CrowdStrike Customer Panel Summary 

In the immediate wake of the July 2024 CrowdStrike outage, ETR conducted a survey to capture initial reactions and then returned a month after to assess any continued fallout among IT decision makers. It has now been nearly four months since CrowdStrike's headline-grabbing outage, and to further gauge the temperature surrounding the security vendor, ETR conducted an Insights panel of CrowdStrike customers.

Four cybersecurity experts and CISOs from a variety of industries described their approaches to IT security and, in particular, their experience with CrowdStrike before and after this summer’s outage. Panelists compared CrowdStrike to other cybersecurity providers such as SentinelOne and Microsoft Defender, describing variable detection performance, and some faced challenges integrating CrowdStrike into their existing infrastructure. Some, fatigued by CrowdStrike’s performance issues, plan to transition from the platform. However, others remain loyal to the Falcon endpoint product and its expanding capabilities, including cloud workload and identity threat detection. Although some companies experienced significant disruptions from the recent outage, some panelists expressed a willingness to remain with the platform, especially if discounts at renewal are forthcoming.

Below is a small excerpt from that panel, but if you would like to read the full report, please use the sidebar form to request access.

Panel Highlights

CrowdStrike usage. A Head of Security and Infrastructure Teams shared that while they used CrowdStrike's Falcon endpoint agent for 18 months, they ultimately chose Rapid7 for endpoint protection and SOC services. “We were kind of phasing CrowdStrike down when the [July outage] occurred, so that actually helped us mitigate and recover relatively quickly.” A Director of Information Technology at a continuing care retirement community adopted CrowdStrike's Falcon endpoint solution about 15 months ago, replacing Norton Antivirus; their MSP helped them evaluate various options, and benchmark against an existing Barracuda implementation. “The decision went between us and the MSP, and then we presented the solution to the board of directors and went forward from there. We also replaced our Barracuda firewall with Palo Alto’s firewall solution.”

Competitors. As cybersecurity teams evaluate strategies for managing their technology stacks, the conversation often centers on whether to consolidate under fewer vendors or continue with a best-of-breed approach. One executive has moved away from multiple standalone solutions, such as separate email filtering and incident recovery tools, in favor of a unified approach: We've been trying to consolidate them so that we have one single pane of glass, one area to look to. That way we have less specialization and it's easier to manage.” Another analyst described how, while other companies offer novel approaches, many of their clients are effectively “locked in” to using CrowdStrike on preexisting agreements or relationships. Another CISO, comparing CrowdStrike, SentinelOne, and Microsoft Defender, found that all offered very similar capabilities, with Falcon having a slight edge: “We ran through a battery of tests of known malware variants of existing malware, created by malware construction toolkits, and then some novel malware. We found that CrowdStrike had the highest detection rate, slightly more than SentinelOne.”

July CrowdStrike outage. Some panelists experienced significant disruptions, while others managed to quickly mitigate any damage. One company faced widespread issues when their Microsoft Hyper-V cluster crashed. “We were looking at the blue screen error, and we're like, it's mentioning CrowdStrike; it has to be something with the agent. That's when we initially tried to uninstall the agent ourselves, and there were issues associated with that.” The outage ultimately forced them to cancel a morning shift at ten warehouses and spend the day manually recovering over 100 virtual machines. Other firms dealt with blue screens on desktops and focused on data recovery, while one panelist avoided any major issues thanks to an internal update approval process that shielded them from widespread fallout.

ETR Data: According to ETR's CrowdStrike Outage Follow-up Survey (August 2024), 41% don't see a need to change how they use CrowdStrike in response to the outage. However, 36% said they are likely to reconsider plans to consolidate their stack around CrowdStrike, and 20% said they are likely to consider options to reduce their reliance on the vendor in the future.

The full report also dives into customer sentiment around how CrowdStrike reacted to and managed the outage situation, how ongoing vendor relationship conversations are continuing, what (if any) concessions are being offered to customers, as well as examining alternative options in the marketplace. Subscribers can read the full report here.  

ETR has many years of spending intentions data on CrowdStrike and other vendors in the security market, in addition to the more recent and targeted studies on the CrowdStrike outage and its impact on customers. Reach out to an ETR service rep to access ETR's full offerings or gain trial access here.  

Enterprise Technology Research (ETR) is a technology market research firm that leverages proprietary data from our targeted IT decision maker (ITDM) community to provide actionable insights about spending intentions and industry trends. Since 2010, we have worked diligently at achieving one goal: eliminating the need for opinions in enterprise research, which are often formed from incomplete, biased, and statistically insignificant data. Our community of ITDMs represents $1+ trillion in annual IT spend and is positioned to provide best-in-class customer/evaluator perspectives. ETR’s proprietary data and insights from this community empower institutional investors, technology companies, and ITDMs to navigate the complex enterprise technology landscape amid an expanding marketplace. Discover what ETR can do for you at www.etr.ai