Crowdstrike criticism on

A new article on Motley Fool said that:

"When it comes to actually stopping cyberattacks, independent testing rated the product lower than many competitors.

AV-Comparatives tested CrowdStrike’s platform against real-world cyber threats, releasing its results toward the end of last year. CrowdStrike came in 14th against 18 other security companies."

Full Article:…

Techies, please respond your insight.


First I’d like to state that I’m not a techie, but I did read the article and the test results.

I think the article was very flawed. It listed only one of the test metrics. If you look at the full report there are several test metrics, plus details that put those raw numbers in context. The real world test was out of 801 attacks. CRWD missed 18, so the difference between the top and CRWD was 2.1%. I would say there were 3 tiers of protection, and CRWD was in the 2nd tier. This doesn’t account for how CRWD deploys updated protections in the Falcon product/service. Other security companies would require updated software or definitions to protect against newly identified threats.

There are also 2 other reports from the company:

The Endpoint Prevention and Response shows CrowdStrike in the top tier. This accounts for protection and cost, showing it is actually a very cost-effective solution.

Again, I’m no techie so I’m very much interested in the input of those well versed in these types of analysis.



Sorry for the short reply.

These folks are ignorant about Cloud Security.

Simply ignore as NOISE




Sorry for the short reply.

These folks are ignorant about Cloud Security.

Simply ignore as NOISE



There are those of us who do not have a full position. I think we should play this up.

Come on! Sell it down to 200! Baby needs a new pair of shoes! Gimme a blue light special here.

Sorry Saul, but there are times when the traders want to close their shorts. When they do, we get a chance to grabs some companies cheap.

The Game stop thing gave me a chance to grab so Snow at 265. I had my trot
line set at 260 so missed. But it will not happen with CrowdStrike.



If folks are buying CRWD because they have the best detection, you are owning it for the wrong reasons. One reason Saul likes CRWD is because they use forensics data collected from all their customers to improve detection. This is also the wrong reason for holding CRWD. All security companies run analysis and ML on worldwide customers forensics. And they have been doing this for many years (as I have previously posted). Having the best security detection is a journey that requires continual investment by many smart people. Trying to grade detection of the security companies is always about looking in the rear view mirror at previous attacks. But it is a new attack with its new tricks, that you will hit head on in the face splat.

Folks have criticized FireEye (FEYE) for getting attacked by Cozybear and applauding CRWD for getting the resulting incident response (IR) business. The Solarwinds Orion attack (by APT28 - Russia) was extremely sly and calculating and used many methods that appeared as normal operations. It was a military grade attack that was an APT (advanced persistent threat). The attack was very slow and persistent over a long period of time and difficult to identify through normal detection methods. Very few security companies or people in the world would be able to detect this kind of attack. They used lateral movement techniques once they infected a machine. This little malignant software hopped again to the next machine, each time gathering more network knowledge before taking the next step. The trojanized component is digitally signed and contains a backdoor that communicates with third-party servers controlled by the attackers. FireEye tracks this component as SUNBURST and has released open-source detection rules for it on GitHub. Its calling home very carefully disguised as Solarwinds packets.

It was fortunate and unfortunate for the good guys that they chose to attack FEYE. FEYE is one of the best at detecting APTs (FEYE invented the APT definition and conventions). Cozybear really wanted the secret weapons that FEYE had. They got these weapons and this is the unfortunate part. But at the cost of getting caught by FEYE. The double agent was exposed and the world got vaccinated. FEYE as a good security citizen shared this knowledge privately with the government, other security companies, and software vendors. A NSC security council meeting was held immediately to address the breech. The corrective actions and detection methods were already in place before the public announcement of the Solarwinds attack.

AFAIK CRWD did not ever detect this Cozybear attack until FEYE secretly published the incident and detection rules. But that does not mean that CRWD is not a great security company at detecting malware. It is in fact very competitive and it is investing in the journey. From month to month they may be the detection leader and then fallback again. Message, take the competitive detection runoffs with a grain of salt.

OK why buy CRWD? Very simple no tech terms; best cloud architected service and the best marketing. As long as they perform and eat Symantec’s and others lunch, I’ll continue to hold CRWD.

long CRWD