We started CrowdStrike five years ago with the mission to revolutionize endpoint security. At that time, no one was talking about replacing legacy and bloated AV agents with a next-generation, cloud-delivered lightweight (as in under 10MB in size on disk and in memory)
endpoint sensor. Let alone, one that incorporates machine learning/artificial intelligence, behavioral-based Indicators-of-Attack (IoAs), exploit mitigation and government-grade intelligence. Today, there are more than 60 vendors advertising some sort of next-generation endpoint security capability. How can you tell if these products are effective or just snake oil?
Independent and third-party testing is critical for separating the marketing hype from reality with these products. Customers are clamoring for a solution to help them achieve their dream of uninstalling those AV agents that hog performance, are ineffective in stopping breaches, and are so often derided by end-users. This is why when AV-Comparatives asked us to participate in their first-ever ‘Next-Gen’ competitive test, we were excited to give them access to CrowdStrike Falcon and get certified as an approved AV replacement product by this highly respected independent testing house.
CrowdStrike Falcon was the only tested endpoint solution to achieve 100% detection efficacy on all exploits used in the testing. It also scored a range of 98 to 99.2% detection efficacy with zero false positives on three separate malware tests performed by AV-Comparatives.
So what qualifies a solution to be a viable AV replacement?
There are two key points to consider. First, you must be effective in protecting endpoints against malware, exploits and other modern threats with negligible false positives. Second, you must provide a seamless user experience as the end-user uninstalls their legacy AV product. To do this, your AV replacement product must register with Windows System Center. In the AV-Comparatives test, not only did CrowdStrike Falcon score high enough in effectiveness to achieve certification, but it was also the only next-gen endpoint security solution to properly register with Windows System Center. With these two accomplishments in mind, customers can confidently move forward with CrowdStrike Falcon to replace their existing AV solution.
The importance of independent validation
We’ve seen a number of vendors make “unbelievable” claims without having them validated by an unbiased third party. CrowdStrike wants to take the guesswork out of evaluating next-gen endpoint security products, and not ask customers to purchase based on a leap of faith. To that end, we have committed ourselves to industry collaboration, scrutiny and testing.
Here’s a quick rundown of the external validation we’ve earned so far in 2016:
- AV-Comparatives certifies CrowdStrike Falcon as an Approved Business Product
- Forrester names CrowdStrike Falcon a strong performer in the Forrester Wave 2016 – Endpoint Security
- SE Labs certifies the CrowdStrike Falcon Machine Learning engine with 100% efficacy and zero false positives against the AMTSO RTTL
- VirusTotal integrates the CrowdStrike Falcon Machine Learning engine into its multi-scanner service which allows the industry to freely benefit from our machine learning technology and publicly scrutinize the effectiveness of one of our ML engines
- Coalfire validates CrowdStrike Falcon Host for PCI, HIPAA and NIST compliance
This approach seems obvious and non-controversial to us, but we are seeing a disturbing trend with some competitive products. For example, only two other next-gen endpoint security providers felt confident enough in their products to participate in the AV-Comparatives test. As for CrowdStrike, you have our commitment to continue to participate in regular public competitive reviews of our technology!
I hope that security professionals are asking every vendor who is claiming to have a silver bullet ready to replace old style AV to produce independent and competitive test results from well-known testing houses who are members of Anti-Malware Testing Standards Organizations (AMTSO). This is the only way our industry can tell who has truly developed a cutting-edge solution and who is just peddling snake oil.