CrowdStrike Widens Its Strike Zone With ‘Something Better’ For SMB Security
As CrowdStrike looks to bring its trailblazing security platform to SMBs—with the help of an army of MSP partners—CEO George Kurtz says the company has put ‘legacy’ technologies and top rivals such as Microsoft in its crosshairs.
Even among the smallest of businesses, James Range has witnessed a dramatic shift in their willingness to spend on cybersecurity.
Range pointed to the recent case of a small business that his company, White Rock Cybersecurity, has been working with. Despite having just 10 users, the tax software firm opted to deploy premium endpoint security technology from an enterprise-focused vendor: CrowdStrike.
Why? Because the vendor’s track record suggested it would offer the best chance of holding the hackers at bay. And today, that’s priority No. 1 for a growing set of small and midsize businesses, he said.
“What they’re thinking is, ‘We have to be protected because if something happens, we’re out of business,’” said Range, the CEO of Dallas-based White Rock.
It’s not just SMB attitudes that have changed, however. Solution providers such as White Rock now recognize that CrowdStrike— which is among the most prominent and widely used vendors in the enterprise security space—is also an increasingly good fit for SMB customers.
Through the launch of Falcon Go—a more affordable version of its acclaimed Falcon security platform—CrowdStrike is hitting the right note with White Rock’s smaller customers, Range said. Falcon Go “has been a dynamite product. It helps get people [into CrowdStrike],” Range said. “It’s definitely geared for your SMB customer. It’s a little easier to use, but it’s still got most of the bells and whistles that [SMBs] need to protect their businesses and their livelihoods.”
In addition, a major partnership with Pax8 is also playing a key role as CrowdStrike is working aggressively to bring its technology down into the SMB market, an exceedingly rare move for a top-tier enterprise tech vendor.
But according to CrowdStrike co-founder and CEO George Kurtz, the company is aiming big with small businesses, with the goal of transforming cybersecurity for SMBs in the same way it has for the enterprise.
Plagued by data breaches and ransomware attacks, SMBs are simply not being protected by existing security tools from Microsoft and “legacy” antivirus vendors, Kurtz said in a recent interview with CRN. If those tools were doing the job, “there wouldn’t be companies like CrowdStrike, and you wouldn’t see all these breaches,” he said.
CrowdStrike’s promise, Kurtz said, is to offer smaller businesses “something better”—the same core technology that has enabled substantial improvement in preventing ransomware in the enterprise but simplified for SMB use.
The early results from the SMB push have been positive, according to CrowdStrike executives. For SMBs that have struggled with cyberattacks, there’s huge interest in acquiring something that can truly “make the problem go away,” Kurtz said. “It’s very, very compelling.”
The cybersecurity giant’s work with channel partners is the engine driving the SMB initiative, CrowdStrike executives said. In particular, CrowdStrike’s Pax8 partnership has been “game-changing,” Kurtz said.
In the past, Pax8 has been instrumental in bringing an array of cloud-based technologies to MSPs and their SMB customers—a list that has notably included Microsoft’s cloud offerings.
Pax8 is now looking to do the same for CrowdStrike, the distributor’s executives said. Given that CrowdStrike is “the gold standard in the enterprise cybersecurity space,” it’s a very big deal that MSPs are now gaining access to the technology in a way that’s tuned to their needs, said David Powell, vice president of sales strategy at Pax8.
Looking ahead, MSPs will have access not just to CrowdStrike’s flagship endpoint security product but also to its tools for protecting identity, data, cloud workloads and more—all of which are capabilities that it offers as easy-to-deploy “modules” on its cloud-native, single-agent platform, according to company executives.
CrowdStrike currently offers 23 different modules covering an array of security categories, and the plan is to make all of them available to Pax8 partners as soon as possible, said CrowdStrike Chief Business Officer Daniel Bernard.
In short, the battle is on for the SMB customer among CrowdStrike and other security vendors that focus on the smaller end of the market.
But there’s one competitor in particular that’s on Kurtz’s mind: Microsoft.
‘The Clear Winner’
Starting in late 2020, multiple global financial service firms sought out solution provider powerhouse World Wide Technology for some badly needed assistance.
Amid the explosion in cyberattacks prompted by the pandemic, the financial giants were looking to find the best endpoint security tool for securing worker laptops against the throng of hackers seeking to steal data and deploy ransomware.
WWT’s Advanced Technology Center—a physical and virtualized tech lab with more than 200 specialists and six data centers, capable of performing exhaustive tests on IT technologies—seemed like an ideal place to get the rigorous testing they were looking for.
And so throughout much of 2021, WWT’s Advanced Technology Center team performed a battery of tests on endpoint detection and response (EDR) tools from top vendors including CrowdStrike and Microsoft, recalled Chris Konrad, area vice president for global cyber at WWT.
The teams tested for security effectiveness, performance on endpoint devices and network utilization. The financial service firms also brought in their own penetration testers to launch simulated cyberattacks against the EDR tools.
“This was very holistic testing across the board,” Konrad said, noting one firm’s assessment was so thorough it lasted 11 months. In the end, according to Konrad, every one of the financial service firms came to the same conclusion: “CrowdStrike came out as the clear winner.”
For major enterprise-focused channel players like St. Louis-based WWT, No. 9 on CRN’s 2023 Solution Provider 500, successes like these have cemented CrowdStrike’s reputation in endpoint protection technology.
In talking to CISOs who have used CrowdStrike, they consistently report a high level of satisfaction with the company’s product, said Lee Waskevich, vice president of security at Herndon, Va.-based ePlus Technology, No. 28 on CRN’s 2023 Solution Provider 500. “Some of the largest companies have felt that the investment they made in CrowdStrike was a worthy investment,” Waskevich said. “I think where people see the value, they’re going to pay that price. And I don’t see a lot of people switching away from CrowdStrike.”
During the second quarter of CrowdStrike’s fiscal 2024, ended July 31, revenue climbed 37 percent from the same period a year earlier to reach $731.6 million, surpassing Wall Street estimates despite the challenging macroeconomic conditions.
In the fiercely competitive endpoint security market, CrowdStrike holds the largest share of the market at 17.7 percent, according to the latest available figures from IDC for July 2021 through June 2022. That put the Austin, Texas-based company ahead of No. 2 Microsoft, whose market share was 16.4 percent. Now, as CrowdStrike looks to replicate its enterprise success at the SMB level, the company is once again coming up against its familiar rival from Redmond.
Like CrowdStrike, Microsoft is on a mission to win over SMBs on endpoint security with its Defender products that are bundled into many of its Microsoft 365 software licenses.
Microsoft’s massive presence in the business world and its bundling strategy remain a serious challenge for CrowdStrike, solution provider executives noted, particularly as many customers look to save wherever possible amid the uncertain economic environment. At the same time, the list of customers that have adopted CrowdStrike after suffering a breach even with Microsoft security technologies in place is growing, Kurtz told CRN.
He points to CrowdStrike’s own findings: In three out of four breaches of Microsoft customers that CrowdStrike’s incident response team has investigated over the years, Defender had been in use but had been bypassed by attackers.
It’s a major lead generator for CrowdStrike, according to Kurtz. “We routinely convert Microsoft customers that have been breached using Microsoft security technologies into CrowdStrike customers,” he said.
Ultimately, he contends that Microsoft is seeing a diminishing opportunity to convince businesses to adopt its security products with its sales pitch of, “‘You get it for free, use it.’”
“[Customers] are saying, ‘Well, you’re putting us at risk,’” Kurtz said. “That’s really what we’re hearing from customers—Microsoft is putting them at risk.”
IDC figures show that CrowdStrike’s endpoint security revenue grew faster than Microsoft’s during the period of July 2021 through June 2022, by 62.4 percent, compared with Microsoft’s growth of 59.2 percent during the period. That was a reversal from the previous 12-month period’s figures, when Microsoft had grown significantly faster on endpoint security revenue than CrowdStrike, according to IDC.
CrowdStrike’s win rates versus Microsoft “continue to be very high,” CrowdStrike President Michael Sentonas told CRN.
In a statement provided to CRN, Microsoft said that “cybersecurity is a top priority for Microsoft and has been for over 20 years.” “Anecdotal comments and marketing speak from competitors simply seeking market share does nothing towards keeping all customers safer,” Microsoft said in the statement. “We believe collaboration and partnership across the security industry is essential to stay ahead of expansive advanced threats and find the aggressive competitive framing of security issues unfortunate.”
‘Not Mutually Exclusive’
As CrowdStrike’s move into the SMB market escalates its yearslong rivalry with Microsoft, solution providers are taking a variety of approaches when it comes to helping customers to select one—or both—of the vendors.
Some solution providers, such as White Rock, are finding that CrowdStrike is actually less expensive than using Microsoft for endpoint security.
In part, that’s on account of the “real expenses that the Microsoft product has as far as time, effort, putting all the different pieces together,” White Rock’s Range said. CrowdStrike’s Falcon platform, on the other hand, “takes less people to run. It’s easier to use,” he said.
Another increasingly common scenario is that customers that already have Defender through a Microsoft 365 subscription will adopt CrowdStrike in addition to it, said Michelle Drolet, founder and CEO of Framingham, Mass.-based solution provider Towerwall. “A lot of organizations now are coming to us saying, ‘We have Defender, but we need defense-in-depth,’” she said, referencing the strategy of deploying numerous cyberdefense tools to make up for the limitations of any single product or technology.
A frequent question from Microsoft customers is, “‘What else can we look at?’” Drolet said. “While Defender is still there with the E5 and E3 licenses, we’re adding layers with CrowdStrike—if not taking [Defender] out.”
CrowdStrike frequently encounters this scenario across its customer base, according to Kurtz. “I really want to hammer this because I don’t think it’s as well-known that Microsoft and CrowdStrike are not mutually exclusive,” he said.
All in all, demand for more effective cybersecurity tools is rising amid the intensifying threat landscape, growing insurance and regulatory requirements and myriad other security-related pressures.
“The ransoms are getting larger. Cyber insurance policies are getting dropped. For our customers to sell to their customers, they need to be able to answer some really tough questions,” Drolet said. “CrowdStrike helps do that.”
For SMBs, it’s abundantly clear that the market is underserved on security, CrowdStrike’s Bernard said. As just one indicator, tech-driven cyber insurer Coalition disclosed in a mid-2022 report that average claims for SMBs had surged 58 percent from the year before.
“The modern attacks aren’t being stopped by whatever technologies are deployed there,” Bernard said. “This is a market that so desperately needs modern, AI-powered cybersecurity.”
To quickly improve the security posture of smaller businesses, CrowdStrike’s cloud-native architecture is a major advantage, Kurtz said. “It’s super easy to get an SMB up and running” on the platform, he said.
And along with its affordability, the Falcon Go offering pro-
vides the core elements necessary to drastically improve threat visibility and prevention for SMBs, Kurtz said.
For the vendor and its partners, he said, SMB represents “such a massive market that I think it will drive growth for many years to come.”
To spearhead the SMB initiative, CrowdStrike hired Bernard, who was previously the CMO at SentinelOne, as chief business officer in January.
Then came the Pax8 partnership.
‘Consumable For SMBs’
At Pax8, which serves more than 29,000 partners, a growing chorus of solution providers had been asking the same thing in recent years: “‘When are you going to get CrowdStrike?’” said Nick Heddy, chief commerce officer at the Greenwood Village, Colo.-based distributor.
To make CrowdStrike feasible for many MSPs and their SMB customers, however, there were obstacles that needed to be overcome. Requirements around the minimum number of licenses were a big one. So were the requirements for up-front payments and yearlong commitments.
Pax8 and CrowdStrike, however, have worked together to address all of these issues, he said. Now partners will be able to acquire CrowdStrike licenses for a single user for just one month, allowing them to easily try the technology before expanding it across their customer base, Heddy said.
The distributor is also handling some of the heavy lifting by taking on support and billing responsibilities for the CrowdStrike platform, he said.
Pax8’s core mission is to “make things consumable for SMBs. And we absolutely did that with Microsoft,” Heddy said. “We intend to do the exact same thing with CrowdStrike—take an amazing product and make it consumable for managed service providers who serve SMBs.”
Historically, few companies in the IT industry “have been enterprise-first and then committed to come down to the channel, to work with the SMB community,” said Powell, a channel and cybersecurity industry veteran who joined Pax8 in April. Microsoft, of course, is one of them.
Now, CrowdStrike is making the right moves to be next, he said: “Their willingness to do this right—not just dabble in it, but to really engage with the channel the correct way—has been really encouraging.”
Even as CrowdStrike looks to unleash an army of new MSP partners, the vendor is also seeking to bolster its work with existing partners, executives said.
With the September unveiling of its new channel program, Accelerate, executives said it’s the biggest update to the CrowdStrike program since it debuted in 2015. As Bernard puts it, Accelerate constitutes a “tectonic shift” in CrowdStrike’s approach to working with partners. The program features expanded discounts and incentives, greater resources around support and marketing, reduced response times for deal registration and a refreshed video training series, CrowdClass.
CrowdStrike has also launched a new marketing campaign platform for partners, dubbed “the grid,” which includes an array of co-branded sales resources. The platform allows partners to enter in a list of customers or prospects and then generates “up-to-the-minute marketing material,” said White Rock’s Range. “It’s a huge benefit.”
For White Rock, the combination of CrowdStrike’s strong technology and partner enablement is leading the solution provider to expect revenue growth of at least 50 percent this year in its CrowdStrike business, Range said.
“CrowdStrike has definitely been a home run for us,” he said. Looking ahead, CrowdStrike is aiming to build out its channel-focused routes to market even further, and “we also need to continue to invest and enable our partners,” Kurtz told CRN.
“That’s an area that we really want to focus on. We know we can do better there.”
Going forward, CrowdStrike will also be doubling down on helping partners to utilize more of the modules now available on its platform, executives said.
Whether large or small, most businesses are dealing with the same types of cybersecurity issues right now: too much complexity, not enough expertise, changing threats.
Bringing more of CrowdStrike’s capabilities to customers, beyond its core endpoint security technology, can help address all these issues at the same time, solution provider executives said. For starters, many customers are looking to consolidate more of their security tools on a single vendor to reduce complexity and cost, executives said.
Meanwhile, thanks in part to CrowdStrike’s success at stopping hackers on endpoints, identity-based attacks that aim to get around endpoint detection are surging. For many businesses, “identity threats are No. 1” right now, said Adam Meyers, head of Counter Adversary Operations at CrowdStrike.
In this environment, CrowdStrike reports rapid customer adoption of its identity threat protection and detection capabilities—and executives pointed to the modules as a next area for partners to explore.
Additional CrowdStrike modules cover cloud workload protection, data security and observability, log management and many more key areas of interest to businesses.
Bringing it all together is CrowdStrike’s XDR (extended detection and response) technology, which correlates threat data from across the tools as well as numerous third-party products.
New modules can also be added quickly and easily thanks to CrowdStrike’s single-agent, cloud-native architecture, according to executives from CrowdStrike and from solution provider partners.
Working with CrowdStrike makes it far easier to have conversations with customers around consolidating their security tools, said Faisal Abou-Shahla, director of security enablement and sales at Irvine, Calif.-based Trace3, No. 36 on CRN’s 2023 Solution Provider 500.
With CrowdStrike, customers “can get one holistic solution that covers many different areas, and they can add on what they need as they expand and want more coverage in a certain space,” Abou-Shahla said.
‘Better Path Forward’
Along with continuing to add new modules to its platform as threat trends evolve, CrowdStrike is enhancing its platform with generative AI technology, executives said.
CrowdStrike recently unveiled Charlotte AI, which the company calls a “generative AI security analyst” that can dramatically boost productivity and effectiveness for cyber defense teams, according to the company.
The tool can “accelerate the human decision-making process, which is critical in cyber,” Sentonas said.
Ultimately, whether it’s about displacing existing endpoint security vendors, vying with Microsoft or offering protection against modern threats such as identity-based attacks, Kurtz said that CrowdStrike’s technology platform remains its top advantage, just as it has since the company’s founding in 2011.
“We instrument the technology in the Falcon platform in such a way that we get full visibility across the [attack] chain,” he said. Even if no malware is used in an attack, “we’re still going to be able to see and prevent it,” Kurtz said.
For partners and customers that are exhausted by today’s threat environment and looking for a new approach, Kurtz said CrowdStrike has a hopeful message for them: “There’s a better path forward that’s going to provide better prevention at a lower cost to them.”