CrowdStrike CEO: ‘We’re Seeing A Crisis Of Trust Within The Microsoft Customer Base’

‘We’re seeing a crisis of trust within the Microsoft customer base... Customers are looking to de-risk their security architecture by choosing an alternative vendor to Microsoft,’ says CrowdStrike CEO George Kurtz.


CrowdStrike CEO George Kurtz once again slammed Microsoft Tuesday, saying that CIOs, CISOs and boards of directors are concerned about the software giant’s security posture.

Kurtz said that just about every incident response engagement Sunnyvale, Calif.-based CrowdStrike does involves Microsoft’s technology, pointing to Redmond, Wash.-based Microsoft’s central role in both the SolarWinds hack as well as the Exchange server zero-day vulnerabilities. These huge events have really highlighted the risk of relying on a single vendor for both security and operating systems, Kurtz said.

“We’re seeing a crisis of trust within the Microsoft customer base, driven by Sunburst and their more recent zero-day vulnerabilities in Exchange that has been reported to affect 250,000 customers worldwide,” Kurtz told investors Tuesday. “Customers are looking to de-risk their security architecture by choosing an alternative vendor to Microsoft.”

Sponsored post

[Related: 10 Boldest Statements From The SolarWinds Senate Hearing]

Microsoft declined a CRN request for comment.

Kurtz said the crisis of trust around Microsoft’s security is across the board, with the endpoint security vendor hearing from CISOs, CIOs as well as boards. Following the SolarWinds hack, Kurtz said clients have become increasingly concerned about protecting their cloud directories such as Azure AD, which has in turn driven interest in identity protection tools such as what CrowdStrike acquired from Preempt.

“There’s a lot of customers that are looking at this and saying, ‘Hey, we need to de-risk our environment, and we need another provider,’” Kurtz said. “The proverbial, ‘You don’t want the fox guarding the henhouse.’ Just over the last couple of months, this has really highlighted the risk in using a monoculture for both security and operating systems.”

As a result, Kurtz said CrowdStrike has seen a really good uptick in demand for its Falcon Spotlight vulnerability management product. Kurtz said Spotlight has really matured and is very well-received by CrowdStrike’s customers.

“A lot of it is driven by the vulnerability of the week from the Microsoft perspective,” Kurtz said. “People are having a hard time just dealing with all the vulnerabilities - where they are, if it’s patched, is it really the latest, is it fixed?”

CrowdStrike has become increasingly critical of Microsoft in recent months as its relationship with top Azure rival Amazon Web Services continues to tighten. Kurtz called CrowdStrike’s partnership with AWS a “standout,” and said annual recurring revenue transacted through the AWS Marketplace grew by 650 percent in the fiscal year ended Jan. 31, while transaction volume grew by more than 300 percent.

Kurtz’s latest remarks come weeks after he described how the SolarWinds hackers took advantage of architectural limitations in Microsoft’s authentication process to jump from customer on-premise environments into the cloud and cloud applications during a Feb. 24 U.S. Senate hearing. Kurtz said the specific attack vector used by the SolarWinds hackers was first documented all the way back in 2017.

“The threat actor took advantage of systemic weaknesses in the Windows authentication architecture, allowing it to move laterally within the network as well as between the network and the cloud by creating false credentials impersonating legitimate users and bypassing multifactor authentication,” Kurtz said.

CrowdStrike and Microsoft first butted heads Dec. 23, when CrowdStrike CTO Michael Sentonas said the SolarWinds hackers attempted to hack CrowdStrike through a Microsoft reseller’s Azure account but were ultimately unsuccessful. The company was contacted Dec. 15 by Microsoft’s Threat Intelligence Center, which had identified a reseller’s Azure account making abnormal calls to Microsoft cloud APIs.

The reseller’s Azure account was used for managing CrowdStrike’s Microsoft Office licenses, and Sentonas said the hackers attempted to read the company’s email. That attempt was unsuccessful, Sentonas said, adding that CrowdStrike’s findings were confirmed by Microsoft. As part of CrowdStrike’s secure IT architecture, Sentonas said the company doesn’t use Office 365 email.

In response, Microsoft told CRN that if a customer buys a cloud service from a reseller and allows the reseller to retain administrative access, then a compromise of reseller credentials would grant access to the customer’s tenant. This abuse of access would not be a compromise of Microsoft’s services themselves, according to the company.

CrowdStrike’s revenue for the quarter ended Jan. 31 skyrocketed to $264.9 million, up 74.2 percent from $152.1 million a year earlier. That beat analyst revenue expectations of $250.6 million, according to Seeking Alpha.

The company’s net loss improved to $19 million, or $0.09 per diluted share, 33.1 percent better than a net loss of $28.4 million, or $0.14 per diluted share, a year earlier. That crushed analyst non-GAAP earnings estimates of $0.06 per diluted share, according to Seeking Alpha.

CrowdStrike’s stock is up $12.34 (6.29 percent) to $208.65 in after-hours trading Tuesday. That’s the highest the company’s stock has traded since March 3.

Subscription sales for the quarter leapfrogged to $244.7 million, up 76.6 percent from $138.5 million a year earlier. And professional services sales jumped to $20.3 million, up 49.3 percent from $13.6 million last year.

On a full-year basis, CrowdStrike’s revenue soared to $874.4 million, up 81.6 percent from $481.4 million the year prior. And net loss decreased to $92.6 million, or $0.43 per diluted share, 34.7 percent improved from a net loss of $141.8 million, or $0.96 per diluted share, a year earlier.

For the quarter ending April 30, CrowdStrike expects non-GAAP net income of $10.8 million to $13.9 million, or $0.05 to $0.06 per diluted share, on revenue of $287.8 million to $292.1 million. Analysts had been expecting earnings of $0.04 per diluted share on sales of $268.4 million, according to Seeking Alpha.