When it comes to security, Microsoft is known more for its failings than its prowess. But that's not stopping it from taking on cybersecurity stocks like CrowdStrike, Palo Alto Networks and Zscaler in a bid to become a security powerhouse.
And the offensive is paying off, fueling a revenue stream that's helping to lift Microsoft stock, even as the tech giant grapples with its sketchy track record on security. Early this year, the company said its robust cloud computing business, aided by its expanding AI capabilities, boosted its cybersecurity business to $20 billion in 2022. Recent moves put it in a position to kick up competition in the new year ahead.
Not that memories have faded about serious security breaches, led by a Chinese espionage hack. Some industry leaders — leaders of top cybersecurity stocks among them — are raising red flags over Microsoft's bid to become a bigger player.
"Given Microsoft's history, it's like the doctor selling the patient cigarettes," CrowdStrike Chief Executive George Kurtz told Investor's Business Daily.
Microsoft Stock Performance Counting On Bundling Strategy
But Microsoft is forging ahead. A key part of its strategy is offering discounts when bundling security products with premium subscriptions to its Office 365 productivity tools.
The company took a hit from a 2021 incident when China-based hackers gained access to the emails of the Secretary of Commerce, the U.S. State Department and two dozen other companies and organizations. The email breach started with the theft of a Microsoft encryption key.
Meanwhile, Microsoft took steps to address worries related to the breach. In November, the company announced its Secure Future Initiative to bolster cloud security. Analysts tied the new initiative to the Chinese hacking incident and the commercial launch of new Microsoft AI offerings.
Cybersecurity Leadership Shake-Up
In addition, this month Microsoft shook up its security leadership team, naming Igor Tsyganskiy as chief information security officer. He replaced Bret Arsenault, who had been in the role for 14 years.
Cybersecurity industry leaders are gearing up for a fight, which will likely heat up in 2024. Kurtz underscored this at a recent Goldman Sachs conference.
"If people use Microsoft technologies, fine, but they don't want the fox guarding the henhouse," he said.
Kurtz doubled down on his criticism in an interview with IBD, arguing that Microsoft is known for "so many exposures and architectural issues and vulnerabilities" in its technology.
"You can claim that you fix them, you can claim that you're working on a lot of projects," Kurtz said. "But the reality is that it's Microsoft's technology by and large that's being breached."
In fact, 2023 marked the 20th anniversary of "Patch Tuesday" updates. Microsoft introduced regular software patches in October 2003 after the Blaster worm, a virus program, targeted its products.
Microsoft Cybersecurity Business Growth Outlook
Still, Microsoft's cybersecurity push appears to be gaining traction. In January, the company said its cybersecurity division posted $20 billion in revenue over the previous 12 months. Microsoft put annual growth of its cybersecurity business at over 30%. Microsoft doesn't break out cybersecurity revenue in its quarterly reports.
Evercore ISI estimates that Microsoft's cybersecurity business will boom to $37.2 billion by 2025, accounting for 14% of overall revenue, up from 10% in 2022.
Meanwhile, Microsoft has emerged as a strong player in AI. It formed a major alliance with OpenAI, the startup that helped spark the AI craze with ChatGPT. Microsoft plans to add a new AI assistant, or "Copilot," to security products bundled with its cloud-based Office 365 platform. The tools are designed to help companies quickly track and analyze threat intelligence and investigate incidents.
Kurtz of CrowdStrike downplayed Microsoft's AI edge, saying the company doesn't have a monopoly on the fast-growing technology.
"Microsoft has done a good job of partnering with OpenAI," Kurtz said. "But there are a lot of LLMs (large language models) out there from a technology perspective. The way we think about it is leveraging the right LLM, whether it's OpenAI, Anthropic or (Amazon's) Bedrock for the right job at the right price point."
Will Secure Future Initiative Boost Microsoft Stock?
CrowdStrike sells its own co-pilot security tools, branded Charlotte.
Meanwhile, with its new Secure Future Initiative, Microsoft aims to cut the time to mitigate vulnerabilities for its own cloud platform by 50%.
William Blair analyst Jonathan Ho suggested the initiative does not address products sold to companies.
"One nuance is that this initiative seems more about internal development, best practices and infrastructure hygiene around their own cloud products versus the effectiveness of their security products they are selling," he told IBD.
Gartner analyst Jason Wong said in an interview that customers are demanding "more transparency from Microsoft on their responsiveness to cyberattacks and this initiative is one way to demonstrate more transparency."
He added: the "initiative highlights how Microsoft is applying (artificial intelligence) Security Copilot themselves and what it could potentially do for customers."
Former Amazon Cloud Leader Hired
Meanwhile, Microsoft has been beefing up its cybersecurity leadership team, underlined by the hiring of Tsyganskiy.
Two years ago, the company hired Charlie Bell, a key Amazon.com cloud computing executive. Bell now serves as executive VP of Microsoft Security.
Like Bell, Tsyganskiy is an outsider. He joined Microsoft in September 2023, and was previously head of investment technologies at hedge fund Bridgewater Associates.
Meanwhile, Bell was a smart hire. Gartner's Wong said Bell "brought in a lot of credibility and management chops." Still, he reportedly faced pushback from Microsoft incumbents on making changes.
Cybersecurity: Big Data Advantage?
Microsoft is competing with the likes of Palo Alto Networks and CrowdStrike in building a broad cloud-based cybersecurity platform. The rapid rise of AI is a game changer in this battle. And Microsoft, with its aggressive embrace of AI and its early partnership with OpenAI, enjoys key advantages.
One of them is data.
In its 2023 Digital Defense Report, Microsoft said its data analytics team looks at 65 trillion "signals" daily to spot criminal cybersecurity activity. In a Microsoft security podcast this year, Bell described Microsoft's cybersecurity battle with hackers.
"It's like the first move in a chess game. They get to move first," Bell said. "But we actually have an asymmetry, too. The asymmetry on our side is data. We get to see everything. You know, Microsoft — we talk about 65 trillion signals a day. So the data asymmetry is a — think of it as a big half of the solution to tilting things in our favor ... If there ever is going to be anything that totally changes that asymmetry, it is AI."
Microsoft Stock: How Company Is Leveraging AI
AI is an important battleground.
Cybersecurity firms have used AI's pattern recognition capabilities to spot malware data for years. But the emergence of OpenAI's ChatGPT in November 2022 created new opportunities for both companies in the cybersecurity business and the criminal hackers they are trying to shut down.
Cybersecurity firms expect generative AI tools to reduce the time it takes to detect and respond to many forms of computer hacking. The technology can also be used to automate more functions in security operations centers, helping deal with a shortage of software engineers.
Microsoft is providing this monitoring service to its Azure cloud customers. The company has created a natural language interface that uses OpenAI models to help security teams analyze and query large amounts of data from network logs, alerts, events, incidents and threat intelligence.
"Microsoft's the first mover in this space, but we've got to move really, really fast in the security world just to make sure that customers can confidently move forward with it," Bell said on the Microsoft podcast. "But you've got to remember that the attackers are constantly innovating."
Bell cited a key hurdle: a shortage of engineers.
"One of the initial problems that we have to work on ... is you don't have the experts," he said on the Microsoft podcast. "I think the number is 3.5 million jobs that go wanting in security just because we don't have the people to do them."
Microsoft's Offerings In Cybersecurity Business
Microsoft continues to tout the progress of its cybersecurity business.
The company says it has one million security customers and 8,500 security employees.
Some analysts view Microsoft as more of a threat to industry incumbents in the small- and medium-size business market. That's because large companies often prefer security products — like those from big players like Palo Alto Networks and CrowdStrike — that offer services over multiple cloud platforms, including Microsoft rivals, Amazon Web Services and Google Cloud.
Most Microsoft security revenue currently comes from email, endpoint and identity security. While Basic Office 365 plans offer anti-spam and malware protection, Microsoft upsells advanced anti-phishing and threat prevention tools.
Microsoft Stock: Long Road To Reputation Repair
Microsoft competes with companies like CrowdStrike in the endpoint security market, covering tools that detect malware on laptops, mobile phones and other devices that access corporate networks.
Also, Microsoft is gaining traction in identity and access management, or IAM, vs. Okta and others, analysts say. IAM software verifies the identity of computer network users. The tools manage the user names, passwords and access policies of employees, customers and partners.
This year, Microsoft expanded into network infrastructure security with its Secure Service Edge products, competing with players like Palo Alto, Zscaler and Cloudflare.
To expand its reach, Microsoft has turned to acquisitions. The company has acquired a number of startups since 2014, including Aorato, Adallom, Hexadite and CyberX. Two years ago, Microsoft acquired RiskIQ, a security threat management company, and CloudKnox Security, a cloud infrastructure security software company.
Microsoft Stock: Cloud Security Push
But despite its gains in the cybersecurity industry, Microsoft still must overcome its downbeat reputation when it comes to security, William Blair's Ho said.
"Their reputation has been harmed as a source of security vulnerabilities, which creates friction with customers," he said.
Gartner's Wong offered a more upbeat view, saying Microsoft has "rebuilt their reputation around security."
"They were seen as a legacy provider," he said. "But they've rebuilt the security business around cloud and workloads running on Azure. It's really built around the consumption of Azure services."
Is Microsoft Stock A Good Buy Now?
Microsoft stock has advanced 56% in 2023, as of Dec. 26. The Magnificent Seven stock is on the IBD Long Term Leaders list of quality stocks with superior long-term gains. Microsoft shares have climbed 738% since September 2015.
Microsoft also is on IBD Leaderboard's Leaders Near A Buy Point list. On a technical basis, Microsoft stock broke out of a cup base with a 366.78 buy point on Nov. 10. It's still trading within the 5% buy range, which goes to 385.12.
In addition, the stock holds an 88 Relative Strength Rating, meaning it has outperformed 88% of all stocks in the past 12 months. Earnings growth has accelerated for four quarters in a row.
Cybersecurity Stocks: What To Know
As of Dec. 26, the IBD Computer Software-Security group ranked No. 6 in six-month price performance out of 197 industry groups. Among the leading cybersecurity stocks, Palo Alto Networks stock has shot up 114% in 2023. CrowdStrike stock has advanced 143% this year, and Zscaler stock has popped 99%. Cloudflare has jumped 88%.
Many cybersecurity stocks are benefiting from a shift to security services, such as SASE, delivered via cloud computing platforms. Competition in the SASE market is rife and Microsoft is a new player.
Consolidation Trend In Security Market
Further, Palo Alto and CrowdStrike are building broad threat-detection platforms. Called XDR, or extended detection and response, the cloud platforms monitor endpoints as well as web/email gateways, web application firewalls and cloud business workloads.
Among other cybersecurity stocks to watch is Qualys, a partner in Microsoft's Security Copilot development. Also, Qualys stock is up 80% in 2023.
CrowdStrike, Qualys and Zscaler are all on the IBD 50 list of top growth stocks. In addition, Zscaler also is currently on Leaderboard, IBD's premium stock idea service.
On a technical basis, though, all three cybersecurity stocks are extended from their latest buy points, meaning they are not timely buys right now. Palo Alto Networks stock also is extended from its buy point.
2024 Cybersecurity Business Forecast
Meanwhile, cybersecurity stocks enjoy a market with strong projected growth. Research firm Gartner forecasts a 14% rise in global corporate spending on cybersecurity in 2024 to $215 billion. Spending on cloud security products and services will jump nearly 25% to $7 billion, Gartner predicts.
Further, Susquehanna Financial initiated coverage of cybersecurity stocks on Dec. 15.
"While we view the overall cybersecurity market as attractive, we believe there are key priority areas that are especially benefiting from increased investment levels," said analysts Shyam Patil and Jared Pomerantz in a report.
"In particular, we believe continued network fragmentation and workforce distribution will continue to benefit those leveraged to SASE, just as the growth of cloud computing is likely to underpin significant expansion across various cloud security products and submarkets. The explosion of generative AI has served to ensure AI is top of mind across the marketplace, and we see AI security and enablement as a growth area for years to come."
Meanwhile, OpenAI customers rolling out new AI projects are boosting Microsoft's cloud computing business.
Follow Reinhardt Krause on X, formerly called Twitter, @reinhardtk_tech for updates on artificial intelligence, cybersecurity and cloud computing.