye and Palo Alto Networks, which offer more flexible solutions.

Therefore, Microsoft might be quietly becoming a cybersecurity powerhouse, but there could be plenty of room for all these players to grow without trampling each other.