CrowdStrike CEO George Kurtz On ‘Incredible’ SIEM Advantage Vs. Network-Focused Vendors

Speaking with media at Fal.Con 2025, Kurtz and CrowdStrike President Mike Sentonas also discussed the surging growth of the Falcon Flex subscription model and the vision for an ‘agentic SOC.’

CrowdStrike’s surging momentum in areas such as Next-Gen SIEM and massive traction on platform consolidation show that the vendor’s “pace of innovation” is stronger than ever, CrowdStrike co-founder and CEO George Kurtz said Wednesday.

Kurtz and CrowdStrike President Mike Sentonas spoke with media outlets including CRN during the company’s Fal.Con 2025 conference in Las Vegas, as the vendor wrapped up a week of keynotes and announcements including a major expansion of the company’s AI-related security offerings.

“We're back to cranking out what we want to crank out, and it feels really good,” Kurtz said in response to a question from CRN. “So overall, that’s my takeaway — [we are] back to business.”

A key focal point for CrowdStrike over the past year on the product side has been its Falcon Next-Gen SIEM offering, which aims to provide an AI-powered upgrade from traditional SIEM (security information and event management) tools.

In response to a CRN question, Kurtz said there’s no question that CrowdStrike has a number of advantages in the highly competitive SIEM market, starting with the fact that the company is among the largest EDR (endpoint detection and response) vendors. This is a major plus compared with network-focused security vendors that offer SIEM but do not have a widely used EDR product, he said.

“If you look at the fidelity of the data that we get out of our sensor, it’s incredible. That is much different than a network provider trying to take data [into a SIEM],” Kurtz said. “We can tell you the user, the identity, the data, the network connection. We have all this. If you’re looking at it from a network perspective, you get just a cursory view of what’s happening. So that’s why it’s so difficult.”

In addition to the benefits for security outcomes, CrowdStrike’s position in the SIEM market is bolstered by not needing to move or store endpoint data—which constitutes a sizable portion of the data utilized by a SIEM system—across separate data lakes.

Previously, to work with a SIEM vendor, CrowdStrike customers would need to move a majority of the data that went into a SIEM from out of the Falcon platform—leading to significant added costs, Kurtz said.

“They were taking it out of CrowdStrike, they were paying the tax, and they were putting it into a different SIEM,” he said. “Why push all of it out?”

Notably, CrowdStrike’s latest quarter ended July 31 included “stellar” growth for its Next-Gen SIEM platform of 95 percent from the same period a year earlier, Kurtz said during the vendor’s quarterly call with analysts in August, as annual recurring revenue (ARR) surpassed $430 million for the offering.

Executives at top solution provider partners of CrowdStrike told CRN this week that Next-Gen SIEM is quickly becoming a major source of growth, helping to enable the Security Operations Center (SOC) transformation that many customers are seeking.

And without a doubt, when you look at the volume of security-relevant data that derives from the endpoint, “having SIEM vendors own the endpoint is so important,” said Chris Ebley, CTO at Blackwood, No. 93 on CRN’s Solution Provider 500 for 2025.

“As an independent third-party [SIEM vendor], trying to solve for all the different telemetry flows that can come off the endpoint” is highly challenging, Ebley said. “If you go into an organization and try to provide the same results for someone that’s using [a third-party EDR], you can’t actually make that promise. There will be a delta. There will be a reduction in outcome.”

Agentic SOC Vision

During Fal.Con 2025 this week, CrowdStrike executives laid out a vision for the SOC of the future that includes both Next-GEN SIEM as well as the use of agentic technologies across the Falcon platform.

This “agentic SOC” vision aims to transform the role of security analysts by turning them into orchestrators of teams of agents that can handle many routine security tasks automatically, executives said.

Core to the vision is CrowdStrike’s newly announced Falcon Agentic Security Platform, which offers an “AI-ready” data layer that enables the expansion of agentic functionality across its broad security platform, the company said. That ultimately provides faster and more effective responses to threats, according to CrowdStrike.

The cybersecurity giant also debuted seven new agents for SOC analysts as well as a no-code platform for creating custom agentic tools, Charlotte AI AgentWorks. And to bolster protection for AI technology itself, CrowdStrike unveiled a deal to acquire GenAI guardrails startup Pangea.

Speaking with media Wednesday, Sentonas said he heard from numerous customers and partners this week that are now “talking about how we have to rebuild our SOC and retool our SOC” in part thanks to new agent-powered offerings.

“Everyone knows it’s a big goal, and it’ll take time to get there. [But] everyone’s pumped,” he said.

Solution provider partners applauded the moves by CrowdStrike around expanding agentic capabilities for the SOC, telling CRN that both the vision and the specific offerings unveiled by CrowdStrike so far are highly compelling.

For instance, at solution and service provider powerhouse Wipro, CrowdStrike capabilities around automating the triage of security alerts and performing threat hunting using agents could provide a huge leg up, according to Tony Buffomante, senior vice president and global head of cybersecurity and risk services at Wipro, No. 17 on CRN’s Solution Provider 500.

“I think the agentic piece for Next-Gen SIEM, for the triage activities, is exciting for us,” Buffomante said. “The triage piece, the threat hunting piece, as well as ultimately how that’s going to automatically create new playbooks—that’s exciting for us for the next phase of this journey.”

The CrowdStrike expansion is also poised to complement ongoing agentic efforts at systems integrator giant Accenture in meaningful ways, such as through the Charlotte AI AgentWorks platform, said Rex Thexton, senior managing director and security chief transformation officer at Accenture, No. 1 on CRN’s Solution Provider 500.

“What was super exciting to me, as an SI, is building your own agent,” Thexton said. “With the framework that they have, I think that’s going to be super useful for SIs and clients.”

Falcon Flex Takes Off

Helping to drive growth across the Falcon platform, meanwhile, is CrowdStrike’s Falcon Flex subscription model and the way it enables customers to more easily go “all in” on CrowdStrike, Kurtz said.

Falcon Flex makes it possible for customers to decide over time which technologies to deploy on the Falcon platform after committing to a contract, rather than having to decide up front or go through multiple procurement processes, according to the company. That provides a strong incentive to customers to deploy more of the 30 modules on CrowdStrike’s Falcon platform, the company has said.

While some competitors have begun offering procurement models that are similar—in some cases even branded as “Flex”—CrowdStrike’s wide array of security tools and potential for enabling consolidation is a key part of what makes Falcon Flex so attractive to partners and customers, Kurtz said.

“It’s the power of the platform,” he said. And in terms of competing approaches, “some of them don’t even have the key elements that we have,” Kurtz said.

Solution provider partners that have already seen massive traction with Falcon Flex include GuidePoint Security, which has even had some customers go through multiple Flex cycles, according to GuidePoint’s Mark Thornberry.

When it comes to Falcon Flex, “it’s just another example of [CrowdStrike] being forward-thinking” around enabling adoption and operationalization of its platform, said Thornberry, senior vice president for partnerships at GuidePoint, No. 37 on CRN’s Solution Provider 500.

Crucially, a model like Flex “only works” if a vendor has numerous products and is “truly platform-centric,” Thornberry said. And there’s no question at this point that when it comes to CrowdStrike, “they just have so many different things that the customers want.”