How CrowdStrike consolidates tech stacks as a growth strategy

Driving tech stack consolidation by broadening the CrowdStrike Falcon platform is a confirmed technique for driving development, with Fal.con 2022 proving to be an inflection level. 4 new product bulletins stand out as core to CrowdStrike’s technique. They embrace increasing cloud-native utility safety platform (CNAPP) capabilities for CrowdStrike Cloud Safety, together with cloud infrastructure entitlement administration (CIEM) and integration of the CrowdStrike Asset Graph; Falcon Perception XDR; Falcon Full LogScale; and Falcon Uncover for IoT.  

96% of CISOs plan to consolidate their safety platforms, with 63% saying prolonged detection and response (XDR) is their prime resolution selection. Cynet’s 2022 survey of CISOs discovered that almost all CISOs have consolidation on their roadmaps, up from 61% in 2021. CISOs consider consolidating their tech stacks will assist them keep away from lacking threats (57%) and scale back the necessity to discover certified safety specialists (56%), whereas streamlining the method of correlating and visualizing findings throughout their menace panorama (46%).

Gartner predicts that by 2025 [subscription required], 50% of midmarket safety consumers will depend on XDR to speed up the consolidation of workspace safety applied sciences, together with endpoint, cloud utility and identification safety.

XDR is a consolidation engine 

Throughout his keynote, George Kurtz, CrowdStrike’s cofounder and CEO, offered insights into why XDR is such a excessive precedence for its platform. He mentioned, “80% of the safety knowledge you get probably the most worth from [are] the endpoints and the workloads. That’s actually the place the assaults are. Sure, they occur throughout the community and different infrastructure. However the actuality is [that] individuals are exploiting endpoints and workload.” 

Ingesting and managing safety knowledge wants to start out with a centered, intentional goal, a degree Kurtz made a number of occasions throughout his keynote. XDR’s core worth is offering an built-in platform of menace detection, incident response and remediation with real-time monitoring and visibility of cloud platforms, apps, endpoints and networks, together with distant sensors. 

Throughout his keynote, Kurtz outlined XDR as being “constructed on the inspiration of endpoint detection and response (EDR). XDR extends enterprise-wide visibility throughout all key safety domains (native and third-party) to hurry and simplify real-time detection, investigation and response for probably the most refined assaults.” XDR is so core to the way forward for CrowdStrike that each keynote offered a glimpse of how and the place it is going to be designed to ship worth. “We’re excited that we will democratize XDR for all of our clients,” Kurtz mentioned throughout his keynote.

Buying Reposify accelerates consolidation 

Defending inner assault surfaces is a problem that even probably the most superior ITops and secops groups continuously take care of. It’s as a result of inner threats can strike on the coronary heart of an identification entry administration (IAM) or privileged entry administration (PAM) system utilizing stolen credentials and take management of servers in as little as an hour and 24 minutes, in line with CrowdStrike’s 2022 World Risk Report. Inside assaults are among the many most troublesome to determine and cease.   

CrowdStrike’s acquisition of Reposify brings an built-in exterior assault floor administration platform onto Falcon. Reposify scans the online every day for uncovered property, giving enterprises visibility over their uncovered property and defining which actions they should take to remediate them. Moreover, CrowdStrike introduced plans to make use of Reposify’s know-how to assist its clients cease inner assaults as nicely.

“Reposify is a robust exterior assault floor administration platform. It scans the web for vulnerabilities and exposes property to determine and remove danger throughout your group,” Kurtz mentioned throughout his keynote. However, he added, “there’s no cause we will’t use it internally to proceed that can assist you perceive your dangers inside, to proceed that can assist you discover these uncovered property.” 

Reposify’s platform has confirmed profitable in serving to secops and ITops groups discover unknown uncovered property, figuring out shadow IT and inner menace dangers in actual time earlier than attackers breach infrastructure. It solves a difficulty many CISOs are dealing with at the moment: getting extra answerable for exterior threats whereas strengthening the argument for consolidating on a single platform.

Why the CrowdStrike consolidation technique works

The continuing scarcity of safety engineers mixed with tighter IT and safety budgets make deciding on best-of-breed safety apps a troublesome promote for a lot of CISOs. In the meantime, cyberattackers are out-automating many organizations, devising malware-free strategies to keep away from detection. Gartner [subscription required] discovered that 85% of organizations presently pursuing a vendor consolidation technique present a flat or elevated variety of distributors previously yr.

Cybersecurity platforms present economies of scale, drive a robust community impact throughout any firm’s ecosystem, and power safety suppliers to make buyer success a core power. Getting buyer success proper mixed with the labor scarcity and skyrocketing inflationary costs of operating a enterprise all work in CrowdStrike’s favor from a consolidation-strategy standpoint. It’s frequent information that even when a best-of-breed vendor is built-in right into a tech stack, CISOs are adamant that the contract is only for one yr in case the system doesn’t ship the anticipated worth.     

No CISO needs to listen to that they’ve to rent a brand new engineer only for a brand new app. Secops groups are short-staffed already, with crew members usually having a number of assignments. Having one individual personal a brand new best-of-breed app means they must spend time studying it whereas doing their present job. 

Conversely, most secops groups have devoted platform engineers who specialise in core platforms and infrastructure their group must function. CrowdStrike’s method to creating every of its 22 modules adhere to UX and workflow requirements is similar to Salesforce’s method of defining a typical person expertise and having all companions and inner devops groups construct to it. 

Kurtz talked about throughout his keynote that he usually hears the corporate is named the Salesforce of safety on account of its reliance on cloud structure. Cloud architectures deliver higher UX and UI flexibility, making API integration potential with legacy on-premises programs.

Moreover, CrowdStrike’s devops self-discipline is obvious from the bulletins at Fal.con 2022, and the corporate’s product leaders take delight in how briskly they will iterate on the platform. CrowdStrike’s reliance on the cloud helps velocity up land-and-expand promoting methods in enterprises. Promoting decrease complete price of possession and offering bundling choices and pricing is how CrowdStrike turns consolidation into recurring income development. 

IAM and PAM are due for consolidation 

With secops groups overwhelmed and cyberattackers trying to breach IAM and PAM programs to take management of servers filled with identities and privileged entry credentials, there’s room for consolidation on this market. Added to the urgency is how briskly machine identities are rising, together with the necessity to safe ephemeral containers.  

Organizations whose PAM and IAM programs are siloed at the moment danger experiencing a breach and never understanding it. Many should enhance their IAM infrastructure, updating programs to present requirements whereas bettering safety finest practices, together with credential administration and hardening safety for Lively Listing (AD).

Most significantly, consolidation of this market space would enhance real-time monitoring of identification assault strategies whereas bettering safety entry controls. In brief, IAM and PAM would obtain the real-time visibility these programs want to remain safe whereas capitalizing on menace intelligence enterprise-wide, delivering a considerable profit of selecting to consolidate on a single platform.