Enlarge / Shares in SentinelOne and Palo Alto Networks have risen since July’s IT outage, while CrowdStrike has shed almost a quarter of its market value.

Getty Images

CrowdStrike’s president hit out at “shady” efforts by its cyber security rivals to scare its customers and steal market share in the month since its botched software update sparked a global IT outage.

Michael Sentonas told the Financial Times that attempts by competitors to use the July 19 disruption to promote their own products were “misguided.”

After criticism from rivals including SentinelOne and Trellix, the CrowdStrike executive said no vendor could “technically” guarantee that their own software would never cause a similar incident.

“Our industry is built on trust,” Sentonas said. For rivals to take advantage of the meltdown to push their own products “lets themselves down because, ultimately, people know really quickly fact from, possibly, some shady commentary.”

Texas-based CrowdStrike had a reputation as many major companies’ first line of defense against cyber attacks, but the high-profile nature of its clients exacerbated the impact of July’s global disruption that shut down 8.5 million Windows devices.

Insurers have estimated that losses from the disruption, which grounded flights and shut down hospital systems, could run into billions of dollars. Delta Air Lines, which canceled more than 6,000 flights, has estimated that the outages will cost it $500 million and has threatened litigation.

CrowdStrike’s lawyers have denied responsibility for the scale of Delta’s disruption and argued that the tech company’s liability is capped “in the single-digit millions” by its contracts.

Sentonas did not comment on the legal threat, which the company has dismissed as “public posturing about potentially bringing a meritless lawsuit.”

In the wake of the IT outage, rivals have detected a chink in CrowdStrike’s armor, with executives at SentinelOne, a direct competitor, heaping blame on its product design and testing processes to promote themselves as a safer alternative.

SentinelOne chief executive Tomer Weingarten said the global shutdown was the result of “bad design decisions” and “risky architecture” at CrowdStrike, according to trade magazine CRN.

Alex Stamos, SentinelOne’s chief information security officer, warned in a post on LinkedIn it was “dangerous” for CrowdStrike “to claim that any security product could have caused this kind of global outage.”

Trellix, which is privately held, also assured its clients that they need not fear a similar event. “Trellix has a different philosophy” to CrowdStrike, said Bryan Palma, chief executive, on LinkedIn. “At Trellix, we employ a conservative approach.”

Forrester analyst Allie Mellen said that multiple vendors were “using the outages to sell their own products,” adding that the typically collaborative security industry “really frowns upon that kind of ambulance chasing.”

Investors have bet that CrowdStrike’s publicly listed rivals will be able to gain an edge in the crowded endpoint security market, which involves scanning PCs, phones, and other devices for cyber attacks.

Shares in $7.4 billion SentinelOne have climbed 19 percent in the month since the outages, while $120 billion Palo Alto Networks has added 13 percent. CrowdStrike, now worth $65 billion, has shed almost a quarter of its market value since the incident.

IT research firm Gartner estimates that CrowdStrike’s share of revenues last year in the enterprise endpoint security market was second only to Microsoft, which bundles its products with other security tools, and more than double that of nearest rival Trellix.

Nikesh Arora, chief executive of Palo Alto Networks, said in an earnings call this week that the incident had already prompted some businesses to look around for other options. “It’s exciting because customers are willing to give us consideration,” he said.

As they seek to differentiate themselves, CrowdStrike’s smaller rivals have focused on how their products access an operating system’s core, or kernel, which has control over the whole computer.

Faulty software in the kernel can crash an entire system, as demonstrated by the thousands of “blue screens of death” that hit Windows computers across the globe in July.

SentinelOne’s Weingarten, speaking to CRN, pinned the outages on “the pervasiveness of code that has been put in the kernel” by CrowdStrike, suggesting that putting more code in the kernel offers more opportunities for mistakes.

Other companies, he said, offered “incredible protection without stuffing all your code into the kernel.”

While CrowdStrike has promised to introduce new checks and staggered updates to prevent a repeat of the mass disruption, Sentonas said the company’s continued presence inside the kernel is essential to provide maximum protection against cyber threats.

“The reason why we’re in the kernel is it gives us an opportunity to get visibility into everything happening to the system,” he said. “It means that we can protect the security product. It means that we can operate very fast—and it’s a very common way of working across the industry.”

CrowdStrike’s executives have previously attacked Microsoft after it was hit by a series of high-profile cyber incidents and breaches in recent years.

Since the outage, however, Sentonas has tried to put a positive spin on CrowdStrike’s relationship with Microsoft, which he said had “been on the phone with us constantly.” He also praised rival Palo Alto Networks for launching “a mature conversation about resiliency.”

Sentonas, who this month went to Las Vegas to accept the Pwnie Award for Epic Fail at the 2024 security conference Def Con, dismissed fears that CrowdStrike’s market dominance would suffer long-term damage.

“I am absolutely sure that we will become a much stronger organization on the back of something that should never have happened,” he said. “A lot of [customers] are saying, actually, you’re going to be the most battle-tested security product in the industry.”

© 2024 The Financial Times Ltd. All rights reserved. Not to be redistributed, copied, or modified in any way.

By Holden