Solar Group is a leading European sourcing and services company whose core business centers on product sourcing, value-adding services and optimizing their customers’ businesses. Headquartered in Denmark, Solar’s 3,000 employees are focused on delivering sustainable solutions with dedication and credibility.

Solar’s chief information security officer is Frank Christensen, who took on the role in 2020. While looking for an endpoint detection and response (EDR) solution that year, he tested the AI-native CrowdStrike Falcon® cybersecurity platform for a proof-of-concept (PoC) and was impressed. However, he got pushback from his management team and was directed to continue using the company’s existing security solution. 

Christensen continued to use the existing product, which he found could sufficiently cover the company’s EDR needs but required more resources than Solar could afford. Issues arose with maintenance, specifically the number of tools it required to run. Christensen’s team needed to build 1,200 exclusions and detection rules in their environment to be satisfied with the product’s security capabilities, he said. 

By 2023, he again recommended a replacement EDR product. This time, management was open to other options and the journey that would lead to the reduction in employees needed to work with the platform from 2.5 full-time employees to half of one employee's time, and an expected cost savings of up to 72% had begun.

Christensen and his team conducted a rigorous PoC with CrowdStrike’s XDR solution, first among himself and two colleagues. They were excited to see that CrowdStrike detected more than they had expected. This was followed by testing approximately 100 endpoints before rapidly expanding with a rollout PoC totaling 2,600 units. Although Solar had PoCs with three other vendors occurring at the same time, Christensen recommended CrowdStrike as their new provider. The business case was straightforward, he said: Switching to CrowdStrike would result in significant cost savings for Solar.¹

The management team, which included senior vice presidents on the security committee, were easily convinced. The contract was signed in October 2023 for Solar to make the switch to CrowdStrike Falcon® Insight XDR together with CrowdStrike Falcon® Identity Protection.

The CrowdStrike deployment took two months and was seamless with guidance from the CrowdStrike team, Christensen said. Solar was up and running with the new solution by February 2024.

Solar saw a significant reduction in false positives after switching to CrowdStrike. Its staff needed to investigate between 8 and 18 cases per month that were detected with its previous solution. The number of cases dropped to 3 per month with CrowdStrike. 

“With each detection requiring an average of 2.5 hours to investigate, it has freed up many resources in our support department. The number of employees dedicated to working with the platform has gone from 2.5 full-time employees to half of one employee's time," said Christensen.

This has led to a big win for the company’s internal resources, he explained. “The cost of my security operations center has been lowered because the investigators in the first level of my SOC don’t have the same amount of work as they did in our previous platform, where the user was blocked by something that was not a true positive.”

From a cost perspective, Christensen and his team saw a return on their investment with CrowdStrike almost immediately after installing the Falcon platform. In a direct comparison with its previous solution. He said Solar is expected to save 40% of costs during the first year of using CrowdStrike and 72% in the upcoming year.²

With the reduced expenses and resources freed, Solar has been able to implement new security solutions, such as enforcing Zero Trust Security and implementing identity segmentation. These capabilities, along with their mail scanner, have been built into the CrowdStrike Falcon platform, with alerts sent by CrowdStrike to Solar’s operations center in Sweden as well as its internal service desk.

The benefits Solar gained with its adoption of CrowdStrike extended across the organization, Christensen noted. The easily usable platform creates less work for the operations team, and end users now have more seamless daily workflows because they are not experiencing as many false positives as before.

Christensen added that they now have greater visibility into their systems, and integrations with other vendors have been simple and virtually “out-of-the-box.” Finally, Christensen pointed out that Solar’s National Institute of Standards and Technology (NIST) score improved immediately after switching to CrowdStrike due to the vulnerability management in the platform.

When asked what advice he can provide for other CISOs considering a move to another security vendor, Christensen said, “Don’t be scared of jumping out of the normal ways of working. A PoC can be run concurrently with your existing environment without infecting anything. Look at the broader picture instead of what’s native.”

<sup>1. This result is specific to Solar and may vary by customer.
2. These results are specific to Solar and may vary by customer.</sup>