Retailer Compares Microsoft with CrowdStrike for Security. The Verdict? “It’s Not Even Close”

CISO says CrowdStrike delivers better value, security coverage and support from one unified platform

The CISO of an American retailer recently shared their experience comparing CrowdStrike with Microsoft for endpoint and identity security. This person, who has nearly a decade of experience in cybersecurity for this company, allowed CrowdStrike to anonymously share their story to help others in their cybersecurity journey.

In 2019, the retailer replaced its legacy AV solution with CrowdStrike for modern endpoint security. Since then, it’s consolidated on the AI-native CrowdStrike Falcon® cybersecurity platform for protection across endpoints, identity and cloud. The retailer is happy with the Falcon platform, but still the CISO does an exhaustive evaluation of its security tools every year.

“We’re not the type of company to just sit and ride out a platform,” said the CISO. “If you’re actively looking for best in class, you have guiding principles around consolidation, innovation and quality of life for your team, so you’re constantly challenging your investments.”

Microsoft inevitably comes up in these tool evaluations. As a Microsoft enterprise customer, the retailer frequently gets discounted offers for Microsoft security products. Tempted by the potential cost saving, the CISO decided to dig deeper. What they found is that CrowdStrike delivers better value, security coverage and support from a cloud-native platform designed to unify key security capabilities.

Microsoft vs. CrowdStrike for Endpoint Security

Cost was the first thing the CISO compared. CrowdStrike immediately jumped out ahead based on Microsoft’s high licensing costs.

“We do have some level of Defender with our enterprise agreement. The base is free, but if we want functional parity with CrowdStrike we’d have to upgrade our user licensing with Microsoft, and then it’s out of the ballpark from a cost perspective,” said the CISO. “Based on the requirements on Microsoft’s website and what we pay for E3 and E5 licensing, we’d have to double our annual Microsoft licensing costs just to have users at the right licensing level to unlock full Defender capabilities … that’s before we pay to license Defender itself.”

The CISO added that all users may need to be at the E5 level, which changes the math. “It’s hard to know exactly how much [licensing would cost] given our historic challenges understanding Microsoft licensing and the hidden licensing requirements that pop up when we request quotes, but the overall cost of Defender would be exponentially higher.”

Beyond licensing, Microsoft’s claims that many of its solutions are “free” can be misleading. When comparing total cost of ownership, including licensing, maintenance, management and increased staffing requirements, the CISO said CrowdStrike delivers significantly better value than Microsoft.

“Defender licensing alone would cost 3X more than what we spend with CrowdStrike in total, which includes Falcon Adversary OverWatch, Falcon Spotlight, Falcon Identity Protection, and the full suite of EDR capabilities and threat intelligence, with coverage across all operating systems.”

Microsoft Lacks Security Coverage

When it comes to security coverage, Microsoft has multiple platforms with different subsets of functionality. Not only does this cause operational headaches, customers are often unaware of coverage gaps their specific subscription creates — opening the door for breaches.

“Cost is an important factor but it really comes down to functionality,” noted the CISO. “With Microsoft, the coverage and capabilities just aren’t there.”

“Microsoft Defender doesn’t fully support our Mac or Linux environments, or any of our Windows estate that isn’t updated to the latest OS version,” said the CISO. “Firewall management, exploit protection and tamper protection aren’t supported on Mac or Linux. In addition, most of Defender’s incident response features such as live response, quarantine/isolate and collecting forensic data are either not supported on Mac or Linux, or come via limited customer preview. Finally, EDR blocking is not supported on Mac or Linux, which seems core to an EDR product.”

Bad Support

“In my opinion, Microsoft support is horrible,” added the CISO. “Response time for queries and questions is the most problematic for me. When I really need help, Microsoft isn’t there. Then, once I finally have someone on the phone, it’s always a sales spin.”

The CISO also noted that feature requests with Microsoft go into a black hole, never to appear in products, whereas “CrowdStrike is very good about that.”

Microsoft vs. CrowdStrike for Identity Security

As a Falcon platform customer, the retailer can quickly and easily add new protections using the single Falcon agent and console. In 2021, it deployed CrowdStrike Falcon® Identity Protection to combat the growing threat of identity-based attacks.

As with endpoint security, the CISO shops around for identity security products every year to ensure they have the best solution for their needs. Again, Microsoft came up.

“We looked at Defender for Identity, but it wasn’t even close. The ability to consolidate with CrowdStrike is a huge differentiator. If you’re running Falcon, it’s very compelling to add identity protection. Unless there’s a good case from a functionality standpoint to not use Falcon, you’re really hurting yourself by not consolidating on the same agent and console.”

Since consolidating with CrowdStrike, the retailer has eliminated three agents and three consoles, while gaining protections from one unified platform. The CISO noted that Microsoft’s approach to security is less streamlined, creating high complexity due to the operational burden of deploying multiple agents and managing update processes multiple times per day.

Be Prepared

The CISO warned organizations to be ready for Microsoft’s sales pitch. “If you have a Microsoft enterprise agreement, be prepared for this conversation and arm yourself with these facts, because a lot of times they’re backdooring to executives saying we can save you a lot of money if you put everything in Microsoft, but it’s not true.”

As our conversation ended, we returned to the CISO’s number one goal: security. When it comes to security, CrowdStrike and Microsoft take different approaches.

“The mission of CrowdStrike is to stop breaches,” concluded the CISO. “The mission of Microsoft appears to me to be to sell more Microsoft.”

Additional Resources

Related Content