DoD's $8.6M CrowdStrike contract for threat intelligence shows strong competition and fair pricing

Contract Overview

Contract Amount: $8,644,923 ($8.6M)

Contractor: Norseman Inc

Awarding Agency: Department of Defense

Start Date: 2022-01-28

End Date: 2027-01-27

Contract Duration: 1,825 days

Daily Burn Rate: $4.7K/day

Competition Type: FULL AND OPEN COMPETITION AFTER EXCLUSION OF SOURCES

Number of Offers Received: 3

Pricing Type: FIRM FIXED PRICE

Sector: IT

Official Description: DISA ID6 ANALYTICS CROWDSTRIKE THREAT FEED - CROWDSTRIKE FALCON X PREMIUM (CS.FXPPS.SOLN.T5)

Place of Performance

Location: ELKRIDGE, HOWARD County, MARYLAND, 21075

State: Maryland Government Spending

Plain-Language Summary

Department of Defense obligated $8.6 million to NORSEMAN INC for work described as: DISA ID6 ANALYTICS CROWDSTRIKE THREAT FEED - CROWDSTRIKE FALCON X PREMIUM (CS.FXPPS.SOLN.T5) Key points: 1. Value for money appears reasonable given the critical nature of cybersecurity threat intelligence. 2. The contract was competed fully and openly, suggesting competitive pricing. 3. Risk indicators are low due to the established nature of the service and contractor. 4. Performance context is within the standard for cybersecurity solutions. 5. Sector positioning is in a critical area of defense IT modernization. 6. The contract duration of five years allows for sustained cybersecurity support.

Value Assessment

Rating: good

The contract's total value of $8.6 million over five years, averaging approximately $1.72 million annually, is within a reasonable range for enterprise-level cybersecurity threat intelligence solutions. Benchmarking against similar contracts for advanced threat feeds from major providers suggests this pricing is competitive. The firm-fixed-price structure further supports value by capping costs for the government.

Cost Per Unit: N/A

Competition Analysis

Competition Level: full-and-open

This contract was awarded under full and open competition after exclusion of sources, indicating that multiple vendors were likely considered or participated in the bidding process. The presence of three bidders (no) suggests a healthy level of competition for this specialized cybersecurity service. This competitive environment generally leads to better price discovery and more favorable terms for the government.

Taxpayer Impact: The competitive award process ensures that taxpayer dollars are used efficiently by driving down costs and encouraging innovation among vendors vying for the contract.

Public Impact

The Department of Defense, specifically the Defense Information Systems Agency (DISA), benefits from enhanced cybersecurity capabilities. The service delivered is critical threat intelligence, helping to protect military networks and data from sophisticated cyber threats. The geographic impact is national, supporting the overall cybersecurity posture of the U.S. military. Workforce implications include enabling cybersecurity professionals within DISA to perform their duties more effectively with up-to-date threat data.

Waste & Efficiency Indicators

Waste Risk Score: 50 / 10

Warning Flags

Potential for vendor lock-in if CrowdStrike's ecosystem becomes deeply integrated.
Reliance on a single vendor for critical threat intelligence could pose a risk if service levels degrade.

Positive Signals

CrowdStrike is a recognized leader in endpoint security and threat intelligence.
The firm-fixed-price contract provides cost certainty for the government.
The five-year duration allows for stable and continuous support.
Full and open competition suggests a robust selection process.

Sector Analysis

This contract falls within the broader cybersecurity and IT services sector, a rapidly growing and critical area for government operations. The market for threat intelligence is highly competitive, with several established players offering advanced solutions. Spending in this sector is driven by the increasing sophistication of cyber threats and the need for robust defense mechanisms. Comparable spending benchmarks for similar enterprise-level threat intelligence platforms often range from several hundred thousand to millions of dollars annually, depending on the scope and features.

Small Business Impact

The contract was awarded to NORSEMAN INC and does not indicate any specific small business set-aside provisions (sb: false). While the primary awardee may not be a small business, the contract's value and nature do not preclude the possibility of subcontracting opportunities for small businesses within the cybersecurity ecosystem. Further analysis would be needed to determine if specific subcontracting goals were mandated.

Oversight & Accountability

Oversight for this contract would typically fall under the purview of the Defense Information Systems Agency (DISA) contracting and program management offices. Accountability measures are inherent in the firm-fixed-price contract, requiring NORSEMAN INC to deliver specified services. Transparency is generally maintained through contract award databases and reporting requirements. The Inspector General for the Department of Defense may conduct audits or investigations as deemed necessary.

Related Government Programs

Cybersecurity Services
Threat Intelligence Platforms
Endpoint Detection and Response (EDR)
Information Technology Support Services
Defense Information Systems Agency (DISA) Contracts

Risk Flags

Potential for vendor lock-in
Reliance on single-source intelligence provider

Frequently Asked Questions

What is this federal contract paying for?

Department of Defense awarded $8.6 million to NORSEMAN INC. DISA ID6 ANALYTICS CROWDSTRIKE THREAT FEED - CROWDSTRIKE FALCON X PREMIUM (CS.FXPPS.SOLN.T5)

Who is the contractor on this award?

The obligated recipient is NORSEMAN INC.

Which agency awarded this contract?

Awarding agency: Department of Defense (Defense Information Systems Agency).

What is the total obligated amount?

The obligated amount is $8.6 million.

What is the period of performance?

Start: 2022-01-28. End: 2027-01-27.

What is the track record of NORSEMAN INC in delivering cybersecurity solutions to the federal government?

NORSEMAN INC has a history of federal contracting, though specific details on their cybersecurity solution delivery for large-scale, enterprise-level threat intelligence like CrowdStrike's Falcon X Premium require deeper investigation. Their past performance on similar contracts, particularly those involving advanced security software or intelligence feeds, would be a key indicator of their capability. Reviewing federal procurement data and past performance evaluations would provide a clearer picture of their reliability and success in meeting government requirements. Without specific performance metrics from prior relevant contracts, assessing their track record for this particular service remains general.

How does the annual cost of this contract compare to similar threat intelligence solutions purchased by other federal agencies?

The annual cost of approximately $1.72 million for CrowdStrike Falcon X Premium is competitive within the enterprise threat intelligence market. Agencies like the FBI, DHS, or other branches of the DoD often procure similar advanced threat intelligence services. While exact figures vary based on specific features, user counts, and contract durations, this price point aligns with market rates for leading solutions. For instance, contracts for comparable services from other major cybersecurity vendors can range from $1 million to over $3 million annually for large federal deployments. The firm-fixed-price nature of this contract also provides cost predictability, which is a favorable aspect for value comparison.

What are the primary risks associated with relying on a single vendor for critical threat intelligence feeds?

Relying on a single vendor for critical threat intelligence feeds presents several risks. Firstly, there's the risk of vendor lock-in, where transitioning to another provider becomes technically complex and costly due to deep integration. Secondly, service degradation or discontinuation by the vendor could leave the agency vulnerable. Thirdly, the vendor's own security posture is a critical factor; a breach at the vendor could compromise the intelligence provided. Finally, a lack of competition can lead to price increases over time or reduced innovation if the vendor faces no market pressure. Mitigating these risks often involves strong contract management, clear performance metrics, and contingency planning for vendor transition.

How effective is CrowdStrike's Falcon X Premium in providing actionable threat intelligence for the DoD?

CrowdStrike's Falcon X Premium is generally regarded as a highly effective solution for providing actionable threat intelligence. It leverages a vast dataset, including endpoint telemetry, and advanced analytics to identify and track sophisticated threat actors, malware, and campaigns. For the DoD, this translates into timely alerts on emerging threats relevant to military networks and operations, enabling proactive defense measures. Its effectiveness is often measured by the speed of detection, the accuracy of threat attribution, and the clarity of the intelligence provided, which helps security teams prioritize responses and strengthen defenses against nation-state and advanced persistent threats.

What has been the historical spending trend for similar cybersecurity threat intelligence services within the DoD?

Historical spending trends within the DoD for cybersecurity threat intelligence services have shown a consistent upward trajectory over the past decade. This is driven by the escalating sophistication and frequency of cyberattacks targeting national security infrastructure. Agencies like DISA, NSA, and Cyber Command have increasingly invested in advanced solutions to counter threats from nation-state actors and cybercriminals. Spending has shifted from basic antivirus to more advanced capabilities like EDR, threat hunting platforms, and comprehensive intelligence feeds. The overall budget allocation for cybersecurity within the DoD has grown substantially, reflecting its critical importance.

What is the potential impact of this contract on the broader cybersecurity market, particularly concerning competition?

This contract, awarded through full and open competition, reinforces the market position of CrowdStrike and highlights the demand for advanced threat intelligence solutions within the federal government. The fact that NORSEMAN INC, as the awardee, secured this contract suggests they possess the capabilities to manage and deliver such a service effectively. While it doesn't necessarily stifle competition, it does mean that a significant portion of DoD's spending in this specific niche is directed towards one solution. The ongoing competition for similar contracts across the government ensures that other vendors continue to innovate and vie for market share, maintaining a dynamic cybersecurity landscape.

Industry Classification

NAICS: Professional, Scientific, and Technical Services › Computer Systems Design and Related Services › Other Computer Related Services

Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › IT AND TELECOM - SECURITY AND COMPLIANCE

Competition & Pricing

Extent Competed: FULL AND OPEN COMPETITION AFTER EXCLUSION OF SOURCES

Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY

Offers Received: 3

Pricing Type: FIRM FIXED PRICE (J)

Evaluated Preference: NONE

Contractor Details

Address: 8172 LARK BROWN RD STE 201, ELKRIDGE, MD, 21075

Business Categories: Category Business, Corporate Entity Not Tax Exempt, Small Business, Special Designations, U.S.-Owned Business

Financial Breakdown

Contract Ceiling: $8,644,923

Exercised Options: $8,644,923

Current Obligation: $8,644,923

Contract Characteristics

Commercial Item: COMMERCIAL PRODUCTS/SERVICES

Cost or Pricing Data: NO

Parent Contract

Parent Award PIID: NNG15SC83B

IDV Type: GWAC

Timeline