Partners: Microsoft Acquisition Of Hexadite Is Step In Right Direction For Security Push

Partners said Microsoft's acquisition of Hexadite is a step in the right direction for the software giant's security aims, but that the company still has a way to go when it comes to its security portfolio.

Over the past two years, Microsoft has made significant investments around security, an issue CEO Satya Nadella has called the "most pressing issue of our time." The company announced plans to funnel $1 billion into security research and development.

That strategy has included multiple security acquisitions, including that of data protection company Secure Islands, and cloud security company Adallom in 2015. The most recent purchase of Hexadite expands Microsoft's capabilities around security automation and orchestration, a market that is gaining increasing traction and importance in the security space as companies face an overabundance of alerts and a shortage of security talent.

[Related: Microsoft Confirms Acquisition Of Security Automation Firm Hexadite]

"Microsoft has certainly been a leader in many areas. Security has not been on one of those to date," Michael Knight, president and chief technology officer at Greenville, S.C.-based Encore Technology Group, said. "I think they are specifically going after organizations [like Hexadite] that have a lot of security capabilities [to fill those gaps]."

Knight said the Hexadite acquisition also fits into Microsoft's push around artificial intelligence and the cloud. He said he sees an opportunity with Hexadite to provide automation and actionable security throughout the Microsoft stack, something he said is especially important as companies consume multiple Microsoft products and need to secure that data and those connections.

"Microsoft is investing in trying to be a leader in AI. Them acquiring an organization that is not only security driven but is AI driven, as well, that is going to be a natural fit for them," Knight said.

Michael Hadley, CEO of Boston-based iCorps Technologies, agreed, saying the acquisition adds new artificial intelligence capabilities to the Microsoft security portfolio. He said he sees a potential use for the technology around Microsoft Azure or protection of other Microsoft services.

"This just shows [Microsoft] is focused on cybersecurity," Michael Hadley said. "This is a good thing, and I'm pleased to see this."

However, as Microsoft makes big investments in security, it is also receiving push-back from some of the security industry. Most recently, Kaspersky Lab announced that it had filed a lawsuit against the software giant, alleging anti-trust violations around the company's antivirus and Windows 10 updates.

Microsoft said it plans to leverage Hexadite's technology to build on its Windows Defender Advanced Threat Protection solution with automatic investigation and remediation capabilities.

’Our vision is to deliver a new generation of security capabilities that helps our customers protect, detect and respond to the constantly evolving and ever-changing cyberthreat landscape,’ Terry Myerson, executive vice president, Windows and Devices Group, Microsoft, said in a statement. ’Hexadite’s technology and talent will augment our existing capabilities and enable our ability to add new tools and services to Microsoft’s robust enterprise security offerings.’

Jane Wright, principal analyst, security at Technology Business Research, said security automation and orchestration, in particular, is an area that the analyst firm has seen a "marked increase" in over the past year. Driving that demand, she said, is a push by customers to "look beyond the SIEM" to connect their security tools for better threat detection, orchestration, and faster and more automated responses and remediation.

"It was no surprise that Hexadite was acquired, and we also believe companies like Phantom Cyber and CyberSponse are acquisition targets for security vendors, software vendors, or service providers looking to address the growing need for security orchestration," Wright said.

Wright noted that other major security vendors, including FireEye and IBM, have also made acquisitions in the security orchestration market in the past two years.

However, Hexadite partners worried that the technology would get lost within Microsoft. One executive for a Hexadite partner, who did not want to be named, said traditional Microsoft partners and customers would likely be challenged to sell the Hexadite solution, which they said requires a highly-qualified sales rep.

"I'm baffled at how Microsoft is meant to come across as a high-tech security company. I just don’t understand that connection at all," the partner said. The partner said they already work with competitive security automation solutions and will focus their sales efforts on those solutions in the future.