With the crowdstrike outage earlier last year it was incredible how many hidden security and kernel "experts" came out crawling from the woodwork, questioning why anything needs to run in the kernel and predicting the company's demise.
They were correct that there is no need for it to run in the kernel. They were incorrect in thinking this would affect the company's future, because of course the sales of their product have nothing to do with its technical merit.
I think you've got it half correct: sales absolutely does have to do with the technical merit. Their platform works, it's just folks overestimated the impact of a single critical defect.
Nobody would pay crowdstrikes prices if it didn't stop attacks, or improve your detection chances (and I can assure you, it does, better than most platforms)
> Nobody would pay crowdstrikes prices if it didn't stop attacks, or improve your detection chances
In my experience people pay because they need to tick the audit box, and it's (marginally) less terrible than their competitors. Actually preventing or detecting an attack is not really a priority.
And yet crowdstrike's stock price is still 28% up on where it was 12 month ago, 46% up on 6 months ago after their crash.
Sibling is right, that type of product is nothing to do with actually preventing problems, its to do with outsourcing personal risk. Same as SAAS. Nobody got fired when office 365 was down for the second day in a year, but have a 5 minute outage on your on-prem kit after 5 years and there's nasty questions to answer.