Until a few years ago, the first thing a responsible PC user would do after buying a new computer was to install antivirus software. There were lengthy discussions on online forums about which free software was better – AVG or Avast – or perhaps it was worth paying for the Kaspersky Lab product.
Today, most people don’t bother to install an antivirus at all. Over the years Microsoft has improved the cyberdefenses built into its operating software, including its Defender anti-virus offering. For the consumer market, the version of Defender inside Windows 10 is certainly adequate.
According to AV-Test, which surveys cybersecurity products, until 2015 Defender was unable to identify 15 per cent of all malware, making it a relatively weak product. But by the end of 2017, Defender’s success rate was close to 100 per cent. One result of this is that online Google searches for antivirus products have tumbled even though the threats, particularly ransomware, have only grown.
Microsoft is now expanding the same strategy it employed in the consumer market, to the business sector. If it succeeds, whole cybersecurity companies may disappear in the coming years in the face of an onslaught by the tech giant from Redmond, Washington. Whether Microsoft pulls its off hinges, to a large extent, on its Israeli research and development center.
Early in 2014 Microsoft named Satya Nadella as CEO and he launched the company’s cybersecurity drive. A few months, Microsoft announced that it was buying the Israeli startup Aorato for $200 million. It was the company’s first Israel acquisition in five years and, as it turns out, the beginning of a string of Israeli cybersecurity startup acquisitions.
In 2015, Microsoft bought Adallom for $320 million and Secure Islands for $150 million. Two years later it bought its fourth Israeli startup, Hexadite, for $100 million.
Now under the Microsoft wing, those startups became the core of its local cybersecurity R&D operations.
Microsoft’s Israeli cybersecurity startup shopping spree has cost it $770 million and it’s probably not through yet. “I look at a lot of startups and I wouldn’t be surprised if we didn’t make additional acquisitions. There are areas where we are far from a solution and see a technology gap – this is where we will invest effort and resources,” Michal Braverman-Blumenstyk, chief technology offers for Microsoft’s cloud and artificial intelligence security division, told TheMarker.
“Microsoft took a strategic decision to dramatically increase its market share in security, and they’re ready to spend a lot of money,” said a source with inside knowledge of the company’s plans who asked not to be identified. “The commitment to this issue comes from Nadella and [Corporate Vice President – Cybersecurity Solutions Group] Ann Johnson. They’re working to ensure that most enterprise security will be based on Microsoft.”
The source said he believed Microsoft stands a good chance at succeeding because of the company’s portfolio of software and cloud-computing services. “Microsoft has dedicated a big development team to the matter, whose anchor is in Israel,” he said. Half of the company’s 1,500-strong R&D workforce in Israel specializes in cybersecurity.
Hexadite was among the most important acquisitions that Microsoft made. On the basis of the startup’s technology, it developed the Defender Advanced Threat Protection anti-virus product for business users.
“In my talks, I say that within two to three years Microsoft will kill off the business anti-virus industry because ATP is a better solution on a technical basis than most competitive products out there,” said Nadav Arbel, the CEO and founder of the Israeli cybersecurity company CyberHat. “Within a few months they closed the gap – they took a product from zero to wow.”
Just like it does in the consumer segment, Microsoft offers most customers a free security component included inside its overall licensing price.
“As a policy, Microsoft is no more expensive than competing cybersecurity products, but big organizations are buying an E5 license anyway in which Defender and ATP are included. It’s a gradual process because it’s hard for the market to digest the fact that Microsoft is making an excellent product,” said Arbel.
The Israeli cybersecurity sector – which focused on end-user products and includes a fair number of companies – is destined to be a major casualty of Microsoft’s plans.
Microsoft’s other key acquisition in Israel was Adallom, whose technology was the basis for its cloud cybersecurity offering, which enables enterprises to control various cloud services, not only Microsoft ones. Called Microsoft Cloud App Security, it’s designed for companies that are switching their information technology services to the cloud and need tools to manage the new model.
People who were involved in the Adallom acquisition describe two of its products as phenomenal successes for Microsoft. No less important, Adallom’s co-founder, Assaf Rappaport, a leading cybersecurity expert and alumnus of the Israel Defense Force’s famed 8200 intelligence unit, now heads Microsoft R&D in Israel.
Aorato’s security product has also been a success for Microsoft’s Azure cloud platform. A few months ago, Microsoft unveiled a new product, Sentinel, designed to handle cybersecurity incidents, known as Security Information and Event Management, or SIEM. Microsoft’s cybersecurity strategy rests on three pillars.
The first is the preference for corporate customers for buying cybersecurity services from a single maker. Companies have difficulty dealing with multiple vendors; it’s easier and more efficient to rely on as few as possible. That has been one of the reasons behind the consolidation of the cybersecurity industry globally in recent years.
The second is taking advantage of the rapid move of big organizations to the cloud. As one venture capitalist explained it: “In order to create a competitive advantage in the cloud, Microsoft says, ‘Let’s make it more secure and they’ll choose us over our competitors.’ They have grown to be the second-biggest cloud player after Amazon, and part of this is connected to their security strategy.” Amazon doesn’t tout its security features to customers while Microsoft does.
The third pillar is using its near monopoly in the enterprise market to sell cybersecurity products. The customer doesn’t need to buy and install a new product – he simply activates a product that he already has. “Microsoft is so strong in terms of its platforms, so why shouldn’t it collect a few more cents from the user?” asks an industry source who asked not to be named. “Those [cents] translate into billions of dollars when you have 100 million users around the world.”
One industry consultant said he regarded Microsoft’s overwhelming presence as the key factor behind its success. “You can’t say their products are better, but for most organizations they’re good enough. Microsoft doesn’t deal with hardware, but in everything connected with software, it knows how to take over. I don’t see this stopping any time in the next five years,” he said.
Is that problematic? “It’s using their monopolistic power,” the consultant answered.
On the other hand, Ofer Schreiber of the Israeli-American YL Ventures fund, which specializes in cybersecurity, said he didn’t view Microsoft’s growing strength in the segment as necessarily threatening the industry.
“First of all, as a trend it’s positive,” he said. “It means that its competitors also have to move quickly in everything connected with security. Startups still move faster than any big enterprise, so it creates opportunities for them to collaborate with companies like Microsoft.”
Schreiber hinted that Microsoft’s aggressive drive will lead to a cybersecurity arms race between the big tech companies, which will spur them to buy more startups.
Another veteran cybersecurity investor, Kobi Samboursky of Glilot Capital Partners in Herzliya Pituach, agrees. “For startups, life is always hard and theoretically there’s always some giant that could do ‘the same thing.’ But real innovation is hard to do in a big company,” he said.
“In areas where Microsoft has a real advantage, like Windows, I wouldn’t touch, but in other areas they aren’t a player and if they want to be, they have to make acquisitions.”