CIO commentary CRWD NET ZS

This was published Aug 12, small summary snippets from a recent CIO interview by ETR:

Below are relevant parts to a couple of my holdings (CRWD, NET, ZS)

Fail-Over Capability is Essential: In any hybrid or multi-cloud environment, fail-over capability is critical. As a logistics company with just-in-time needs, they cannot depend on a single cloud environment or on-premise data center – either of which will at some point go down, if only for a few minutes. Among smaller alternatives, Cloudflare is one of this CIO’s favorites. They plan to deploy Cloudflare Access to replace their existing hub-and-spoke-style VPN, as well as Cloudflare’s DNS filtration capabilities. Our guest enjoys the ease with which Cloudflare products can be deployed. “You just implement an agent on any given system that you want to be part of that internal network, and then it will reverse proxy to give you that connectivity capability within a virtual private network.”

Full Stack Security Hygiene: Our guest employs CrowdStrike’s full-service offering, including management, maintenance, monitoring, alerting, and escalation for any detection and response on the endpoints, server, and workstation. While their pricing is a little high, “You get what you pay for when you’re at that level.” Broadly, our guest is not yet comfortable with an automated response and the AI/ML trend in the information security space but says that services from CrowdStrike are more viable than others in the way they integrate some automated response to lock down systems or prevent a process from exfiltrating information.

This enterprise is currently examining its SIEM solution. “We will probably be orienting towards Sentinel for everything in the Microsoft environment, and Elastic as a CLF for on-premise, and consolidating from multiple different environments.” Our guest finds Splunk one of the best tools for logging, but it is relatively expensive compared to Elastic and Sentinel.

…They applaud Zscaler’s very strong customer support but have little business to give them at this time.

My takeaways:

  1. Cloudflare for the win with ease and simplicity of deployment

  2. Crowdstrike showing great pricing power, and its well integrated full service capabilities give it a lead over competitors

  3. Someone with tech knowledge correct me if I am wrong, but the “Sentinel” referred to here on SIEM is about “Microsoft Sentinel” product, and not SentinelOne?


…Someone with tech knowledge correct me if I am wrong, but the “Sentinel” referred to here on SIEM is about “Microsoft Sentinel” product, and not SentinelOne?

Yes, they are likely referring to Microsoft Sentinel which is a cloud-native security information and event manager (SIEM) platform that uses AI to help analyze large volumes of data across an enterprise. It aggregates data from multiple sources (users, apps, servers, devices, etc.) running on-premises or in the Public cloud.