CrowdStrike Customer Panel Highlights

We're in an Endpoint state of mind as we gear up to drop our second annual Endpoint Observatory! To kick things off, we’ll dive into last year's data and see how Endpoint vendors were stacking up—and give you a sneak peek of what might be on the horizon for 2025.

But that’s not all! We’ll also check out some juicy insights from our recent CrowdStrike customer feedback panel, featuring thoughts from four security experts who are current (and former) CrowdStrike users.?

To wrap it all up, we’re super excited to announce that we’re opening up sign-ups for content from our upcoming SASE Observatory feedback panel! Four experts will be sharing their thoughts on the market and giving us the lowdown on the data and vendors we’re tracking. Stay tuned; it’s going to be a blast!

CrowdStrike Customer Panel Summary?

Platform Still Perceived Well, but Friction in Relationships Evident

In the immediate wake of the July 2024 CrowdStrike outage, ETR conducted a survey to capture initial reactions and then returned a month after to assess any continued fallout among IT decision makers. It has now been nearly four months since CrowdStrike's headline-grabbing outage, and to further gauge the temperature surrounding the security vendor, ETR conducted an Insights panel of CrowdStrike customers.

Four cybersecurity experts and CISOs from a variety of industries described their approaches to IT security and, in particular, their experience with CrowdStrike before and after this summer’s outage. Panelists compared CrowdStrike to other cybersecurity providers such as SentinelOne and Microsoft Defender, describing variable detection performance, and some faced challenges integrating CrowdStrike into their existing infrastructure. Some, fatigued by CrowdStrike’s performance issues, plan to transition from the platform. However, others remain loyal to the Falcon endpoint product and its expanding capabilities, including cloud workload and identity threat detection. Although some companies experienced significant disruptions from the recent outage, some panelists expressed a willingness to remain with the platform, especially if discounts at renewal are forthcoming.

Panel Highlights

CrowdStrike usage. A Head of Security and Infrastructure Teams shared that while they used CrowdStrike's Falcon endpoint agent for 18 months, they ultimately chose Rapid7 for endpoint protection and SOC services. “We were kind of phasing CrowdStrike down when the [July outage] occurred, so that actually helped us mitigate and recover relatively quickly.” A Director of Information Technology at a continuing care retirement community adopted CrowdStrike's Falcon endpoint solution about 15 months ago, replacing Norton Antivirus; their MSP helped them evaluate various options, and benchmark against an existing Barracuda implementation. “The decision went between us and the MSP, and then we presented the solution to the board of directors and went forward from there. We also replaced our Barracuda firewall with Palo Alto’s firewall solution.”

Competitors. As cybersecurity teams evaluate strategies for managing their technology stacks, the conversation often centers on whether to consolidate under fewer vendors or continue with a best-of-breed approach. One executive has moved away from multiple standalone solutions, such as separate email filtering and incident recovery tools, in favor of a unified approach: We've been trying to consolidate them so that we have one single pane of glass, one area to look to. That way we have less specialization and it's easier to manage.” Another analyst described how, while other companies offer novel approaches, many of their clients are effectively “locked in” to using CrowdStrike on preexisting agreements or relationships. Another CISO, comparing CrowdStrike, SentinelOne, and Microsoft Defender, found that all offered very similar capabilities, with Falcon having a slight edge: “We ran through a battery of tests of known malware variants of existing malware, created by malware construction toolkits, and then some novel malware. We found that CrowdStrike had the highest detection rate, slightly more than SentinelOne.”

July CrowdStrike outage. Some panelists experienced significant disruptions, while others managed to quickly mitigate any damage. One company faced widespread issues when their Microsoft Hyper-V cluster crashed. “We were looking at the blue screen error, and we're like, it's mentioning CrowdStrike; it has to be something with the agent. That's when we initially tried to uninstall the agent ourselves, and there were issues associated with that.” The outage ultimately forced them to cancel a morning shift at ten warehouses and spend the day manually recovering over 100 virtual machines. Other firms dealt with blue screens on desktops and focused on data recovery, while one panelist avoided any major issues thanks to an internal update approval process that shielded them from widespread fallout.

2025 Endpoint Observatory

Annualized Endpoint Observatory Data Coming

This week marks the first annualized comparison to ETR's recently launched Observatory product, with updated data and a comprehensive report on the Endpoint marketplace looking out to 2025. The Observatory tracks forward-looking metrics to decipher market dynamics and vendor placements.

ETR Video Replay: The Rise and Stall of Microsoft Copilot Amidst Rapid Adoption of Gen AI

This interview segment with a Chief Cloud Solutions Architect for an IT services enterprise discusses the growing influence of generative AI on cloud infrastructure and enterprise technology strategies and postulates why Microsoft's early adoption curve on Copilot has stalled.