A ZDNet article yesterday brought to my attention today just how far Microsoft has moved the needle to becoming a cybersecurity services provider. Increasingly, cloud providers are entering this market and Microsoft has started off by providing the most important services to cloud customers. Cloud has become a ubiquitous infrastructure and buyers are demanding cloud security monitoring and alerting. In fact, 40% of respondents to a recent ESG cybersecurity services study state that these services are must-haves from managed security services providers (MSSPs). In this instance, Microsoft can be considered an MSSP as it offers many of the services in this market.
Microsoft is making great strides in adding cybersecurity services to its arsenal. In April, it introduced the managed threat hunting service called Threat Experts on Demand as part of the Microsoft Defender Advanced Threat Protection (ATP) service for customers with subscriptions such as Windows 10 Enterprise E5 and the Microsoft 365 bundle, giving enterprise customers access to top Microsoft security experts when they need help working through a tough threat. Last September, the company launched its Azure Sentinel cloud-SIEM, enabling data collection across the enterprise and detection of unknown and advanced threats utilizing Microsoft’s threat intelligence telemetry, which is significant in quantity and is made actionable by the company’s artificial intelligence (AI) and machine learning (ML) and threat hunting capabilities. These ingredients enable faster response to incidents, but not all enterprises have the resources to dig deep into these tools on their own. Now with Threat Experts on Demand, Microsoft assists the enterprise to make sense of the most challenging threats.
In an ESG study on threat detection and response (TDR), which asked about managed threat services, a quarter of respondents stated that one of the most important attributes of managed detection and response (MDR) services is highly skilled and trained staff for threat detection, threat hunting, and response, making it the second most-cited response (see chart below). The top response is also illustrative of Microsoft’s strengths, as 28% of respondents indicated that their MDR service should include threat intelligence (TI) resources and expertise, and accept open source TI feeds.
And thirty-one percent of respondents to ESG's 2019 Technology Spending Intentions study said that they would be making significant investments in cybersecurity technologies which employ AI/ML for threat detection in 2019 (see chart below).
Managed security services (MSS) are comprised of management and monitoring of security technologies with eyes on glass in the security operations center (SOC) to alert customers of threats and provide remediation suggestions. Essentially Microsoft has entered the monitoring side of the MSS market with key ingredients such as Azure Sentinel. Given the increasing problematic cybersecurity skills shortage, this is a welcome addition to Microsoft customers.