CrowdStrike's meltdown didn't dent its market dominance … yet CrowdStrike's major meltdown a month ago doesn't look like affecting the cyber security vendor's market dominance anytime soon, based on its earnings reported Wednesday. CrowdStrike's faulty Falcon sensor update in July bricked 8.5 million Windows machines, grounding thousands of flights worldwide, delaying medical services …
And would it cost any less if the shutdown was due to the carelessness of one of Crowdstrike's competitors?
Crowdstrike are now in a "better not let that happen again" mindset; their competitors will be in a "let's sweep up all of Crowdstrike's customers" mindset. Which would you prefer?
Crowdstrike are in a "huh, that didn't really cost us much" mindset. And so are their competitors.
The only real action I've seen so far because of this is from Microsoft, which looks to be moving in the direction of kicking parts of the anti-malware / EDR stuff out of the kernel, probably with a combination of features (e.g. enhancing ETW) and stricter controls (e.g. more rules and scrutiny for WHQL).
And, of course, that's not out of the goodness of their hearts; it's because they catch some of the blame whenever $STUPID_ISV screws up like this. As they should, because they made architectural decisions that encourage shoving crap into kernel-mode drivers.
If it wasn't more costly in terms of hard cash (bulk discounts being a thing etc) and in terms of administrative overhead, having 33.333333% of your machines on one of 3 security vendors would be a good way to prevent this kind of thing from taking out absolutely everything.
But I'll admit in the modern world that's a right pain to achieve (3x the admin overhead) and will be more expensive than just using one.
Most likely most Crowdstrike customers are locked into a subscription model. Those CIO's who recommended Crowdstrike are probably gonna lose face if they go with another product, too.
Crowdstrike's labour costs are also down since they offshored most of their technical work in February 2024.
Boards all over are going to be looking carefully at that question, I'm sure.
Really? When in history have boards taken note of IT disasters? Why would this one be different?
Directors are primarily concerned with 1) the stock price and 2) their personal reputations within the small networks of their peers. And they do not manage organizations directly; their power lies primarily in being able to replace top officers. I think very, very few boards would threaten a CEO with dismissal for keeping Crowdstrike. That's an externality for them.
There's a great deal of hope among Reg readers that Crowdstrike will pay for this enormous screw-up. I've said before that I believe that hope is wildly optimistic, and this article supports that thesis. Crowdstrike customers made some noise but in the end fear of the potential cost of replacing Crowdstrike's services will keep the vast majority of them loyal.
Remember how $10B in damage from NotPetya got a whole bunch of big organizations to get rid of Windows? Yeah, neither do I.
There is a discrepancy between goodness of fit using metrics and unbiased cost/benefit analysis, versus looking at the psychological dynamics that actually determine purchases and market domination.
Technological excellence and reliability are not causal factors for market adoption, unfortunately.
Perception, group think, financial/insurance tradeoffs, and exceptional salesteams (with expense accounts), are more likely to be correlated.
Companies sign contracts and are paying them monthly/quarterly/yearly (I don't know how their billing works) and swapping out Crowdstrike isn't something you can do on a whim over a weekend. Check back this time next year and see what their YoY comparison looks like then we'll know how much they've been affected.
So the actual period really does not include their failure.
Seems it happened a week and a day before the end of the quarter.
Anyone starting their contract that week probably actually signed a couple of weeks or months before - and probably wouldn't be expected to make payments anyway as Net 30 is a usual term.
Existing customers will all be locked into contracts that take six months to a year to cancel, so of course the effect starts Q3 for new customers and for existing customers in 2025 Q2.
Ah yes, the article also says that
Crowdstrike as a company has only been around for around 10 years so obviously all the companies that existed pre-crowdstirke were either using competitor AV software before then, or less likely no AV solution.
So a lot of these business have already done a migration to Crowdstrike in the last decade so is it that much of a stretch to think they are willing to move away from Crowdstrike to a competitor product after their cluster fsck last month?
Or will the $10 Starbucks vouchers they got sent by Crowdstrike be enough to retain them once their subscription period comes to an end?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
