Current Crowdstrike admin here. Friday sucked. Thinking about making a change, which will not be inexpensive. I'm wondering what others are thinking.

Whoops - innocent mistake, surely THAT won't happen again.

or

Circle of trust is broken, time for a change, costs be damned?

I'll leave the political side out of the discussion.

We've got a handful of clients vowing to rip it out as a form of pushing back against what they've deemed an inexcusable mistake.

Others are waiting to hear what CrowdStrike comes out with from a statement and plans to address this "oversight" going forward.

While Friday was a disaster that we're still dealing with - we probably won't land up doing anything drastic.

We just signed with CS less than a year ago. I'm sure it would involve getting Legal involved to get out of it and/or no way my company will just eat a 7 figure cost to change. With other projects going on, we don't have the resources to POC and implement a new solution.

This incident aside, CS has worked a lot better than any solution we've used before. We have a lot less complaints of random resource issues, FPs, and it's detections seem noticeable stronger than previous solutions.

I have to hope they'll be on their toes moving forward...I mean no way it happens again, right?? :p

SentinelOne, ftw! Time to check out a demo, methinks.

But honestly, I am going back around to several customer who recently opted for Crowdstrike, to see if there is any interest or whether they are going with your first option. the EDR/MDR market could be interesting in the coming weeks.

Lathspell said:

---

SentinelOne, ftw! Time to check out a demo, methinks.

But honestly, I am going back around to several customer who recently opted for Crowdstrike, to see if there is any interest or whether they are going with your first option. the EDR/MDR market could be interesting in the coming weeks.

---

Part of the reason we went with Crowdstrike was they came out with a SMB version and were running a 70% off intro sale, so we were able to get in for $18/endpoint/year. Hard to beat that. Don't know anything about Sentinel One but I've seen several people recommend it. Any idea what the cost is?

Also had someone recommend Huntress and Red Canary - never heard of them.

Also, if you're not up to date on remediation - Crowdstrike reached out to us on an auto-remediation action they're doing to quarantine the bad sys file. We had to authorize them through the support portal to implement it in our environment.

Was skeptical how that could possible work given the inaccessible state of the down hosts, but monitoring results it's looking somewhat promising so far (starting to see the sys file get quarantined).

Nothing I know of is getting as low as $18 per endpoint, per year. That's crazy low, and is less than my cost for 6 months of SentinelOne. I am curious to see if SentinelOne comes out offering some kind of promo with everything going on, but haven't seen anything yet. Granted, I'm not very familiar with the different packages from Crowdstrike, so don't know what you are getting with that specific package.

As far as pricing, it really comes down to the partner quoting it. We generally offer two flavors: SentinelOne Complete as a standalone EDR solution, and we have an MDR solution for SentinelOne Complete where we use Connectwise's SoC on the backend for remediation, threat hunting, and such. Those two usually provide us with the solution we need, unless there is a specific feature an organization needs at a higher tier.

https://www.sentinelone.com/platform-packages/

Has Crowdstrike asked for customers to report damages? Short of an overt admission of at least some liability, I would consider the trust broken.

lb3 said:

---

Has Crowdstrike asked for customers to report damages? Short of an overt admission of at least some liability, I would consider the trust broken.

---

Litigation is a big unknown as well. Most of the time the EULA will cover bugs, but this one may reach the threshold that causes the EULA/Warranty to be void, like liability waivers can be voided for gross negligence.

If CS goes bankrupt, switching may not be a choice.