CrowdStrike lined up a powerhouse set of announcements at its annual Fal.Con user conference last week, but most exciting for me was the emphasis on expanding Falcon into a more comprehensive security platform.
Moving to a platform approach
While the acquisition of Bionic will strengthen CrowdStrike's cloud security offering, the more subtle -- but in my mind, more significant -- move is to open up CrowdStrike's Falcon architecture to become a security platform, supporting both security and now IT use cases.
Underlying the move to a platform approach is the ability to openly ingest and analyze other third-party signals and data.
"Now we can take third-party data and ingest it natively," CrowdStrike CEO George Kurtz said at the event.
While I'm excited to see CrowdStrike move in this direction, I worry that this mention of natively is more about who owns the coveted analytics engine function, and less about the additional value or outcomes that are possible when the data is natively stored within CrowdStrike. I've always felt that the ultimate battleground for the security platform play is who owns and controls the data analytics engine. Does this mean all other security tools become subservient to CrowdStrike? I'll be watching this closely as the Falcon platform evolves and matures.
Equally significant in the move to a platform approach is the announcement of Falcon Foundry. This new capability allows Falcon users to build and customize their own workflows, define data structures, perform custom data analytics and create custom user interfaces. This extensibility model is a great first step in unlocking the platform for CrowdStrike customers, but I want more. Most successful platforms go further by enabling other commercial vendors to build and sell extensions and add-ons to the platform, resulting in the growth of a profitable ecosystem. In my mind, this step is the real measure of a true platform, so I'll be encouraging the CrowdStrike team to make this move as quickly as possible.
Adding to the platform story is the previously announced Falcon Fusion, delivering automated SOAR capabilities for Falcon technologies, driving automation across the platform.
Kurtz summarizes all this as "moving from a module company to a platform company." He further recapped his vision, saying, "In 2011, there was no platform for security, so I wanted to create one that was focused on the right outcomes: stopping breaches."
Cloud security updates
The acquisition of Bionic expands CrowdStrike's cloud security offering and adds the ability to create a cloud asset map providing full application and dependency mapping, including risk profiles associated with everything running in cloud, applications and microservices. Any exposed APIs or vulnerable attack paths are flagged in the process, informing mitigation actions aimed at closing identified risks. This new addition provides key risk intelligence that will feed existing cloud workload protection, cloud security posture management and cloud infrastructure entitlement management capabilities. This enables a risk-based approach as opposed to a vulnerability-based approach, which should prove to be a more effective approach to cloud security.
The convergence of IT and security
Further supporting this move was the announcement of CrowdStrike Falcon for IT providing IT admins the ability to create an asset inventory, including compliance monitoring that can identify misconfigured or missing software (including the Falcon agent), and software license inventories.
Falcon Exposure Management adds the ability to analyze and track vulnerability risk, factoring this important data into risk analysis and prioritization for what to fix first. Together, these capabilities create a significant expansion opportunity for CrowdStrike, as organizations look to converge more IT and security data and workflows. This is a broader industry trend, supporting both convergence objectives and improved workflow objectives, so I'm happy to see CrowdStrike focus here.
Less exciting news for me was a small focus on data loss prevention, adding the ability to monitor and stop employees from emailing data to personal email accounts or copying to USB devices. This feels more like repackaging capabilities that have already been part of Falcon for some time now, but it does support the bigger IT and security convergence story.
Gen AI updates
The company also emphasized how Charlotte AI, the previously announced Falcon AI assistant, will help security analysts work faster, stay secure and stop breaches. Charlotte AI promises to enable tier-1 SOC analysts to perform tier-2 analyst work, dramatically reducing the amount of time and effort required to perform typical security operations functions. CrowdStrike is paying attention and investing in generative AI aggressively and demonstrated its potential value. Threat intelligence and customized threat insights feel like a place where CrowdStrike can differentiate here, but we'll need to wait and see.
Charlotte AI will be licensed in a per-user pricing model, which, in my opinion, may cause organizations to scrutinize the purchase decision. I don't love this model, given the importance and overall value of the solution. Personally, I'd prefer to see Charlotte AI simply become an embedded, horizontal feature across the entire platform, with no add-on pricing required. I think this would serve both customers and CrowdStrike better.
New, flexible licensing model
CrowdStrike also announced FalconFlex, a new licensing model for Falcon modules. This more flexible model will allow customers to repurpose purchased licenses in other modules. This pay-for-what-you-use model should reduce friction in the acquisition and management of new or different capabilities. This is a great move that will help customers and likely lead to more use of additional Falcon modules.
What's in store for the future?
CloudStrike's Kurtz wrapped up with a vision for the future, describing where CrowdStrike will focus, which included the following steps:
- continue to stop breaches;
- build more AI and automation;
- focus on making things faster and more secure;
- continue to grow the ecosystem; and
- build a platform that grows with the customer.
This year's conference brought another impressive set of announcements further positioning CrowdStrike to continue its role as a powerhouse security company. The company continues to rapidly innovate and grow its footprint in the security landscape, while expanding into new markets with the move into IT. I'll be monitoring CrowdStrike closely to understand how much of this vision and promise comes to fruition, while sharing my perspective on how companies of all sizes can get the most out of their CrowdStrike investments, and how to weave them into the rest of the security stack.
While I'm a believer in the need for more integrated, collaborative security platforms, ultimately I see convergence in the security stack leading to a smaller number of mini platforms. This leaves room for multiple platform vendors to deliver higher-value solutions, embracing the need to work together openly with other security platforms while leaving room for the use of emerging security solutions that can solve new problems.