The CrowdStrike disaster was a catastrophic one, as a bug in the company's Windows software rendered PCs unusable, disrupting flights, canceling elective medical procedures and leaving many office workers waiting in daze for hours. Not surprisingly, CrowdStrike's stock price plummeted, even as the company's CEO, George Kurtz, promised a fix and systems were slowly starting to come back online.
Rivals stand to benefit.
While it's hard to predict just how much of an impact this will have on businesses from what's being called the worst IT outage in history, investors seem to sense an opportunity: Shares of CrowdStrike competitors SentinelOne and Palo Alto Networks were up as much as 10% this afternoon.
CrowdStrike competes with a number of vendors in the endpoint security market, including SentinelOne and Palo Alto Networks, as well as Microsoft, Trellix, Trend Micro and Sophos. Endpoint security tools detect malware on laptops, mobile phones and other devices that have access to a corporate network.
According to Gartner data, CrowdStrike is estimated to account for 14.74% of global revenue from security software sales, earning approximately $2.01 billion, as of the end of 2023. This puts it second only to Microsoft, which had a 40.16% share ($5.49 billion) last year. CrowdStrike's next competitor is Trellix, which has a 6.62% share ($906 million) as of 2023.
Eric Grenier, a cybersecurity threat detection and exposure analyst at Gartner, cautioned that it's too early to tell who the “winner” will be in the ongoing CrowdStrike fray, but he told TechCrunch that he often sees clients he speaks to put Microsoft and SentinelOne on the shortlist, and he wouldn't be surprised if Friday's events solidify some executives' decisions in favor of alternatives to CrowdStrike.
“I think some organizations will not tolerate this incident at all and will seek alternative solutions,” Grenier said. “Every time a competitor's sales team competes against CrowdStrike in front of potential customers, they can cite this incident as a reason to choose them over CrowdStrike. In the long term, I think CrowdStrike will lose business.”
Not everyone agrees.
IDC research director Mike Jude noted that competitors face essentially the same risks as CrowdStrike and must constantly adapt to a changing threat environment, and that this rapid response could lead to costly mistakes. CrowdStrike's bug was traced to a routine update to the company's flagship product, the Falcon Sensor, which conflicted with many Windows installations.
“I don't think this should be looked at as a win-lose situation, and I don't think many of CrowdStrike's competitors are happy about this,” Jude said. “I think this outage shows how reliant we've become on cybersecurity solutions.”
Chirag Mehta, vice president and principal analyst at Constellation Research, agreed with Jude that rivals were lucky to escape the crisis. “Other vendors are fortunate not to have been affected this time,” Mehta told TechCrunch. “They now have an opportunity to evaluate the depth of their integration with the operating system, how they air-gap updates, and their deployment processes. Overconfidence is dangerous.”
Goldman Sachs analysts said in a note to investors Friday morning that they expect “minimal share change” in the endpoint security market as a result of the CrowdStrike bug. Customers generally understand that these incidents are a matter of if, not when, and therefore place a premium on fixes and transparent communication, the analysts wrote.
“In our view, cybersecurity products are mission-critical and actively under attack by adversaries, and therefore must meet higher standards of reliability and security for customer deployment than other technology products,” the Goldman analysts wrote. “In some ways, we believe this is [outage] This will increase barriers to entry into the industry and drive the need for best-in-class update, outage and customer service protocols, ultimately favoring larger companies.”
Analysts point to the case study of the Okta breach.
Hackers accessed data for all of Okta's thousands of identity and access management customers in October 2023. The hack lengthened deal cycles as some organizations tried to see if Okta's security protocols had improved (and as they evaluated other products), but it did not lead to mass churn. Most Okta customers remained Okta customers.
Raj Joshi, a senior vice president at Moody's Ratings, said the widespread impact of the CrowdStrike outage illustrates the fragility of today's IT infrastructure. “This incident calls into question CrowdStrike's software engineering practices,” he said.[but] It also highlights the growing vulnerability of the global cloud infrastructure due to an increasing number of points of failure.”