What I'm curious about: other than checkbox compliance, how does Crowdstrike convince companies to buy their product? Do they present evidence that their product is effective at protecting customers? Because certainly Crowdstrike customers still get hacked.
I've watched it occur countless times. Often times the people making the purchase decision are largely incompetent.
They usually come out and take your team to a nice lunch. Then they run you through a fancy slide deck and convince you to let them run some scaremongering reporting tool over your infra. By the end of the day, most of your leadership is convinced they need the solution.
Rinse and repeat hundreds of times and you have the 3rd party vendor hodgepodge hellscape that constitutes most large corporations' IT infrastructure.
I would imagine that their best weapon is that so many other big organizations are using CS, so choosing CS gives the decision maker the best shield from responsibilities, similar to "nobody gets fire by choosing IBM".
Of course, how they started from small was completely different.
