CrowdStrike CBO Daniel Bernard On Surging AWS Marketplace Growth With Partners

The cybersecurity giant, which has become the first cybersecurity ISV for the cloud to generate $1 billion in AWS Marketplace sales, is finding growing interest from channel partners in closing deals through the cloud marketplace, Bernard tells CRN.


With CrowdStrike surpassing $1 billion in AWS Marketplace sales, the cybersecurity giant is seeing a fast-growing opportunity for channel partners around participating in the deals, according to CrowdStrike Chief Business Officer Daniel Bernard.

CRN spoke with Bernard about how “friction” for resellers has been removed and why the AWS Marketplace offers a number of benefits to solution and service providers. Now, “our resellers are bringing AWS Marketplace into the equation because it opens more doors for them,” he said. “It makes it easier for them to sell more products and it makes the deals bigger, and [close] faster.”

[Related: 5 Big Takeaways From CrowdStrike’s 2023 Partner Summit]

Sponsored post

CrowdStrike announced this week that it has become the first cybersecurity ISV for the cloud to reach $1 billion in software sales via the AWS Marketplace. The company’s Falcon cybersecurity platform has been available in the AWS Marketplace since November 2017.

Bernard also discussed CrowdStrike’s push into the SIEM (security information and event management) market and how that business could accelerate even further as Cisco prepares to acquire major SIEM provider Splunk.

What follows is an edited and condensed portion of CRN’s interview with Bernard.

How do partners benefit from customers going through the AWS Marketplace? Is there no longer a risk that partners will get cut out of deals?

For a long time, the marketplace created some friction with resellers. Three or four years ago, the marketplace for them meant they were no longer part of a transaction. And what AWS has done really well over the past year to two years is, build out the go-to-market so that its marketplace [includes] partners. We’ve worked with AWS on [this] to really make sure that it’s right for partners, versus something that creates conflict. Everybody’s winning in this virtuous cycle.

How did it work before, and what’s being done differently now?

I’ll use Optiv as an example, but we have thousands of other partners that transact with us via the marketplace. Before, if I wanted to buy from Optiv, I needed to buy through Optiv and I couldn’t use my [AWS] credits. It was like a decision tree — you have one choice, which is either buying it from a reseller or buying it from the marketplace. So you can imagine if you’re a reseller, and you’ve gone and said, “I’m registering an opportunity with CrowdStrike [for a new] customer. We’re going to bring them from legacy AV all the way to XDR. We’re going to do cloud security. We’re going to sell a bunch of other capabilities of the Falcon platform.” And then the customer at the end is like, “Well, I need to put it through the AWS Marketplace, thanks” — that reseller is obviously going to be very upset, because they don’t get the transaction. And those were some of the early friction points that you’ve seen — and that you [still] see with other marketplaces, the ones outside of AWS.

What AWS has done today is, they have it so that a partner can be part of that flow. The partner now makes the margin that they would have made before, AWS makes their listing fee, and they’re able to drive a lot more volume through marketplace that way.

So leading partners in our portfolio like Optiv, GuidePoint, CDW, SHI, Softcat — all of our major partners — have a growing share of their business that goes through AWS Marketplace and still credits them for the top-line revenue. For all the other cloud marketplaces, they haven’t figured this out yet.

Are there ways that this is actually beneficial for the partners compared to their typical way of doing things, as opposed to just comparable?

It moves faster, because all the legal work is done, for the most part. You don’t need to add a new vendor because AWS is already their vendor. Payment terms are already done. And then because of the AWS credits, that enables these deals to be bigger. So customers can buy more — which we like, and our partners and customers like.

If you think about, why do customers go to AWS? They go to AWS to benefit from the scale of the cloud and have a strategy that replaces a data center or complements a data center. And they can go faster, and they can build their business in the cloud. A very natural next discussion is, how do I secure everything I’m doing up here? And AWS has a great answer for that, which is what we do together with Falcon Cloud Security. We’re seeing customers replace multiple other cloud security products, consolidating and standardizing on the Falcon platform — and doing so through AWS.

Then I’d imagine this also gives partners the incentive to actually direct customers to go through AWS Marketplace in more cases?

Correct. Our resellers are bringing AWS Marketplace into the equation because it opens more doors for them. It makes it easier for them to sell more products and it makes the deals bigger, and [close] faster. The deals that go through AWS Marketplace are 145 percent bigger. So our message to the partners is, “AWS becomes a go-to-market tool and a go-to-market partner for you in selling CrowdStrike.”

And for partners that are like, “No I don’t want to work with marketplace” — watch this space continue to evolve. More and more [sales] are going there.

Many partners are delivering services around products today, which I’d imagine is another incentive for everyone to involve partners in AWS Marketplace deals?

That’s the way to think about it. If you’ve dislocated a partner, and then you’re going to have to go buy the services from the partner separately, that’s frustrating and takes more time. It ends up not really doing anybody any favors. So dislocating partners isn’t a good strategy. And I think the other marketplaces have a long way to go to get to the point where AWS is, in [terms of] having the supply chain organized so that everyone wins.

At your Fal.Con conference in September, the company spoke a lot about your SIEM offering, and later that same week Cisco announced its deal to acquire Splunk. What impact does that have on the SIEM market?

The acquisition of Splunk by Cisco shakes everything in that market up. It has a lot of customers saying, “Can CrowdStrike replace my SIEM?” That’s the exact conversation that we want to be having about our next-gen SIEM capabilities. And that’s the results that we’re seeing — and what partners are getting excited about. Because a lot of these partners were the ones who brought Splunk into these accounts over a decade ago. Now they have that opportunity all over again, and to do so with a real security-first approach. That’s exciting. The next-gen SIEM opportunity is big and immediate. And it’s partner-friendly, because it naturally has a lot of services that are tied to a migration, to a customization.

Any updates on your other focus areas right now outside of endpoint security?

On cloud security, I think the big opportunity there is, a lot of businesses are buying their very first cloud security product. Maybe they moved to the cloud a number of years ago but hadn’t thought about security up there, or they’re fresh into the cloud now. Regardless, the situation in cloud security is, there’s so many different vendors running around, and [there are] many different cloud security products. Having the ability to consolidate [multiple capabilities] in one place is a very attractive value proposition — not only in terms of capabilities but also in terms of economics for customers. And so what we’ve seen is an increase in the amount of displacements as customers consolidate on Falcon cloud security. Partners see that and they’re excited about that.

The identity security opportunity remains just as relevant today as it has been over the past 12 to 18 months. Today’s attacks are heavily identity-based — where access to applications and programs appears to be sanctioned, but actually it’s stolen credentials. That misuse of these applications is what causes a lot of the [security] problems for organizations. So identity protection, or ITDR [identity threat detection and response], that market that we created, is really growing rapidly. And you can see other companies now looking to enter the market. So ITDR isn’t just something that CrowdStrike is doing. I think it’s becoming an industry standard as a part of XDR.