Is the EDR Market a Monopoly? News from the Crowdstrike BSOD

Is the EDR Market a Monopoly?

What you need to know about the Crowdstrike incident that shut the world down yesterday is that Microsoft and Crowdstrike have some bad blood between them. I’m going to talk a little gossip. In the world of Endpoint Detection and Response (EDR) tools and software security sales Microsoft is the global leader in enterprise solutions. Crowdstrike is second which owns 15% of the market to Microsoft’s 40%.

Microsoft has been dominating the security space as massive investments were poured into their cloud-based solution Microsoft Sentinel that rests on top of Microsoft Azure. Their Defender suite is a set of dozens of tools that work together to canvass pretty much the entire attack surface of workloads (desktops, devices, computers, networks, firewalls, virtual machines, etc..). It changes so often I couldn’t even really find an architecture with them all. But here’s one for clarity:

Their solutions come native in Microsoft operating systems so companies when they buy a new laptop they only have to put in a simple key to seamlessly add it into their cybersecurity environment. While its not perfect, nothing is.. but it is impressive. I see their strategy and what they are doing and its going to leave the competition in the dust like it has time and time again. They are a 3 Trillion dollar company and when they want to do something, they pretty much just do it.

Yesterday’s event is likely going to wake up Crowdstrike’s customers and they will begin migrating over to Microsoft Defender. Its too easy to use and does a great job and it would seem, if the reports are true, that Microsoft is making it MORE difficult for independent EDR tools to do their jobs effectively. Reducing Crowdstrike marketshare and converting their customers to Microsoft products.

I have seen tweets and multiple articles where Crowdstrike executives say snarky things and post incessantly about how they’re better than Microsoft and where Microsoft failed where they didn’t. They are clearly feeling a bit short where it matters. That’s how it comes off to me. One remark, fine. But a whole campaign targeted at someone you rely on for your services is too much. It makes you look sad. And Microsoft is going to get tired of Crowdstrike poking their monster. I’ve thought this all the way through when I worked for an MSSP and Microsoft was entering that space — there’s nothing you can do except make friends and watch as they slowly take market share from you. You certainly can’t go to war with Microsoft, that’s completely asinine.

Microsoft is expensive. That is the only thing wrong with it in my opinion but I’ve never once ever heard of a cheap Microsoft product in my life so its to be expected.

Is the EDR market a monopoly?

So, unless legal gets involved and breaks this thing up like they did with Internet Explorer, I see a monopoly and I bet on the Gorilla this time.

There’s no solid defense that allowing more 3rd parties access to lower level system privileges results in more security.

Get comfortable with Microsoft Azure.

Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University, and also CISSP, CCSK, CFSR, CEH, Sec+, Net+, A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, four online courses, and regularly holds webinars for new cybersecurity talent.

You can connect with him on LinkedIn.

Get 20% off all courses in our On-Demand catalog with coupon code “Welcome20”

Download the Azure Security Labs eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing.

Also available in the Secure Style Store, download the Job Hunting Application Tracker for FREE to keep track of all your job applications.

Check out my latest book Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success published June 1st, 2024 and winner of the 2024 Cybersecurity Excellence Awards.