CrowdStrike Tops IDC Worldwide Corporate Endpoint Security Market Shares, 2021

Industry-leading advanced AI and automation fuel the Falcon platform to stop breaches

CrowdStrike is proud to be ranked No. 1 in the IDC Worldwide Corporate Endpoint Security Market Shares, 2021 report (doc #US48580022, May 2022). We are grateful to our customers and partners for helping us achieve this significant milestone, yet its real value goes far beyond the bottom line. Our conviction is that the only way to stop modern adversaries is by using a best-in-class platform that leverages native artificial intelligence (AI), machine learning (ML) and automation to harness the power of high-fidelity data and front-line human expertise. 

Rich telemetry and threat intelligence form the foundation of nearly everything CrowdStrike does. It trains our AI and ML algorithms to make hyper-accurate decisions, gives our threat hunters and incident responders the context they need to root out and contain active attacks, informs intelligent automation across our platform, and empowers SecOps professionals with the visibility to simplify and accelerate detection, investigation and response workflows across their environment.

Unifying AI and Human Expertise to Stop Adversaries

Some AI experts argue that general purpose methods such as search and learning that leverage ever-increasing training sets and computing power are what primarily drive how machines can solve the most complex problems (e.g., beating an expert in the game of Go). You can think of this approach as teaching the algorithm how to think and learn (like a toddler learning how to play the game by watching their friends and then trying over and over until they get it right) rather than putting specific knowledge into it (like the same toddler being told over 200 possible moves and common strategies for gameplay and then left on their own to figure things out). 

Others would argue that simply adding more raw data and computing power isn’t enough, as human knowledge is critical to achieving a specific outcome (and to reducing the carbon footprint from unlimited computing). 

While this debate is sure to continue, let’s examine how CrowdStrike holistically blends both approaches — supervised and unsupervised — to achieve cloud-scale AI that is enriched with human-led expertise to solve one of the hardest challenges in IT: counteracting a malicious human on the other side of the keyboard.

High-Fidelity Data Is the Bedrock of Analytics

Every good decision in cybersecurity starts with good data, which must come from sensors deployed holistically across the enterprise. The more weak signals you can integrate into a strong signal, the better your chances are of finding the attack that matters most, which is one of the core philosophies behind CrowdStrike CROWDSTRIKE FALCON® XDR. According to the IDC report, we owned “12.6% corporate endpoint security market in 2021,” leapfrogging all other providers and delivering significant year-over-year growth. Our growth means we have evermore sensors in the most critical, highly targeted organizations, resulting in more high-fidelity data for analytics.

By the numbers, CrowdStrike Threat Graph® processes trillions of security events per day from nearly 18,000 customers around the world. One of the secrets of AI, and the Threat Graph itself, is how the value of data compounds over time. The more high quality data you have over an extended time horizon, the faster and more accurate decisions you can make. As we’ve been categorizing indicators of attack (IOAs) and tactics, techniques and procedures (TTPs) for over a decade, chances are we’ve already seen a particular malicious behavior or something like it. This allows us to predict the right response in near real time. Whether the response is a prevention event or investigating, hunting or running forensics across our vast data repository, it results in better prevention rates and faster time to containment for our customers.

AI-powered Analytics Is Key to Stay Ahead of Evolving Adversaries

Of course, raw data isn’t valuable without analytics. As we’ve seen throughout the long history of security information and event management (SIEM) systems, more data can often be overwhelming, requiring vast resources to ingest, store, manage and transform raw telemetry into actionable insights. SIEMs are often referred to as “garbage collectors” for data — garbage data in equals garbage data out.The last thing we need in cybersecurity is more noise. The key is gathering and integrating the right data to fuel analytics, which never means all data.

Across the CrowdStrike Falcon®® platform, we employ multiple complementary layers of AI/ML to our rich dataset to deliver accurate results, including our continuously learning malware prevention capabilities on the endpoint that can stop never-before-seen threats before they result in a breach. Additionally, with CROWDSTRIKE FALCON® XDR, we apply analytics across disparate sources of security telemetry to surface hidden threats that could bypass traditional single-point detection tools. 

Another critical area of focus for analytics is the quality of the security analyst experience. CrowdStrike constantly finds ways to inject analytics into our platform to make the job of detecting, investigating and responding to events simpler and more effective. For instance, no analyst intervention is needed to build the complete visualization of an adversary’s complex attack path, saving hours and greatly reducing mean time to detect/mean time to respond (MTTD/MTTR); think of this like “autocomplete” in your email. 

CrowdStrike will continue to drive new innovations in the Falcon platform to take the hands-on grunt work out of security operations. One such example is the native integration of the CrowdStrike Falcon® Fusion security orchestration and automation response (SOAR) solution into CROWDSTRIKE FALCON® XDR, which allows analysts to focus on responding in a timely manner to the relatively few events that truly matter, the situations where responses can’t be fully automated.

Human-led Expertise Informs AI in a Virtuous Cycle

CrowdStrike is privileged to help our customers prepare, hunt, react to and recover from potential cyberattacks with the world’s best threat hunting and incident response (IR) team. From our fully managed Falcon Complete™ solution to threat hunting and IR, the experts behind these services constantly feed the results of their activities — be it a newly discovered malware family, IOAs or other adversary tactics — into the Threat Graph. CrowdStrike technology then automatically uses what our experts have learned to train our AI/ML models to detect and stop future attacks. The more hunting or frontline engagements we perform, the more tacit knowledge our platform retains. As our agents and services continue to be deployed across more enterprises and endpoints, we gain more visibility and discover and contain more threats, which turns into a flywheel that keeps CrowdStrike ahead of the most advanced adversaries.

Turning On the Flywheel to Stop Breaches

We believe that the trifecta for stopping breaches is to unify the world’s best platform, with the industry’s deepest data to power AI/ML and automation, all bolstered by elite human expertise. We’re proud to have been ranked No. 1 market share for 2021 in the IDC Worldwide Corporate Endpoint Security Market Shares, 2021 report, but we are even more excited about what this means for our customer as we continue to broaden our reach, creating a virtuous cycle that keeps adversaries on their heels.

Additional Resources

Related Content