voices

CrowdStrike Customer Case Study

National U.S. Retailer, Tuesday INDUSTRY

Morning, Set to Save $750,000 in Retail

LOCATION/HQ
Four Years with CrowdStrike Falcon Dallas, Texas

CHALLENGES

How to improve security without
While onstage presenting to the entire Tuesday Morning Corporation IT team, from administrative restricting business operations
staff to the CIO, Tom Sipes, director of IT security and compliance, glanced at an adjacent screen 
Broad attack surface with point-
and watched in awe as CrowdStrike Falcon® spotted and stopped a security attack in real time. It of-sale (PoS) devices in 490 retail
was the first such detection since the retail giant had deployed the Falcon platform and typified how stores across the U.S.

Old and inefficient legacy security
the solution has transformed the way the business manages and mitigates the risk of cyberattack.
infrastructure

Poor and slow response from an
About Tuesday Morning external service provider

Tuesday Morning is a national retail chain established in 1974 that specializes in selling high- SOLUTION
quality and designer-brand closeouts at discounts between 20% and 60%. There are 490 Tuesday Morning, a leading U.S.
stores across the U.S. selling a range of luxury home textiles, home furnishings, housewares and retailer, uses CrowdStrike to transform
seasonal décor. Five thousand employees staff Tuesday Morning’s stores, while 350 work at the security management while reducing
head office and distribution centers. costs, improving productivity and
ensuring business continuity so that
Like many businesses, Tuesday Morning is subjected to frequent threats such as ransomware, there is no impediment to “getting the
dollar into the register.”
phishing and malicious attacks. With thousands of people visiting stores every day and thousands
of endpoints, the company’s threat surface is particularly broad. However, Sipes’ main focus is on
business continuity. “In retail, the mantra we live by is, ‘make sure the dollar goes into the register,’
otherwise we are not making money,” he explained. “Sometimes, security is seen as a detractor to
that aim. It is not that I am trying to shut the door, rather I am opening the window so the business
can function without letting the bad guys in.” “CrowdStrike is an
outstanding security platform
Response Slowed by “Cobbled-together” Legacy Security Tools
that has raised our security
Sipes inherited a legacy security platform at Tuesday Morning. “Our security posture was not posture. While I work for
bad, it was just that a lot of stuff was cobbled together because of spending limitations and
challenges like the pandemic,” he said.
Tuesday Morning, I am also
a customer. When I walk into
The retailer’s existing managed detection and response provider was slow and often left Sipes
a store and hand over my
and his team on their own to chase relevant information. Sometimes it could take 72 hours to get a
reply. “Even 24 hours in the life of an incident is forever,” Sipes said. credit card, I know it is safe.”
With Sipes and several new senior IT executives in place, things began to change. The company’s Tom Sipes
new CIO stood up in front of 125 senior staff to emphasize the importance of security and launch Director IT Security and Compliance
Tuesday Morning Corporation
 voices
CrowdStrike Customer Case Study

an initiative to find a new solution. They looked at several competitive products as well as the RESULTS
incumbent solution.

For Sipes, one of the main reasons for choosing CrowdStrike was to ease the burden of handling Saves $250,000
security manually. “Our security team is small, just two others and me,” he said. “The solution USD in the
we needed had to be manageable, functionable and something that I could leave to operate first year and
automatically and still have the confidence that everything would be protected. That is what $500,000 USD
over the next three
CrowdStrike promised and has certainly delivered.”

CrowdStrike Deployed to 2,800 Endpoints Across 490 Stores — in a Month

Resolves
Tuesday Morning decided to become a CrowdStrike customer in late September 2021, and by
incidents in as fast
mid-October, the solution was fully deployed across the business. Tuesday Morning has an on- as eight minutes
premises IT environment running Microsoft systems from two data centers. The company has
2,800 endpoints — comprising desktops, laptops and servers at the head office and point-of-sale
registers in stores — that are now protected by CrowdStrike Falcon. Even the control systems
and switches for the in-store card readers are protected by Falcon.
Protects
thousands of
CrowdStrike was deployed to corporate users in just three days, while the store rollout was PoS terminals
done in stages to minimize any effect on sales. After a few stores were completed with no issues in hundreds of
reported, full deployment was quickly accomplished. Now when a new endpoint is set up, like a stores
register in a new store, CrowdStrike recognizes the device and deploys the Falcon agent within
20 minutes.

Tuesday Morning uses a wide range of CrowdStrike products and solutions, including the Falcon
ENDPOINTS
OverWatch™ threat hunting service. The company was one of the first organizations to deploy
Falcon FileVantage™ — CrowdStrike’s file integrity monitoring module that provides real-time,
comprehensive visibility for the creation, deletion and modification of all critical assets, and which
Tuesday Morning used to resolve a SOC remediation issue in eight hours with minimal cost or
2,800
interruption to operations.

One of the standout features of CrowdStrike is using an industry-wide approach to detection

and remediation.

CROWDSTRIKE PRODUCTS
“Before, we were relying on legacy heuristic scanning tools that usually

Falcon Complete™ managed
catch things after the fact,” Sipes said. “Now I am getting machine detection and response (MDR)
learning that is not just reliant on something unique to my environment. Falcon Discover™ IT hygiene

Rather, it is pulling in experience from the entire CrowdStrike ecosystem 

Falcon FileVantage™ file integrity
monitoring (FIM)
to deliver far more robust protection.” 
Falcon Firewall Management™

Falcon Insight™ endpoint detection
CrowdStrike Transformed Security Management and response

Falcon OverWatch™ managed threat
For Tuesday Morning, this approach and the comprehensive CrowdStrike Falcon platform hunting
transformed its approach to security. “In security, we're always reacting to an event,” Sipes 
Falcon Prevent™ next-generation
explained. “What CrowdStrike does is what I call ‘proactive reactive.’ We can now get very close to antivirus
the time of the attack so that we are almost executing the kill chain as soon as the event happens.” 
Falcon Spotlight™ vulnerability
management
CrowdStrike has transformed the way Tuesday Morning manages security, from reducing costs 
Falcon X™ automated threat
and workload to increasing visibility, streamlining operations and improving protection. intelligence

Humio log aggregation, storage and
analysis
Falcon Identity Protection
 voices
CrowdStrike Customer Case Study

Tuesday Morning did a cost/benefit analysis on CrowdStrike, and with no staff changes, the
company forecasts that CrowdStrike willsave the business $250,000 in the first year and
$500,000 over the next three years based on efficiencies.

Alongside cost savings, CrowdStrike is delivering significant security and operational

improvements. Sipes cited one example where CrowdStrike Falcon detected an incident and
eliminated it in eight minutes. An engineer was upgrading some software and inadvertently
downloaded information that contained malicious code. Within two seconds, Falcon detected the
code, and within eight minutes it had stopped the incident. “The only thing the developer knew was
the installation stopped for about 10 seconds while the malicious code was removed,” Sipes said.

Critically, neither Sipes nor his security staff needed to intervene. “I was sitting at home in the
morning drinking a coffee and noticed an email alert,” Sipes said. “I pulled up the dashboard and
watched the entire kill chain as CrowdStrike dealt with the incident automatically.”

This example highlights how CrowdStrike has taken over the burden of mundane security. “I
have been in the cybersecurity business for a long time and seen all sorts of breaches, but with
CrowdStrike we do not see many indicators of compromise,” Sipes said. “I see potential attacks,
but CrowdStrike stops them. Whether it is the OverWatch team or an identity alert — having used
Falcon Identity Protection to extend our existing multifactor authentication (MFA) to legacy on-
premises apps to help stop lateral movements — attacks are being contained and I do not need to
take action.”

Falcon Identity Protection not only integrated seamlessly with Tuesday Morning’s existing MFA
solution, but also extended this MFA to protect legacy on-premises applications that were
developed internally. This was achievable without requiring any additional configurations or
customizations to these existing legacy applications — enabling protection with risk-based MFA
tied to the appropriate security policy.

Users across the business also are seeing minimal disruption.

“The biggest comfort that CrowdStrike delivers is to give my users the

ability to do their job safely, with virtually no impact at all.”
ABOUT CROWDSTRIKE
With a small team, Sipes oversees the cybersecurity of 5,000 staff, and with CrowdStrike Falcon, CrowdStrike Holdings, Inc. (Nasdaq: CRWD),
is now able to do a lot more. “One of the biggest benefits of CrowdStrike is taking away the need a global cybersecurity leader, has redefined
to look at consoles, search for malicious code or analyze incidents,” he said. “Instead, modern security with the world’s most advanced
CrowdStrike enables us to focus on more important work and taking the business to the next cloud-native platform for protecting critical
level. CrowdStrike gives us a great work/life balance and, in terms of improved productivity and areas of enterprise risk – endpoints and cloud
workloads, identity and data. Powered by
adding value to the business, the difference is night and day.”
the CrowdStrike Security Cloud and world-
class AI, the CrowdStrike Falcon® platform
“CrowdStrike is an outstanding security platform that has raised our security posture,” Sipes said.
leverages real-time indicators of attack, threat
“While I work for Tuesday Morning, I am also a customer. When I walk into a store and hand over intelligence, evolving adversary tradecraft and
my credit card, I know it is safe.” enriched telemetry from across the enterprise
to deliver hyper-accurate detections, automated
protection and remediation, elite threat hunting
and prioritized observability of vulnerabilities.

CrowdStrike: We stop breaches.

© 2022 CrowdStrike, Inc. All rights reserved.