Threat Intelligence

4/26/2018
04:00 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

How Microsoft, Amazon, Alphabet Are Reshaping Security

Tech's biggest giants are shifting the cybersecurity landscape as they incorporate security into their products and services.

Microsoft, Amazon, and Alphabet are stomping into the security market, ready to shake things up and address the weaknesses they see in today's tools. Analysts predict the three tech giants will disrupt security the same way they disrupted industries like computing, advertising, and retail by bringing protections to where people are moving their work: into the cloud.

Forrester analysts Jeff Pollard and Joseph Blankenship illustrate the threat in a new report intended to help security pros prepare to work with the companies as they focus on security in the cloud, a space the three effectively control. Legacy security vendors should be intimidated, says Pollard, Forrester's principal analyst serving security and risk professionals.

"As more and more technologies are cloud-ready and more services are cloud-enabled, what winds up happening is, in the same way Amazon can control a retailer on Amazon Prime, that's the kind of power Microsoft, Amazon, and Google will have on their own cloud marketplaces," he continues, referring to Google Cloud, which operates under parent company Alphabet.

Cybersecurity is a hot market for venture funding; Forrester reports VCs poured $3.1 billion into nearly 300 startups in 2016. The investment has driven innovation but failed to address basics like full-featured APIs and integrated management consoles bridging on-prem with cloud.

With their strong influence over the tech market, Microsoft, Amazon, and Alphabet would have had some degree of impact on security no matter what. Now, their effect will be bigger. "They control the marketplace, and that means you have to pay attention to them," Pollard notes.

Each firm bundles technologies and simplifies deployments for security teams, which can use preconfigured security policies for new servers and containers. Scalability isn't an issue; as infrastructure and applications grow, so do cloud platforms. Teams don't need to worry about whether hardware can handle bandwidth upgrades, or whether management servers can handle new endpoints.

As an example of bundling tech, Pollard points to Microsoft's Advanced Threat Protection on Office 365. This puts pressure on email vendors offering spam filtering and automated analysis. If companies already use the Microsoft 365 platform, they don't need additional tools.

Pollard explains how each company approaches security from a different angle. If you want to monitor endpoints you go to Microsoft, which sees how attackers target the Windows OS. If you want to interact with developers, you turn to Amazon Web Services (AWS). If you want to use VirusTotal, you work with Alphabet, which bought the malware and virus scanner in 2012.

He breaks down each company's strategy and explains its perspective:

Microsoft

"Microsoft should probably scare most people as the biggest existential threat," says Pollard.

The company has shown its ability to move into adjacent markets and succeed. Windows is the world's most common OS, giving Microsoft a market advantage and the easiest path to market if they want to push out other vendors. Even if an antivirus tool is on 30% of Windows machines, the AV company has a small fraction of the data Microsoft does.

The shift has changed CISOs' strategies, Pollard explains. Gone are the days when security leaders opted for separate antivirus tools in lieu of Windows Defender. Now, many question the business' choice to buy an endpoint suite when Microsoft's services have security built in.

Microsoft's strategy relies on integrated capabilities; its plan is to build security into each part of Azure, Office 365, and Windows. Acquisitions of smaller firms like Adallom and Aorato have added cloud security capabilities and malware detection, respectively.

Looking ahead, he anticipates Microsoft will continue to target its core enterprise market by making security easy to buy and use. He cautions security teams against investing all their resources in one vendor, however. Microsoft may have succeeded with Windows, Office, and Azure, but has failed in the past with Bing, Windows Phone, and Zune.

Amazon

Amazon's primary audience is developers, who benefit from the scalability and orchestration of AWS but put security teams in a tough spot with poor visibility and fragmented data. The Amazon strategy is to boost visibility in AWS so dev and security have the same set of threat intel, infrastructure logs, user activity, and CloudTrail API in one dashboard.

"Teams continue to use AWS and security teams aren't prepared for that," says Pollard. Amazon is now trying to empower both dev and security teams so they're on the same page.

Look to Amazon if you're focused on secure development, as developers will continue to be its primary audience, Forrester points out in the report. The company, analysts predict, will continue to add security features but will likely take time to broaden its target market.

Alphabet

Alphabet dabbled in the security space for a while, investing in VirusTotal and launching Project Zero for internal employees but it began its big push after Amazon and Microsoft did. Now it's trying to bundle security and grow the Google compute platform, says Pollard.

It seems Google Cloud's strategy is to go after the AWS market, he speculates. "They don't have the enterprise relationship that Microsoft has, so it makes sense to go after AWS." Its two focus areas include visibility and data analytics, and privacy on personal and professional levels.

Forrester recommends using Alphabet for data but approaching long-term investment with caution. "Alphabet has a history of announcing products and services, then letting them languish when they don’t take the world by storm," Pollard and Blankenship report.

Cybersecurity is a focus for Alphabet now, but the issue is whether the company will continue to prioritize its security services or abandon them. If your business uses Google Cloud Platform then it's worth investing in Alphabet's strategy, but if feature developments start to slow, it's recommended you reconsider.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/30/2018 | 11:16:34 PM
bridging on-prem with cloud
This is a huge problem to solve. Many dove headfirst into cloud only to realize 100% immersion was not the right path. Most organizations leverage a hybrid solution and as such are subject to this detriment in bridging data between the two facets. 
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/19/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
NC Water Utility Fights Post-Hurricane Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.