On the 16 September 2023, we wrote a long article on Crowdstrike which was sub-titled “Next Gen Cybersecurity Company”. This can be found here. In our view, it is well worth reading.
In the article, we noted how cybersecurity attacks, hacks, ransomware etc. were becoming more common, more intense, and more damaging for companies, governments and agencies. Therefore, it is even more important for all entities to comprehensively protect their networks and IT infrastructure.
In the article, we noted how legacy companies in the Cybersecurity industry such as McAfee, Kaspersky, Sophos, Symantec etc. were losing market share new generation players such as Palo Alto Networks, Zscaler, Fortinet, CrowdStrike and, of course, Microsoft which may be one of the largest players in this space. The legacy players had a very reactive approach to dealing with security threats while the new players have more dynamic approaches and are more proactive in dealing with security threats.
In the article, we highlighted how CrowdStrike is a next-generation, cloud-native endpoint cybersecurity company.
An Endpoint is any device which can be connected to a network. Thirty years ago, that would perhaps have meant desktops used by workers in cubicles on company premises, whose PCs were connected to the company network, and perhaps the internet. Today, there are many other ways to connect to networks.
like mobile phones, tablets, notebooks, security cameras, Point of Sales (PoS) systems, and numerous other Internet of Things (IoT) devices. As the diagram above shows, there are many different types of endpoints, and they are more geographically spread.
CRWD’s core offering is called endpoint detection and response (EDR), which has largely replaced the reactive anti-virus products offered by the legacy providers.
Beyond EDR, CRWD offers the Falon Platform which is composed of numerous tightly interconnected applications that offer the customer products/services in cloud security, log management, forensics, identity security, data protection and many more.
Falcon’s main feature is its ability to digest near-endless amounts of data to automate breach protection.
The amount of data involved is colossal:
“We handle 4 trillion events per week. These are signals that come into our platform, right? We have one of the largest Kafka clusters in the world. So, we're competing with the Facebooks and the Googles, et cetera, for talent just because of the sheer scale that we operate in. 4 trillion events per week. So as today starts and ends, we will have handled more events in our platform, these signals that come into our platform that Twitter has tweets in an entire year.”
“Using cloud-scale AI, our Security Cloud enriches and correlates trillions of cybersecurity events per week with indicators of attack, threat intelligence and enterprise data (including data from across endpoints, workloads, identities, IT assets and configurations) to create actionable information, identify shifts in adversary tactics and automatically detect and prevent threats in real-time across our customer base. The more data that is fed into our Falcon platform, the more intelligent our Security Cloud becomes, and the more our customers benefit, creating a powerful network effect that increases the overall value we provide.”
There is a network effect at work as many users’ data is continuously fed to a central platform which spots threat patterns and informs and acts to benefit all users.
The CRWD offering has these key offerings.
Lightweight agent: A single agent installed on all endpoint devices. This agent is designed to be easy to deploy and manage and doesn't require constant updates or reboots. It is like a sensor which is a gate into your network, and it collects information on all data that passes through in both directions.
Threat intelligence: CRWD uses threat intelligence to identify and block malicious activity. This intelligence is constantly updated with all the data the lightweight agents collect to keep up with the latest threats.
EDR (Endpoint detection and response): Falcon can detect and respond to threats on your endpoints. This includes malware, ransomware, and phishing attacks.
XDR (Extended detection and response): XDR takes EDR further by collecting data from other sources, such as cloud workloads and network devices. This gives a complete picture of what's happening on the network and helps Falco to quickly identify and respond to threats.