I don’t know if I buy that endpoint security is any different than other software markets. The simple answer is that all cyber security products are different from other software markets. I will elaborate.
From my experience cyber-security is treated differently than most other software products. Though I retired about ten year ago, I suspect this has not changed. I was an enterprise architect with a focus on information management (this is somewhat different from data management, but I’ll forgo an explanation, probably gets into the weeds and would be a launching post for long off topic discussion).
Just for clarification, enterprise software can be pretty much lumped into four broad categories. 1) End-user facing software, like an ERP package or an HR package etc., would be members of one major category. This category tends to be transactional and directly supports vertical business functions within the enterprise. 2) The software that directly interfaces with IT hardware components, often referred to as “system software” are members of another major category. An operating system is probably the best known example of this category. 3) Software that resides in between the user facing applications and the system software is often referred to as “middleware.” This is where database management systems reside. There’s actually quite a lot of middleware but it’s the domain of IT techies. A lot (maybe all?) of cyber security software is in this category. And 4) there’s analytics and reporting software. Alteryx would be a member of this category. Business intelligence, warehouse systems, visualization software all reside in this category. These categories are just a convenient way to segment software. There are no rigid boundaries and there are obvious examples (like Windows) that seem to overlap more than one category.
When it comes to establishing standards, a lot of the heated arguments are about software in the first category. The second category faces the least argument. In most cases, the system software is pre-determined by the hardware decision. If you buy an IBM box to run UNIX, you are going to host AIX on it. If instead you purchase an HP box, you’l host HP-UX on it. There’s nothing to argue about.
At the Fortune 50 company I worked at, the enterprise architects and the cyber-security organization were two separate groups under different management ladders although there was often overlap in our work (I’m pretty sure that this arrangement was not unusual). As such we made efforts to coordinate with one another as much as possible. For the enterprise architects it was a goal to standardize on as few different software packages as feasible. For example, Oracle was the corporate standard for database management systems. We made an exception for DB2 in that we had established Catia as the standard for design software and it would only run on IBM/AIX hardware and DB2 DBMS (at the time, maybe not still true).
The point is that keeping the number of software packages to a minimum was a significant cost management tool. The cyber security folks had a different attitude. The cyber security folks had a basic architectural premise of layered defense. There’s absolutely no way they would have purchased all the security software from a single vendor even if there was one that claimed to have a comprehensive solution.
My point is that when we look at an end point solution like Crowdstrike, there’s zero competitive threat from Zscaler or Okta. The security landscape is customarily partitioned and cyber security defenses are purchased (or sometimes built in-house to address special situations like export controls) to address the characteristics of each specific partition. In addition, a lot of attention was paid to “orchestration.” What that means is that the weak points of the overall security system resides at the boundaries of the partitions. Making sure that all the software components worked in concert with one another is critical.
So the question about Crowdstrike will it “be queen for a time. Then comes another, younger, more beautiful, to cast you down and take all you hold dear." fails to consider that Crowdstrike is not evaluated strictly on how well it does its intended job, though that is the most important question, it’s not the only question. How seamlessly it integrates with the software on its boundaries is also of vital importance.