Is the security of legacy IT providers prompting a confidence crisis?

Security professionals are losing confidence in legacy IT vendors as supply chain attacks have surged in the past year, according to research from Vanson Bourne and CrowdStrike released Tuesday. Organizations are questioning whether traditional technology firms are providing sufficient security protections to enterprise customers.

Almost two-thirds of respondents said their organization is losing confidence in legacy IT providers, such as Microsoft, due to the increasing frequency of supply chain attacks, according to the report. CrowdStrike commissioned Vanson Bourne to conduct the research, which is based on a survey of 2,200 senior IT decision makers and IT security professionals in the U.S., EMEA and Asia Pacific regions.

The research also shows 45% of respondents have experienced at least one supply chain attack over the past 12 months, up from 32% in 2018.

Organizations are increasingly concerned about what they consider to be outdated and inadequate security provided by some of these legacy providers, according to CrowdStrike CTO Michael Sentonas, who says these technologies are failing to protect the enterprise.

"At the same time, the operating systems and applications organizations regularly use require more and more patching to protect against zero-day vulnerabilities," Sentonas said in an email to Cybersecurity Dive. "This all adds to the daily pressure IT departments are dealing with."

Microsoft, which played a critical role in detecting and defending its security capabilities during the early months after the SolarWinds attack was disclosed in December 2020, fired back at CrowdStrike in what has been an escalating war of words with CrowdStrike executives.

"This week we announced the result of a sustained effort to proactively take down nation-state attack infrastructure, protecting both our customers and the wider industry," a Microsoft spokesperson told Cybersecurity Dive via email. "We believe this is more valuable to our customers than self-serving market research that attacks other security vendors."

Microsoft says its security teams and platforms have prevented more than 70 billion attacks over the past year, protecting about 650,000 security customers.

Enterprise customers have lost enthusiasm for legacy technology in the endpoint protection space, according to Peter Firstbrook, research VP at Gartner. However, Firstbrook would decline to put Microsoft into that group. The company outpaces CrowdStrike by quite a wide margin in terms of what Gartner clients have been asking for, he said.

"Microsoft is a modern solution that is comparable to CrowdStrike," said Firstbrook. "Increasingly the biggest consideration in EDR is how well the EDR solution fits into the portfolio of security tools already in use. XDR is the cool new term for the integration of security tools for the unified incident response workflow."

Microsoft is ahead of CrowdStrike, which is getting started in XDR with the acquisition of Humio earlier this year, Firstbrook said.

Nobelium campaign lifts debate

One year after the SolarWinds hack, the CrowdStrike report highlights growing concerns about the security provided by traditional IT providers. That attack, attributed to nation-state threat actors connected to the Russian security services, impacted thousands of companies that used the SolarWinds Orion platform.

The attackers used the SolarWinds platform as a vector to launch follow-on attacks against enterprise customers that used the Orion platform. The same threat actor, which Microsoft dubbed Nobelium, has launched repeated attacks against other IT and IT security vendors.

The threat actors in the SolarWinds campaign and other threat actors have repeatedly launched attacks against Microsoft systems, with research showing that Active Directory is a frequent target of sophisticated attacks.

Microsoft has also become a frequent target of attacks against its Office 365 environment, which is critical for organizations operating in remote and hybrid work environments. However, a number of security executives have raised questions about whether Microsoft has the ability to filter out malware and other threats that often target organizations in the form of phishing attacks.

"Each prospective customer comes to us at a different stage in their security transformation journey," Sentonas said. "However, across the board, we are seeing more and more that are dissatisfied with legacy security solutions, and in some cases solutions that fall into the 'next-gen"' category that can't keep up with the evolving threat landscape and they are replacing these existing solutions."

Microsoft has positioned itself as a technology provider that can provide enterprise customers the productivity tools they need to get work done, alongside an end-to-end bundle of security protection that works seamlessly within that environment, according to industry executives.

Months after the SolarWinds campaign, Microsoft made a number of acquisitions to either buy or invest in a number of small companies to help it provide more robust security options that would help enterprises and other organizations gain enhanced visibility into potential security threats.

"The challenge a lot of security leaders run into is that not every tool Microsoft has is a valid replacement for all the features they might be using from another tool," Jeff Pollard, VP and principal analyst at Forrester. "And so when they're told to go to this other technology, they may wind up losing visibility into certain things, they may wind up losing functionality."

"So it's a real concern that maybe they have tools forced on them that are not as good as what they were using before or have gaps compared to what they were using before," Pollard said.