In the cybersecurity world, we cheer when companies are as successful as CrowdStrike in their recent IPO. This kind of success helps fuel the energy level across the entire cyber industry, rising the tide for all who are focused on keeping the world safe from cyberattacks.
Winning in this market requires more than just a deep understanding of cyberattacks and how to stop them. It requires a deep understanding of what challenges organizations are facing as they strive to protect themselves while their attack-surface grows, amid a growing base of adversaries who are innovating at a pace that rivals many of the world’s most successful tech companies.
The endpoint security market is about as crowded as any technology segment I’ve ever seen. To stand out in this crowd requires an intense, relentless marketing focus along with a technology and business strategy that can support rapid innovation, aligning with the most pressing customer needs.
So how did CrowdStrike cut through the sea of competitors and emerge with such a successful IPO?
1. CrowdStrike has killed it in their marketing and PR efforts
- As one of the incident response teams that investigated the DNC hack, they did a remarkable job leveraging this effort to gain PR coverage, highlighting the strength of their IR and intelligence teams. Companies want security experts in their camp, and CrowdStrike has proven that it can deliver.
- They over-invested in marketing, but not beyond their means. Every company balances investment in R&D vs. GTM, but CrowdStrike leveraged every opportunity to highlight key industry issues, how and why they were on top of them, and how their solutions set could protect organizations.
- Breaches Stop Here - They stuck with a consistent message around “stop the breach,” which is in the bullseye for what companies fear most. This single “pain-point” has and continues to resonate for companies of all sizes and industries.
- CrowdStrike did a much better job being honest about what their capabilities are vs. other competitors who exceeded the limits of exaggeration. There is a fine line around stating what your solution is capable of vs. what you aspire it to be able to do, and security pros are super-cautious with those who overstate.
- Excellent branding with the Falcon platform. Branding can be challenging in a world that moves as fast as cybersecurity, but CrowdStrike has done a great job with their Falcon brand strategy. At the platform level, the brand is inspirational and strong, while at the individual product level, descriptive. This is not a new idea but has been proven by many to be a winning brand strategy.
2. Focus on a cloud-native solution
- CrowdStrike stuck with their cloud story from day one, and did a great job explaining why it mattered. Being cloud-native enables them to innovate faster, keep endpoints secure wherever they are, and leverage big-data analytics to help recognize the latest threats.
- The cloud model was especially useful to get in the door. When organizations were breached, they could download the agent quickly and start doing forensics immediately. This helped, especially early on.
- They leveraged the processing power and scalable analytics of the cloud as a foundation for their solution. Others have since followed but architecting this way from the beginning gave them an early advantage.
3. Continuous delivery of new products
- Every tech company strives to create a development model that enables them to rapidly deliver new capabilities, but most aren’t successful at it. While not always fully baked, CrowdStrike listens to their customers and has continuously brought useful new capabilities to market that have enabled them to both keep their customers happy while blocking the competition.
4. Great competitive intel
- Their competitive team is outstanding. They watch the competition closely and go in with kill points that wound others. While this sounds like sales 101, it’s not easy in a market as crowded as endpoint, and is further challenging in a rapidly growing sales organization.
5. Solid technology
- I’m choosing my words carefully here because I’m not trying to say their tech is better or worse than anybody else’s technology. What I can say is that their solution set delivers a high enough level of prevention, detection, and response to keep most customers happy. Add this to their security experts, managed services, and rapid innovation, and you have a dog that hunts. I’m not going to say that their tech outperforms the rest of the market, but it works well enough to back up their marketing.
6. Successful services business
- While CrowdStrike has rallied around “Breaches Stop Here,” they also run a solid consultant and incident response business, helping companies investigate and respond to breaches when they occur and prepare for the worst-case scenario. The IR business in particular helps provide credibility and PR opportunities, which becomes a virtuous loop back into their product sales. Good formula. IR plus Crowdstrike’s incident readiness services creates stickiness with the client -- both from the “we helped get you out of a tough scrape” to “we’re helping you become better prepared for the next scrape.”
7. Highly visible and respected executives
- Dmitri Alperovitch (CrowdStrike CTO and co-founder) is super visible and well respected as a cybersecurity expert. He is a frequent spokesperson and is called upon regularly in high-profile attacks to provide insights and commentary. This translates into many PR opportunities that keeps CrowdStrike in the news.
Ok, so this might sound like a rah-rah to CrowdStrike, but is more intended to highlight a pattern of business strategy that leads to success. There is little here that is unique to CrowdStrike, and several of the other endpoint players have exhibited similar business strategies with good success.
The Bigger Truth: This formula: great marketing, solid tech, rapid innovation, solid services, and listening to customers delivers. And execution matters. For CrowdStrike, this has translated to a high-flying IPO, but does it guarantee future success? To get to the next level, they will need to not only continue to execute, but will need to grow their portfolio to compete with some of the bigger players. For now we can certainly congratulate them for a successful IPO and hope that the rest of the industry both learns from their success and gets even more motivated.