CrowdStrike’s president hit out at “shady” efforts by its cyber security rivals to scare its customers and steal market share in the month since its botched software update sparked a global IT outage.
Michael Sentonas told the Financial Times that attempts by competitors to use the July 19 disruption to promote their own products were “misguided”.
After criticism from rivals including SentinelOne and Trellix, the CrowdStrike executive said no vendor could “technically” guarantee that their own software would never cause a similar incident.
“Our industry is built on trust,” Sentonas said. For rivals to take advantage of the meltdown to push their own products “lets themselves down because, ultimately, people know really quickly fact from, possibly, some shady commentary”.
Texas-based CrowdStrike had a reputation as many major companies’ first line of defence against cyber attacks but the high-profile nature of its clients exacerbated the impact of July’s global disruption that shut down 8.5mn Windows devices, grounding flights, interrupting hospital appointments and taking broadcasters off air.
Rivals have since detected a chink in CrowdStrike’s armour, with executives at SentinelOne, a direct competitor, heaping blame on its product design and testing processes to promote themselves as a safer alternative.
SentinelOne chief executive Tomer Weingarten said the global shutdown was the result of “bad design decisions” and “risky architecture” at CrowdStrike, according to trade magazine CRN.
Alex Stamos, SentinelOne’s chief information security officer, warned in a post on LinkedIn it was “dangerous” for CrowdStrike “to claim that any security product could have caused this kind of global outage”.
Trellix, which is privately held, also assured its clients that they need not fear a similar event. “Trellix has a different philosophy” to CrowdStrike, said Bryan Palma, chief executive, on LinkedIn. “At Trellix, we employ a conservative approach.”
Forrester analyst Allie Mellen said that multiple vendors were “using the outages to sell their own products”, adding that the typically collaborative security industry “really frowns upon that kind of ambulance chasing”.
Investors have bet that CrowdStrike’s publicly listed rivals will be able to gain an edge in the crowded endpoint security market, which involves scanning PCs, phones and other devices for cyber attacks.
Shares in $7.4bn SentinelOne have climbed 19 per cent in the month since the outages, while $120bn Palo Alto Networks has added 13 per cent. CrowdStrike, now worth $65bn, has shed almost a quarter of its market value since the incident.
IT research firm Gartner estimates that CrowdStrike’s share of revenues last year in the enterprise endpoint security market was second only to Microsoft, which bundles its products with other security tools, and more than double that of nearest rival Trellix.
Nikesh Arora, chief executive of Palo Alto Networks, said in an earnings call this week that the incident had already prompted some businesses to look around for other options. “It’s exciting because customers are willing to give us consideration,” he said.
As they seek to differentiate themselves, CrowdStrike’s smaller rivals have focused on how their products access an operating system’s core, or kernel, which has control over the whole computer.
Faulty software in the kernel can crash an entire system, as demonstrated by the thousands of “blue screens of death” that hit Windows computers across the globe in July.
SentinelOne’s Weingarten, speaking to CRN, pinned the outages on “the pervasiveness of code that has been put in the kernel” by CrowdStrike, suggesting that putting more code in the kernel offers more opportunities for mistakes.
Other companies, he said, offered “incredible protection without stuffing all your code into the kernel”.
While CrowdStrike has promised to introduce new checks and staggered updates to prevent a repeat of the mass disruption, Sentonas said the company’s continued presence inside the kernel is essential to provide maximum protection against cyber threats.
“The reason why we’re in the kernel is it gives us an opportunity to get visibility into everything happening to the system,” he said. “It means that we can protect the security product. It means that we can operate very fast — and it’s a very common way of working across the industry.”
CrowdStrike’s executives have previously attacked Microsoft after it was hit by a series of high-profile cyber incidents and breaches in recent years.
Since the outage, however, Sentonas has tried to put a positive spin on CrowdStrike’s relationship with Microsoft, which he said had “been on the phone with us constantly”. He also praised rival Palo Alto Networks for launching “a mature conversation about resiliency”.
Sentonas, who this month went to Las Vegas to accept the Pwnie Award for Epic Fail at the 2024 security conference Def Con, dismissed fears that CrowdStrike’s market dominance would suffer long-term damage.
“I am absolutely sure that we will become a much stronger organisation on the back of something that should never have happened,” he said. “A lot of [customers] are saying, actually, you’re going to be the most battle-tested security product in the industry.”
Read the full article here