Crowdstrike is an immensely interesting company. Their strategic reach in political, government, and media arenas laid the groundwork for rapid success early on. Certainly, their marketing prowess has also been phenomenal. In their 2023 Super Bowl commercial, a Trojan Horse attempt was comically thwarted. It was rather ingenious to get people to laugh about cybersecurity in the face of hundreds of billions of dollars in business and data loss from damaging and devastating cybersecurity breaches. These losses were the result of large-scale breaches that occurred despite the detection capabilities of many big vendors like Crowdstrike.
Crowdstrike is often recognized for assisting SolarWinds in the immediate aftermath of the hugely nightmarish Orion network supply chain breach. They helped investigate and clean up after FireEye and the U.S. government, Microsoft, Cisco, Intel, and CISA (Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency) were attacked via Solar Wind’s own routine software update to Orion, its network monitoring tool, which all those companies and agencies were using. Crowdstrike’s role in the Solar Winds story was to help unravel the attack, and they learned that “unknown,” undetectable malicious code was inserted into a routine code process that opened a back door for the adversary to use at will for stealthy command and control (CnC) operations.
Christopher Krebs at DHS explained (during an NPR interview in 2021) that the DHS and NSA security infrastructure “only catches known threats,” which Crowdstrike meticulously detailed in the SolarWind’s case. A “known” threat is an attack with a known signature or hash. Most cybersecurity vendors, including Crowdstrike—and every single anti-virus or static analysis program out there—catches known threats. Every security vendor filters incoming traffic for known-good signatures, and known-bads, and blocks the bads. However, it’s the Unknown, undetectable threats from which enterprises and SMBs need critical protection! And most cybersecurity vendors, including Crowdstrike, allow all Unknowns into customer environments by default, in order to not interfere with business operations; they act only on known-good and known-bads, then try to identify any malicious Unknowns with their varied detection capabilities across vulnerable attack vectors. That strategy in and of itself is literally the baseline problem with cybersecurity today.
“Upwards of 90-95% of threats are based on known techniques,” stated Krebs. The SolarWinds attack was clearly a “novel” Unknown. But all known attack signatures start out as a novel Unknown. Truth be told: the Unknowns should be the cybersecurity industry’s highest priority.
When assessing whether Crowdstrike EDR or XDR security technology is right for your organization, consider Crowdstrike’s intimate, detailed, hands-on assistance with the unravelling of the supply-chain attack on SolarWinds/Orion. In this context, any reasonable assessment of Crowdstrike protections must include the question “Why is Crowdstrike not laser-focused on the pursuit of Unknown, undetectable threats?” Crowdstrike knows exactly what happened at SolarWinds, and they are keenly aware of the disruptive impact it caused to hundreds of thousands of people and government agencies, so why does their technology not address the issue of Unknowns above all else?
There is every reason to imagine that the SolarWinds attack was a starting point, that Solar Winds’ adversaries sowed the seeds of a large-scale future supply-chain attack while enjoying ~9 months of attacker dwell time undetected (because Unknowns are undetectable) during which time the attackers performed reconnaissance and studied all SolarWind’s corporate and government environments. Attackers could have easily hidden code for new backdoors to swing wide open in all those customer environments at a specified time or at a time to be triggered by certain conditions. Threat actors have already proven they can move from enterprise networks to infrastructure systems with ease. Crowdstrike knows that the stage may be set, but their security products remain reactive—allowing all Unknowns into customer environments and playing whack-a-mole to try to detect them as they perform reconnaissance, detonate payloads, usurp credentials, and try to move laterally.
With a 50% increase in adversarial intrusion campaigns in 2023 alone, according to Crowdstrike’s own “2023 Global Threat Report,” it might be worth considering that global enterprises as well as local SMBs, and the full range of businesses in between, need much more than influence, reach, threat intelligence acumen, and magnificent marketing. Real protection cannot be predicated on detection-first, or detection alone. Real protection must include real time assessment of Unknown files and objects because this is where novel malware and ransomware attackers hide, inarguably.
Only Xcitium’s lightweight, Zero-Dwell Containment technology proactively isolates all Unknowns at machine speed with patented virtualization technology that prevents attackers from accessing real data and resources, without any interruption to end user productivity or business operations. No other vendor besides Xcitium pre-empts breaches with automated containment and assessment of all Unknown files and file-less objects as they enter a customer environment at runtime. This is proactive endpoint technology that truly starts at the very beginning of the attack kill chain. Xcitium’s ZeroDwell Virtualization means all Unknowns are guilty until proven innocent—this is a layer of zero trust innovation that is available to all sized business and MSPs/MSSPs right now, at a highly affordable price.
CrowdStrike – Zero Trust
Crowdstrike markets its product offerings as Zero Trust solutions:
Almost all cybersecurity vendors make this same Zero Trust claim. It is questionable, however, because Zero Trust by definition requires a DEFAULT DENY security posture, and Crowdstrike, along with every other detection-first cybersecurity vendor in the marketplace, allows all undetectable Unknown files and file-less objects into customer environments by default, then tries to detect any Unknowns within the customer network that might be malicious. The importance of realizing that allowing strangers/Unknowns inside your house where all that is precious to you resides, results in actively increasing customer risk, and this cannot be overstated. This strategy is why cybersecurity breaches keep happening, worldwide.
Again, Xcitium ZeroDwell Containment, comparatively, is a default deny Zero Trust technology that addresses all Unknowns at runtime: if we don’t know you, we don’t trust you. Isn’t it well past time to move away from big companies like Crowdstrike that profit handsomely from failed detections?
Crowdstrike and Incident Response Retainers & Fees
Cyber-attacks are surging worldwide, with worsening trends predicted for years to come. This means cybersecurity vendors are selling threat detection as protection but clearly not stopping large-scale breaches and ransoms! Yet customers continue to pay Incident Response (IR) fees to remediate their vendors’ failed detections.
Crowdstrike’s MINIMUM Incident Response package has a required upfront retainer of $49,000 plus hourly breach remediation fees thereafter in the event of a breach. If you are not breached, the retainer alone is prohibitively costly for many! Because Crowdstrike’s detection rate is ~95%, they leave customer enterprises vulnerable. Ransomware and malware just ride in on that ~5% of Unknown, Undetectable files and objects in customer traffic, while Crowdstrike and other detection-first vendors then try to detect elements of these stealth attacks. And until they are detected (if they are detected), attackers that rode in on that 5% of undetectable Unknowns are dwelling inside customer environments and performing reconnaissance or worse.
The attacker is not the only one who benefits when detection-based vendor’s like Crowdstrike fail to detect undetectable Unknowns. To say it squarely, your cybersecurity vendor benefits as well by charging high-priced Incident Response retainers and fees to compensate them for remediating their own failed detections. Xcitium, however, does not charge for Incident Response.
- Get a free forensic scan and see the Undetected Unknowns your current vendor missed: Xcitum’s Threat Hunter Assessment Tool: THAT tool
You do not need to endure a 5% risk of breach, or pay hefty up-front + post-incident fees that accrue as a result of breach. Unlike other cybersecurity providers, Xctium’s MDR customers are proactively protected by our patented DETECTION-LESS virtualization technology with continuous monitoring, threat hunting, vulnerability hardening, and managed services 24/7/365. And:
- With Xcitium, you NEVER pay ANY upfront IR retainer fees as an Xcitium Managed SOC | MDR or XDR customer
- You receive UNLIMITED Incident Response hours at NO-COST
- You get a $1,000,000 Breach Prevention Warranty as added protection
- You can REST EASY knowing that Xcitium’s 6000+ ZeroDwell customers have experienced ZERO breaches, paid ZERO ransoms, and seen ZERO organizational damage (see Xcitium's Historical Performance Reporting and our AV-Labs verification of performance here).
- You will never again waste money on alert fatigue and false positives (these are artifacts of old-school detection-first solutions)
Xcitium is the only vendor that never charges any IR retainers or fees for our MDR or XDR customers. And we also provide a No Retainer, No Hourly Fee Incident Response Contract (IRC) for free to help you remediate your current vendor's failed detections if that is of interest to you. Get a No-Retainer IRC Now https://www.xcitium.com/incident-response]
Crowdstrike vs Xcitium
Xcitium’s lightweight, Zero-Dwell Containment proactively isolates all Unknowns at machine speed with patented virtualization technology that prevents attackers from accessing real data and resources. No other vendor pre-empts breaches with automated assessments of all Unknown files and file-less objects at runtime. This is proactive endpoint technology that truly ends the attack cycle at the very beginning of the MITRE kill chain.
Xcitium endpoint security is a prevention-first cybersecurity solution, providing end-to-end protection (EPP + EDR | MDR | XDR) with best-in-class zero trust technology that includes a 24/7 expert Security Operations Center (SOC) and elite human analysts who back up AI determinations and perform expert threat hunting and forensics. The Xcitium platform also provides consolidated remote management and IT tools without any hidden costs or complex configurations--all operated easily from one fully integrated, fully unified console.
Crowdstrike customers: consider overlaying Xcitium ZeroDwell Containment as an add-on to your cybersecurity posture
Crowdstrike does not claim to be able to prevent against payloads they cannot detect. But you can overlay Xcitium’s pre-emptive EDR with automated ZeroDwell containment and easily manage the pre-emptive auto-containment of Unknowns yourself. This way, any undetected payloads from Unknowns are contained proactively with virtualization and rendered harmless. Also, Xcitium Advanced is a pre-emptive EDR solution that includes high-definition alerts and correlations that do not cause alert fatigue or a glut of false positives, and this is possible because attacks contained by automated virtualization of Unknowns means attacks are no longer threats and alerts end once we tell you the verdict of the contained threat was indeed malicious.
Xcitium is one of only a very few cybersecurity vendors that can layer enterprise-wide MDR | XDR atop Crowdstrike and other cybersecurity vendors for proactive protection of endpoints, networks and clouds. If Crowdstrike is your choice for cybersecurity, consider adding Xcitium’s zero trust containment layer with managed SOC services atop of it so you are not vulnerable to Zero Day payloads that will cause havoc. If your organization is committed to maintaining Crowdstrike licensing, you can better protect the organization by overlaying our world class, patented MDR solution that runs seamlessly aside Crowdstrike to pre-empt Unknown attacks and expand Crowdstrike’s capabilities. Moreover, Xcitium never charges its MDR | XDR customers any Incident Response retainers or hourly fees. Why would we when Undetectable, Unknown threats are automatically contained at runtime by our virtualization technology?
- To see a demo of Xcitium’s EDR, MDR, or XDR solutions and to learn how we can help strengthen your security posture, consolidate tools, and lower costs, contact us today for a 30-minute no-obligation consultation.
Are you interested in replacing your Crowdstrike deployment?
If you are ready to move to a fully-integrated, next-gen cybersecurity solution for proactive end-to-end protection, we recommend:
- Xcitium Advanced (EDR)
- Xcitium Managed (MDR)
- Xcitium Completes (XDR)
Each option is deployed with innovative ZeroDwell containment.
Xcitium Advanced provides pre-emptive EDR and the demonstrated ability to make threat management much easier for your IT team, or you could opt to allow our world class cybersecurity experts to manage all your cybersecurity for you with Xcitium MDR or XDR capabilities.
Please do join us to see a demo of Xcitium’s EDR, MDR, or XDR solutions and to learn how we can pre-empt attacks and improve your security profile enterprise-wide: contact us today for a 30-minute no-obligation consultation.
Are you looking for a new cybersecurity vendor?
Xcitium delivers robust pre-emptive auto-containment cybersecurity, plus continuous enterprise-wide monitoring, detection, actionable visibility (with built-in, native SIEM), and remediation capabilities that help organizations reduce risk and prevent known and unknown attacks, without any disruption of business operations or productivity.
Xcitium’s security experts are available to assess your current environment and show how our patented ZeroDwell containment, advanced endpoint protection, and 24/7/365 Managed SOC services can optimize your cybersecurity posture. In addition, you will never have to worry about unpredictable incident response (IR) fees, because Xcitium is one of the only vendors that does not require a costly IR retainer or charge hourly IR fees from its MDR/XDR customers.
Don’t wait for an incident — schedule a demo today to start fortifying defenses and unlocking the full potential of your security infrastructure with Xcitium.
And remember: Xcitium ZeroDwell Containment works side-by-side with existing security infrastructure, including Microsoft.
- Talk with us about Xcitium’s EDR, MDR, or XDR solutions to learn how we can help strengthen your security posture, consolidate tools, and lower costs: contact us today for a 30-minute no-obligation consultation.
