At this time I’m quite a bit less than an IT product analyst despite the fact that at one time commercial s/w comparisons was a regular part of my job.

So I’m asking those in this community with greater knowledge than I possess to help me understand the difference between CrowdStrike and ZScaler. Presently, I do not hold positions in any cybersecurity vendor, but I am considering taking a position. I have a basic, high level understanding of the offerings from these two vendors. What I don’t understand is where the functionality of their products overlap, and more importantly what one might consider the gaps of one company’s products that are addressed by the other.

From my POV, these are the only cybersecurity firms I would invest in. I also think that the company with the best product suite is destined to be the best investment over time.

A good simplistic analogy is a bar. CRWD is a really good bouncer who will keep everyone out that doesn’t meet the establishment’s requirements. Once you’re in, ZS will check your ID EVERY TIME you want to buy a drink. They are Zero Trust so just because you showed your ID the first time, doesn’t mean you don’t have to prove it the next. CRWD and ZS work together.

Brittlerock
I’ll take a stab at the simple, short difference between ZScalar (ZS) and Crowdstrike (CRWD).

A corporate endpoint device like a laptop or mobile device needs access to corporate resources such applications and data. In the past, remote access was secured by a VPN firewall from the endpoint to the edge of the corporate network. The device and user are authenticated using proper credentials by the firewall, then a secured VPN tunnel is established. The user can access corporate resources. VPN firewalls evolved to add authorization capabilities that restricted which corporate resources were accessible based upon the permissions granted the device or user. VPN firewalls always struggled with adding endpoint security protection. Note that endpoints are accessing the public internet and are a prime target for an external attack and infection. As such, an endpoint anti-virus package was usually tacked on the endpoint and may get engaged with VPN authentication. But the security access market was bifurcated into VPN firewalls and endpoint anti-virus services. It was hard to provide both of these services well. Also, when selling a firewall, the customer wants to keep his anti-virus software that is on thousands of devices. The customer expects cooperation and integration.

OK Networking: the last 10 years applications have moved by large to the cloud or at least a hybrid with some on-premise applications. The hard perimeter of the corporate on-premises network is no more. And so, the VPN firewall has migrated to the cloud. Well migration is a bad word because the software paradigm and implementation required a whole new software architecture and model. Out of this new cloud world sprung SASE companies such as ZS and Cloudflare (Secure access and service edge). But the model is now expanded to secure the network between the endpoint and all applications and data sources. And secure access between corporate applications and data sources. So the ZS ‘basic’ product is provide authorization policy making and enforcement. There is a lot of set up and rules to define. No easy task given many required meetings between the corporate stakeholders. But the end result is what ZS calls a Zero Trust Exchange. ZS has added many new products to complement this basic Zero Trust Exchange capability.

OK Endpoint: Old products such Symantec and McAfee using virus signature matching are dead horses. These are replaced by EDR (endpoint detection response) protection. CRWD sprung out of this new challenge and ate the old anti-virus companies lunch. These tools look deeply at endpoint network traffic and endpoint OS registry configurations and identify attacks and infections. If infected, an endpoint device or user may be removed or firewalled from the corporate network. Further, XDR malware searching and hunting capabilities were added. XDR (extended device response) usually combines some cloud AI service processing the endpoint log ingestions and other artifacts. The alerts and warnings from the endpoint can be overwhelming trying to distinguish what is bad and not bad (a lot of false positives). So cloud service management technologies were created SIEM (Security Information and Event Management). These collect logs and all kinds of stuff from the endpoint to identify a threat. They allow the user to manage his attack alerts.

This is my 60,000-foot technology view and is an extreme simplification of the market segmentation. And I am not discussing the robust platform products both companies offer that complement their core product. Hope it helps others confused by all the buzzwords and can distinguish the primary market segment difference between ZS and CRWD. ZS reduces the attack surface for malware. CRWD detects and manages the malware infestations. These companies do overlap in some places and but I’ll stop here. They can co-exist in an enterprise and complement each other. Someone else can take it deeper if they want. This is just a stock message board. Owning both does make sense. I currently own ZS.

-zane

To take that a step further, ZeroTrust applies to the user on the computer and all the application. So in the bar, the user is not just checked for drinks, but checked if they try to use a credit card, or go to the bathroom, or put a quarter in the juke box - everything. If a bad guy comes in the bar and tries to make you open the safe, ZS knows not to even let you in that room that holds the safe. Remember the energy company that got shut down with ransomware a couple years ago? If they had ZS, then when the user foolishly clicked on the ransomware link in email, only his computer would have been screwed, not the entire company’s system. The user only had permission to do stuff on his computer, therefore any executables run were limited to that computer. ZS provides other services as well. Back in the old days, VPNs used for remote private access required lots of hardware (e.g. expensive firewalls) at your company so you could work from home or a hotel. ZS centralized that in the cloud so you company could stop buying and maintaining that hardware. Using a VPN is like your car driving through a giant tunnel. The bad guys up in the sky can’t see your car, so they don’t know if it is a Brink’s truck, Limo, Hummer or a convertible, and therefore they don’t know how to attack it.

How timely to the discussion here! A seekingalpha.com article by Bert Hochfeld comparing ZS and CRWD. Bert really does a superb job of analysis, but this one he even out did himself.

Zscaler Vs. Crowdstrike: Which Of These Two Great Companies To Buy Now

Jun. 28, 2024 10:18 AM ETZscaler, Inc. (ZS) StockCRWD

Bert Hochfeld

https://seekingalpha.com/article/4701497-zscaler-vs-crowdstrike-which-of-two-great-companies-buy-now?mailingid=35906671&messageid=must_reads&serial=35906671.54213&source=email_must_reads

-zane