Cybersecurity platforms are consolidating, and enterprise buyers are evaluating datasets, intelligence, integration and generative AI capabilities. What's unclear is the number of cybersecurity platforms that win.

The three next-gen cybersecurity platforms--Palo Alto Networks, Crowdstrike and Zscaler--all have AI capabilities, strong platforms, data signals and heady revenue growth. The elephant in the cybersecurity room is also clear: Microsoft.

Crowdstrike's second quarter earnings highlighted the moving parts well. Crowdstrike hasn't shied away from taking a few jabs at Microsoft. CEO George Kurtz noted:

A major auto manufacturer tried but failed to consolidate their security on Microsoft E5. This company's security team quickly realized Microsoft's complexity, multiple consoles, lack of integration, miss detections and complex deployments hampered their ability to defend themselves and consolidate. This customer is now consolidating on the Falcon platform with Falcon Complete for Endpoint, Identity and Cloud. Now with a single agent, single user interface and single platform, they have complete visibility across their end points, cloud and identities and the ability to stop threats in real time. By moving from expensive Microsoft E5 to CrowdStrike, organizations can save 50% plus per user per year on Microsoft licensing costs, adding up to millions of dollars of savings."

That quote landed just a few months after Crowdstrike's Investor Day where a section of the presentation was devoted to Microsoft and how the company wins 8 out of 10 times when an enterprise customer tests the two platforms.

Microsoft's Charlie Bell, Executive Vice President of Microsoft Security, was speaking at an investor conference the same day as Crowdstrike earnings. "I think we're one of the major beneficiaries of the consolidation move. We see healthy growth. We're now a million organizations protected, and that number grew by 26% last year," said Bell. "The number of customers who are using more than four workloads, that number has gone up by 33%. I think there's a lot of optimization that people were doing."

Bell added that Microsoft's AI efforts go beyond ChatGPT. "We often say security is a team sport. Well, within the AI world, building a copilot is this team sport. It's not just the LLM, it's specially trained models," explained Bell. "One of the beauties of being a cloud provider is you don't just get to see one environment, you get to see lots of environment. And so there's a data asymmetry that works to our advantage. We do 65 trillion signals a day processed within our products. And the fact that we have all that data, I think, is a huge advantage."

Crowdstrike has generative AI called Charlotte AI that promises to create virtual security analysts and help enterprises respond to threats faster. Charlotte AI, which will be priced in the weeks ahead, leverages Crowdstrike's data.

More: Palo Alto Networks: Takeaways from a Friday afternoon treatise

These cybersecurity platforms are arguing data is the differentiator since it can train models to read and react to incidents faster.

Palo Alto Networks will focus on "precision AI" that can't be wrong. "We have to build a lot of our own models. We have to train them. We have to collect first-party data. We have to understand the data. Today, we collect approximately 5 petabytes of data. Yes, 5 petabytes of data on behalf of our customers and analyze it for them to make sure we can separate signal from noise and take that signal and go create security outcomes for our customers," said CEO Nikesh Arora.

Crowdstrike's Kurtz was asked about how much of a generative AI and data moat the company has when the big guns are all talking the same game. Kurtz said curation of the data set matters as much as the petabytes involved. He said:

"It isn't just about the most data. You'll hear that from a lot of vendors. It's really about sort of the curated data set because when we think about generative AI, it actually has to be trained. We have a very well-defined training set that's annotated based upon all the threat hunting that we've done over the last 10 years. So we believe our 10-year head start in terms of having a data set that's actually curated is going to give us a distinct advantage of helping our customers. Then it's a foundational platform component, which is made available to every other service on the platform, which is different than others. We'll see how it all unfolds, but initial customer reaction has been very positive."

Bottom line: Four major security players are looking to blend data, signals, platforms and cybersecurity. These four can take business from smaller players for multiple quarters. What'll be interesting to see is how these cybersecurity giants take business from each other.

Constellation Research's take

Liz Miller, Constellation Research analyst, said:

"AI has long been touted as a potential savior for security, especially security operations centers that have long been overwhelmed by lackluster signals setting off an avalanche of alerts that are time consuming and tedious. In this regard the big players like Palo Alto and especially Microsoft are particularly well positioned with an expansive and comprehensive portfolio to train and fine tune models. However, where the training needs to focus is on automating the workflows around the work of security.

It may not be time to count out IBM in this AI for cyber mix. IBM is looking at everything from protecting the data that is now being randomly splashed into enterprise business and customer graphs along with powering risk analysis for incident summaries that are based on fine tuned, high-fidelity reports. IBM's managed services solutions including MDR and IDPS solutions are turnkey and most include their “X-Force” response team that now has AI added as an army of support.

But there is an even greater threat to security platforms and their wallet share given this AI evolution. Organizations have started to admit that they are diverting budget away from security transformation initiatives and shifting those dollars into AI initiatives that are driving revenue or saving money. Yes, AI has the potential to shift the cybersecurity posture and preparedness discussion completely and dramatically, but it also has the potential to sideline security initiatives. That is not where we should be today.”