Fortune 500 Firm Drops Microsoft For CrowdStrike After Attack

The company wanted to move off Microsoft’s security products after a difficult deployment process and big ransomware attack, and ended up adopting CrowdStrike’s managed detection and response platform.


A Fortune 500 company ditched Microsoft’s security products and deployed CrowdStrike’s managed detection and response (MDR) platform after suffering a crippling ransomware attack.

CrowdStrike President and CEO George Kurtz said the large company experienced a long and difficult deployment process with Microsoft’s legacy security products, particularly in low bandwidth environments where endpoint performance is critical. The company was frustrated and already beginning to evaluate alternatives to Microsoft when the ransomware attack occurred, Kurtz said.

“It [Microsoft’s legacy security products] failed to rise to the challenge of today’s adversaries and ended up unnecessarily costing them millions of dollars,” Kurtz told investors during the company’s earnings call Tuesday. Kurtz did not identify the specific Fortune 500 company and Microsoft didn’t immediately respond to a CRN request for comment.

Sponsored post

[Related: Strike First, Strike Hard: How George Kurtz Has Built CrowdStrike Into A Cybersecurity Powerhouse]

The ransomware encrypted the Fortune 500 company’s primary and backup data, Kurtz said, causing weeks of business disruption and a financial impact estimated to be in the tens-to-hundreds of millions of dollars. In response, the victim organization turned to CrowdStrike, bringing in the Sunnyvale, Calif.-based endpoint security vendor’s incident response team to remediate and stabilize their IT operations.

After that, Kurtz the Fortune 500 company deployed CrowdStrike’s Falcon Complete MDR platform across their environment. The Falcon Complete customer base has grown by approximately 150 percent over the past year, according to Kurtz.

“At the end of the day, Microsoft’s Microsoft,” Kurtz said. “They’re going to get customers. But I think with the best platform and the best technology, our results speak for themselves and what we’ve been able to do.”

Kurtz said customers tend to choose CrowdStrike over Microsoft thanks to the strength of its integrations, its ability to cover multiple operating systems, the ease of using and deployment CrowdStrike’s technology, its focus on stopping breaches, and its efficacy in real-world situations.

“There has been a lot of talk in the audit committee [of customer board of directors] around risk monoculture, and customers are becoming more and more uncomfortable with putting their eggs in one basket,” Kurtz said. “So I think we have great opportunity there, and we’ve highlighted some of the big wins [over Microsoft].”

Kurtz said the real-time vulnerability management offered by CrowdStrike’s Falcon Spotlight module has become a necessity given the continued targeting of core functionality and flaws in the Microsoft ecosystem. He specifically called out Falcon Spotlight’s role in helping CrowdStrike customers respond to PrintNightmare, a zero-day remote code execution vulnerability in the Windows Print Spooler service.

Falcon Spotlight leveraged the massive amount of data and intelligence in CrowdStrike’s security cloud and AI model to predict PrintNightmare would be exploited by adversaries soon after it was publicly revealed in late June, according to Kurtz. Spotlight was able to provide CrowdStrike customers with real-time visibility into their exposure to PrintNightmare, Kurtz said.

“What customers are looking for - we highlighted this with the PrintNightmare vulnerability Microsoft had - they want push-button results instantly which we give them,” Kurtz said. “And now, using AI, we can actually prioritize what vulnerabilities are most likely to be exploited, which really helps the IT ops team.”

CrowdStrike’s revenue for the quarter ended July 31 skyrocketed to $337.7 million, up 69.7 percent from $199 million a year earlier. That beat analyst revenue expectations of $323.5 million, according to Seeking Alpha.

The company’s net loss deepened to $57.3 million, or $0.25 per diluted share, 91.8 percent worse than a net loss of $29.9 million, $0.14 per diluted share, a year earlier. On a non-GAAP basis, net income surged to $25.9 million, or $0.11 per diluted share, up 226.4 percent from $7.9 million, or $0.03 per diluted share, a year earlier. That edged out analyst non-GAAP earnings estimates of $0.09 per diluted, according to Seeking Alpha.

CrowdStrike’s stock is down $11.99 (4.27 percent) to $269.01 per share in after-hours trading. Earnings were announced after the market closed Tuesday.

Subscription sales for the quarter leapfrogged to $315.8 million, up 71.4 percent from $184.3 million the year prior. And professional services revenue surged to $21.9 million, up 48.5 percent from $14.7 million last year.

For the quarter ended Oct. 31, CrowdStrike expects non-GAAP net income of $19.7 million to $25 million, or $0.08 to $0.10 per diluted share, on revenue of $358 million to $365.3 million. Analysts had been expecting earnings of $0.09 per diluted share on sales of $351.7 million, according to Seeking Alpha.