Analysis: Microsoft's Security Ambitions - InformationWeek
09:15 AM

Analysis: Microsoft's Security Ambitions

Microsoft continues to reveal its security ambitions in very obvious ways. Its $75 million acquisition of SSL VPN vendor Whale Communications last week shows just how deep it wants to go against the established leaders of various security technologies.

Microsoft continues to reveal its security ambitions in very obvious ways. Its $75 million acquisition of SSL VPN vendor Whale Communications last week shows just how deep it wants to go against the established leaders of various security technologies.

Once upon a time, Whale swam in a sea of SSL VPN vendors—Neoteris, URoam, SafeWeb, enKoo, Aventail, Permeo, Twingo Systems, Net6 and many more. The technology was never intended to be a standalone solution; SSL VPN is a feature set of a much larger security system. This is why it made sense when NetScreen, F5 Networks, Symantec, Citrix, Cisco Systems, Check Point and all of the other perimeter security hardware vendors snapped up the SSL VPN start-ups to incorporate the technology alongside IPSec VPNs.

But Microsoft getting into the SSL VPN game? To what end? Windows already has native LT2P and PPTP security remote connectivity. And most of the major VPN software packages run on Windows. Ah, but Microsoft has a firewall, of sorts, in the Internet Security Acceleration (ISA) Server. If Microsoft's intention is to incorporate SSL VPN into ISA—which it seems clear to do—it can only mean that Microsoft's security strategy is to go beyond the application sets of the desktop and into a full suite of network-based security products.

Already in Microsoft's security sights are the antivirus and antispyware vendors. Since buying European antispyware vendor Giant Company Software and antivirus vendor Sybari, it was pretty clear that Microsoft intended to get into the malware protection market. Symantec, McAfee and Trend Micro seemed to be the clearest targets, but so are Sophos, CA, F-Secure and scores more smaller vendors.

What Whale gives Microsoft is more than just SSL VPN technology, but hardware capacity. Microsoft partners with Network Engines and Celestix for its hardware ISA hardware form-factor. Whale's appliances give Microsoft a new medium for pushing its expanded ISA Server as a plug-n-play device. If Microsoft intends to get into the perimeter security game, its first target will be the SMB market, where it can leverage the full might of its marketing power against some vulnerable competitors—Check Point, Blue Coat, Websense, SonicWall and WatchGuard. As it builds the product and experience to produce enterprise-class security products, the targets will shift to Cisco, Juniper and Check Point.

When Microsoft launched its Trustworthy Computing Initiative in 2002, its stated goal was to clean up the Windows code base and eliminate the vulnerabilities that made it susceptible to attack. Within a year, Microsoft formed the Security Business Unit, which oversaw Trustworthy Computing and the buildout of Microsoft security products. Four years later, we're beginning to see the end game of the revenue side of Microsoft's security equation.

So, now let's play the acquisition game. If Microsoft intends to build or acquire products that deliver security from the host to the cloud, what does it need next? Intrusion prevention, end point compliance checking, a stateful-inspection firewall and identity management. If I were a betting man—and sometimes I am—I would put my money on Internet Security Systems and RSA Security. Both are midtier vendors that haven't found a way to break out into the major leagues, but are leaders in their technology space. ISS would give Microsoft a solid IPS hardware solution, while RSA would give it encryption and identity management.

No matter which move Microsoft makes, it's good news for Microsoft partners. They will have new toys to bring to their customers, and they'll have integrated software and hardware packages to sell. It will take years for Microsoft to threaten established security vendors with its newfound technologies, but the day is coming when we may be saying "Secured By Microsoft."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll