Analysis: CrowdStrike’s Next Big Opportunity Is More About IT Than Security

With Falcon for IT, the cybersecurity giant is making its most ambitious move yet to become a larger player in the broader IT space. But the early interest appears even stronger than CrowdStrike execs had expected.

Amid announcements in generative AI and cloud security last week, CrowdStrike turned a surprising number of heads by revealing a product in a decidedly less-buzzy area.

Oh, and also: The new tool is not even for cybersecurity teams.

During Fal.Con 2023 in Las Vegas, the company unveiled Falcon for IT — which taps into the same CrowdStrike technologies that’ve made such a mark in cybersecurity, but uses them to improve routine-but-critical IT tasks such as asset inventory and CPU utilization.

[Related: CrowdStrike’s 8 Biggest Announcements At Fal.Con 2023]

CrowdStrike has been working up to the announcement — its biggest foray yet into becoming a player in the broader IT space — for some time now. Still, executives including CEO George Kurtz actually sounded a bit surprised at just how strong and immediate the reaction was to the idea. Within just a few hours of Falcon for IT’s reveal, Kurtz said he’d already received “a lot of feedback” about the offering.

“That one,” Kurtz told a handful of reporters at Fal.Con, “got people really excited.”

CrowdStrike President Michael Sentonas had a similar experience, it seems. “I got pummeled with emails from a lot of people in this room yesterday, saying, ‘We want to try it out. We want to deploy it,’” Sentonas said of Falcon for IT, a day after the announcement of the offering.

CrowdStrike partners such as Jordan Hildebrand of World Wide Technology were no less enthusiastic.

“With something like Falcon for IT, you’re knocking down that wall between the security team and IT — which I think is going to be an incredible story,” Hildebrand, practice director for detection and response at St. Louis-based WWT, told me last week.

‘Tanium On Steroids’

The opportunity for CrowdStrike to expand into the wider IT space intuitively makes a lot of sense.

The company already has its Falcon software agent on a massive number of endpoint devices at its 23,000 customers (a figure that is almost certain to swell as it reaches into the SMB market with the help of an army of MSPs).

Among other things, what that means is that CrowdStrike is doing the sorts of data collection that could be relevant to the IT side of the house, anyway, executives said during Fal.Con 2023.

“If IT already has a security agent, why not allow that architecture — that single-agent architecture, the ability to collect data at scale, the ability to take action — why not make that power available to the IT group?” Kurtz said during his keynote session.

“So the goal here is, IT can manage policy, deploy software and make real-time orchestrated changes across their fleet of systems,” he said. “So if you want to put this in perspective, think Tanium on steroids. That’s what we’re delivering in a single agent — not only security prevention, but the ability for IT groups to ask and answer questions across their fleet.”

The question-and-answer functionality will be enabled through CrowdStrike’s generative AI-powered assistant, Charlotte AI, as Kurtz demo’ed during his keynote.

After seeing some of the expected uses for the new Falcon for IT offering, it’s not hard to see that CrowdStrike could be on to something here.

At the top of the list is asset inventory — an area where an array of other vendors, including the aforementioned Tanium, already offer products. However, at present, “no one’s doing it great in the market,” said Larry Pfiefer, founder of Consortium Networks, a Medford, N.J.-based CrowdStrike partner.

Other needs that Falcon for IT can help with include determining CPU utilization on devices, which can impact performance, and assessing software utilization. Along with meeting basic-but-critical IT needs, those capabilities can help organizations with cost reduction.

This may turn out to just be a sampling of the potential Falcon for IT use cases.

Broad Uses In IT

CrowdStrike’s Falcon technology is primed for an array of possible IT uses, thanks to its “lightweight agent that runs on pretty much anything that computes — [with] the ability to bring high-fidelity data back to a central location,” said Curt Aubley, cyber and strategic risk groups managing director at Deloitte.

“Once you can do that, it opens up so many different options,” he told me. Falcon for IT, Aubley said, “has a lot of great potential.”

Over time, CrowdStrike has built capabilities that are highly applicable to IT, said Raj Rajamani, chief product officer for data, identity, cloud and endpoint at CrowdStrike. Those include real-time response (RTR), which enables scripts to be run in parallel on hundreds or thousands of systems, he said.

Meanwhile, CrowdStrike gained log management capabilities through its 2021 acquisition of Humio, now known as Falcon LogScale. “When we started giving customers the ability to take the output of RTR and plug it into LogScale, the lightbulb went off,” Rajamani said.

The combination enables monitoring and analysis of devices in a range of ways that’s useful to IT teams, he said. Some customers figured this out, in fact, and “we started seeing customers organically starting to build Falcon for IT,” Rajamani said.

“That led us to wonder, ‘What might it take for us to actually provide an out-of-the box experience for customers, without them having to build it?’” he said.

Other Falcon for IT uses that are within reach include application performance monitoring, Rajamani said. CrowdStrike’s planned acquisition of Bionic also gives the company additional application-level visibility that could augment Falcon for IT’s ability to identify IT bottlenecks, he said.

Displacing RMM?

For yet another example, remote monitoring and management (RMM) tools could also potentially be displaceable with the Falcon for IT technology.

“That was the first place that my mind went — this could be used as a displacement of all the RMM tools that are out there,” said Nick Heddy, chief commerce officer at cloud-focused distributor Pax8, in an interview. “And that’s not exactly what it was built for. But that is a massive, massive TAM [total addressable market].”

Indeed, RMM makes a lot of sense as an eventual Falcon for IT use case, CrowdStrike Chief Business Officer Daniel Bernard told me.

It’s also one more indicator of just how disruptive CrowdStrike’s IT push could be. “You know you have a platform when people think of new use cases for your technology, that you didn’t even think of,” Bernard said.

In our recent interview, Kurtz told me that CrowdStrike already is going after a more than $100 billion TAM just for cybersecurity. “If you add IT as a new pool of dollars,” he said, the total addressable market becomes even more “massive.”

“We think the ability to leverage this agent is really valuable beachfront that we have. Customers want to do more with less. They want less agents,” Kurtz said. “We’ve got the most-efficient and capable agent out there—it just happens to be that we deliver security through it. But it doesn’t mean that we can’t deliver other IT outcomes using our technology.”

Bridging The Divide

Not that CrowdStrike is taking its eye off the ball on its “we stop breaches” mission. Along with the acquisition deal for Bionic to augment CrowdStrike’s cloud security capabilities, the slew of Fal.Con product announcements included the launch of an exposure management offering and a significant new release of its Falcon platform.

With the forthcoming Falcon release — referred to as “Raptor” to signify that it’s a major update to the platform — CrowdStrike has brought in numerous new capabilities, including the ability to natively ingest data from third-party tools. That allows Falcon to treat CrowdStrike data and third-party data exactly the same, leading to better visibility and correlation of threats across tools using CrowdStrike’s XDR (extended detection and response) technology, executives said.

Increasingly though, you can expect to see CrowdStrike working to enable not just the cybersecurity pros out there, but also to bridge the long-running divide with the IT side.

With Falcon for IT — expected to be generally available in early 2024 — Kurtz ultimately believes CrowdStrike has a unique approach that “can help both teams get along.”

Buzzworthy or not, that’s the sort of innovation the industry could use a whole lot more of right now.