Wow! talk about upstaging

Crowdstrike started with this press release"

CrowdStrike Achieves 100% Prevention in Fourth Round of MITRE Engenuity ATT&CK® Enterprise Evaluations

Sentinel followed with this one:

SentinelOne Leads MITRE Engenuity ATT&CK® with 100% Prevention, Detection, and Highest Scores…!!!

Saul
Exclamation points are mine!

51 Likes

I hate the PR games. Palo Alto has similar PR this morning.

https://www.marketscreener.com/quote/stock/PALO-ALTO-NETWORK…

What is important from Crowdstrike’s results is that they appear to be the only vendor which didn’t allow the test to go through due to their automatic identity protection layer - which is due to the Preempt acquisition. They actually had to disable that feature in order for the MITRE tests to continue, which I think speaks volume. I also think that competitive advantage has prompted SentinelOne to acquire Attivo - despite the 2 technologies not being exactly the same.

In addition I think is a testament that Crowdstrike’s tech is not to be underestimated considering that Cloudflare has picked them for their internal EP protection, over SentinelOne- I think the identity protection layer may have something to do with it, or the XDR alliance itself - which is not open but very vendor specific

63 Likes

I don’t mean to rain on the parade, but vendor test results are only an indication that the vendor was well prepared for all the expected malwares. And after initial detection runs, each vendor was likely given a chance to fix the FPs and FNs in their product. Admittedly this is not easy if your product is not already robust. But then it does not speak to how well the AI/ML can detect or adapt to unknown or unexpected malware attacks.

The good news is that CRWD and S are both players in this game. There a million reasons why NET chose CRWD over S besides technical detection scores.

-zane

4 Likes

Of course, and one of the reasons choosing Crowdstrike COULD have been the fact that its products need more human involvement and are perhaps more customizable than out-of-the box S1’s product. For Cloudflare with huge amount of superior IT staff it COULD perhaps have been better to choose more customizable product and involve own staff more closely in running and integrating it with own security offerings than taking out-of-the box one.

For OTHER (non-IT?) companies it COULD be PERHAPS the opposite now - every company has been saying in last reports that there is a shortage of quality IT staff and there is strong trend in replacing manual IT works by more automated software. The lack of IT engineers needed nowadays in ALL (not only IT) companies around the world is one of the main structural forces positively impacting adoption of our companies’ products around the world these days.

I like S1’s positioning in this set-up. Have nothing negative to say about Crowdstrike, just saying that I like S1 in this set-up. AND the company’s execution (the FACTS) is confirming superior fundamental strength of the business as we will see another year of triple digits growth and approaching positive cash flow.

4 Likes

I guess I was just thinking about the politics involved. Just think if Sentinel had posted first with:

100% Prevention, Detection, and Highest Scores…!!!

and all Crowd could say after was:

100% Prevention

Crowd would have seemed very puny by comparison, so Crowd hurried up to get a press release out absolutely as soon as they could to beat Sentinel’s press release, so they sound as if they had the best overall results (which they didn’t). It’s a PR war.

But enough on this, unless you have something you just feel you can’t hold back from posting. :grinning:

Saul

15 Likes

I don’t mean to rain on the parade, but vendor test results are only an indication that the vendor was well prepared for all the expected malwares. And after initial detection runs, each vendor was likely given a chance to fix the FPs and FNs in their product. Admittedly this is not easy if your product is not already robust. But then it does not speak to how well the AI/ML can detect or adapt to unknown or unexpected malware attacks.

The good news is that CRWD and S are both players in this game. There a million reasons why NET chose CRWD over S besides technical detection scores.

The details always matter. As to this latest MITRE test I don’t have information. I do know, however, that the last MITRE where S1 again performed at the top and CRWD performed in a middling fashion. That S1 was basically used out of the box, where CRWD’s software involved extensive modifications to even get the middling results.

I would speculate that in this test again, S1 was basically used out of the box and that CRWD made extensive customization to perform in this test. The sort of customization that only an organization with sufficient expertise and personnel could make in the real world. A company like NET. Not the type of resources the typical company will have, or even want to invest in if they could have.

The security market is characterized by extreme marketing combat and thus it is difficult to make heads or tails out of competing claims. The MITRE test is one objective measurement. Within that objective measurement, in the details, you can decipher S1s advantage (out of the box, automation) and why it is selling despite CRWD’s and Palo Alto’s market dominance.

Well, last I saw was that Palo Alto was at around 25% marketshare and CRWD at 6% with S at 1%. These numbers will vary depending on how they are measured and when they are measured (for Palo Alto that number is more than a year old) so market dominance is a relative term.

But also, the market keeps growing. Greenfields are being created in cloud, IoT and the like. We don’t know how S is doing vs. CRWD vs. Palo Alto vs. some new players out there in these greenfield markets. That is why we must follow the numbers so we can put the rhetoric into perspective.

There is nothing to indicate that S is losing their battle, or that CRWD being in the market is a larger impediment to S, than the market that CRWD faced when they were “unopposed”. I would like to see S show ever increasing financial leverage quarter after quarter as both CRWD and Palo Alto proved they could show (not in GAAP profits but in cash flow) as they were smaller. Outside of this issue however, that is still TBD, we can talk all we want but the numbers are making it moot. S is currently thriving and is projecting continuing to thrive. We will need to continue to watch the numbers and to see if financial leverage continues to be evident as things move forward.

Tinker

65 Likes