Source: Microsoft Corp
For years Microsoft Corporation's (NASDAQ: MSFT) Windows operating system has battled the perception that it is not very secure, riddled with bugs and security holes that are constantly needing patches. Whether or not this is true is a perpetual debate in the IT security world -- part of the reason why Windows is attacked so much is because of its dominant 90% market share. Nevertheless, Microsoft is stepping up its security game with a cloud-based threat detection service and a brand-new cyber defense facility, which should not only be good for Windows users, but also investors.
Using its popularity to its advantage
On March 1, Microsoft announced its new service to combat cyber attacks, called Windows Defender Advanced Threat Protection. The service will build on some of the features already in Windows 10, but will only be available to commercial licenses of the operating system.
The new service is a post-breach layer of protection -- identifying attacks once they are already in the system. Microsoft views this as a sorely needed service, as it found most enterprises take 200 days or more to detect security breaches and another 80 days to contain them.
Because these attacks are becoming increasingly sophisticated, the Microsoft service uses machine learning to identify them. It leverages Microsoft's Security Graph, which contains huge amounts of data gathered anonymously over the millions of devices running its software. Windows is certainly a big target for hackers as the most popular operating system, but this also gives Microsoft more data to learn from hackers.
The service can learn to identify suspicious behavior and then alert IT professionals to it. The upside to this learning approach is it can hopefully identify attacks sooner, or notice new attacks that use a slightly different approach than previous ones. The downside is it cannot definitively identify an attack but only say whether there is a good probability some suspicious activity looks like an attack. It is then up to the IT professional to review the potential threat and decide how to handle it.
Microsoft plans to add a more complete solution later, giving IT security officers the tools to deal with it on the spot. For now, two features that will be available are the ability to "time travel" and go back in the history of a machine to when it was compromised to see how it has changed, as well as the ability to upload suspicious files to an isolated machine in the cloud in order to observe it in a "quarantined" area.
The service is currently in a test phase, with parts of it to be rolled out soon. However, Microsoft has not yet committed to a final release date or pricing. Because it is post-breach layer of protection, the service should not compete against traditional firewall services that look to keep attackers out, but investors should keep an eye on whether this new service will compete against other security companies.
Putting its money where its mouth is
Additionally, Microsoft has also built a new physical facility dedicated to cybersecurity, calling it the Cyber Defense Operations Center. Located in its Redmond, Wash., headquarters, the facility opened last November, but has recently received additional press in major news outlets like The Wall Street Journal.
The WSJ article notes the center is not just a work space, but a showcase, with features like a fancy glass enclosure that can transform from opaque to clear with a push of a button. The showcase sentiment is further bolstered by things like big white letters hanging off of the wall spelling "protect," "detect," and "respond."
Microsoft may be overcompensating for its current negative perception of being lax on security by building the new war room, but at least it is also putting its money where its mouth is. Although the company won't divulge how much the new center cost, management did point out it spent $1 billion on security in 2015, which includes acquisitions. For a company that generates around $30 billion in cash from operations, this is not a trivial amount.
Additionally, the center will be staffed by 50 security experts from other divisions. Microsoft has noted it achieves more efficiency with a diverse group to tackle problems, as well as having them in the same room in order to respond to threats quickly.
The ability to offer a secure operating system will be crucial to the company's strategy of getting more people to switch to Windows 10, especially corporate users. Experts have already noted Windows 10 is much more secure than previous versions, and as testament to this the U.S. Department of Defense recently directed all of its agencies to deploy Windows 10 within one year. However, there is still a long road ahead, as most estimates put Windows 10 usage at only 13% to 15% for all computers, compared to Windows 7 at more than 50%.
Trying to shed its reputation of not stepping up to the security challenge will be tough for Microsoft and take time. But overall these two developments are a great start to CEO Satya Nadella's commitment to invest more in security, especially at a time when cybercrime is intensifying. This, in turn, will be crucial to maintain market share in the operating system space, as well as entice enterprise customers to upgrade.
