I don’t mean to rain on the parade, but vendor test results are only an indication that the vendor was well prepared for all the expected malwares. And after initial detection runs, each vendor was likely given a chance to fix the FPs and FNs in their product. Admittedly this is not easy if your product is not already robust. But then it does not speak to how well the AI/ML can detect or adapt to unknown or unexpected malware attacks.
The good news is that CRWD and S are both players in this game. There a million reasons why NET chose CRWD over S besides technical detection scores.
The details always matter. As to this latest MITRE test I don’t have information. I do know, however, that the last MITRE where S1 again performed at the top and CRWD performed in a middling fashion. That S1 was basically used out of the box, where CRWD’s software involved extensive modifications to even get the middling results.
I would speculate that in this test again, S1 was basically used out of the box and that CRWD made extensive customization to perform in this test. The sort of customization that only an organization with sufficient expertise and personnel could make in the real world. A company like NET. Not the type of resources the typical company will have, or even want to invest in if they could have.
The security market is characterized by extreme marketing combat and thus it is difficult to make heads or tails out of competing claims. The MITRE test is one objective measurement. Within that objective measurement, in the details, you can decipher S1s advantage (out of the box, automation) and why it is selling despite CRWD’s and Palo Alto’s market dominance.
Well, last I saw was that Palo Alto was at around 25% marketshare and CRWD at 6% with S at 1%. These numbers will vary depending on how they are measured and when they are measured (for Palo Alto that number is more than a year old) so market dominance is a relative term.
But also, the market keeps growing. Greenfields are being created in cloud, IoT and the like. We don’t know how S is doing vs. CRWD vs. Palo Alto vs. some new players out there in these greenfield markets. That is why we must follow the numbers so we can put the rhetoric into perspective.
There is nothing to indicate that S is losing their battle, or that CRWD being in the market is a larger impediment to S, than the market that CRWD faced when they were “unopposed”. I would like to see S show ever increasing financial leverage quarter after quarter as both CRWD and Palo Alto proved they could show (not in GAAP profits but in cash flow) as they were smaller. Outside of this issue however, that is still TBD, we can talk all we want but the numbers are making it moot. S is currently thriving and is projecting continuing to thrive. We will need to continue to watch the numbers and to see if financial leverage continues to be evident as things move forward.
Tinker