CrowdStrike’s 8 Biggest Announcements At Fal.Con 2023
The cybersecurity giant unveiled a new partner program, a major startup acquisition and a number of new products during the conference in Las Vegas.
For CrowdStrike partners and customers, a lot has happened in just a few days.
There’s a new partner program, which the company called the biggest revamp for the channel in eight years. There’s a major new version of the Falcon platform on the way, alongside a handful of other brand-new products in key areas of security. There’s another startup joining the CrowdStrike fold. There’s a major push into areas of IT that fall outside of cybersecurity. There’s a CrowdStrike Marketplace.
And of course, there’s Charlotte — the company’s GenAI assistant for security analysts that was announced in May — which this week got a lot more real for thousands of CrowdStrike partners and customers.
All of this came out during CrowdStrike’s Fal.Con 2023 conference in Las Vegas this week. The product announcements alone would have been a lot to take in: The conference has had the largest number of CrowdStrike product releases of any Fal.Con to date, according to Co-Founder and CEO George Kurtz.
With the announcements, the number of “modules” that CrowdStrike offers on its Falcon platform will be jumping from 23 to 27, Chief Business Officer Daniel Bernard said, once all of the modules are generally available.
However, with the announcement of the new Accelerate partner program, the acquisition agreement for Bionic and the launch of the CrowdStrike Marketplace, Fal.Con 2023 has provided partners and customers with an array of different updates to digest — and potentially, to leverage in doing more with CrowdStrike.
The new CrowdStrike Accelerate partner program includes the introduction of new incentives, improved training and increased support resources in areas such as marketing. The updates are particularly targeted at enabling channel partners to boost their involvement with products on the company’s unified Falcon security platform beyond its flagship endpoint detection and response (EDR) offering, such as in identity protection, cloud security and “next-gen” SIEM (security information and event management).
The new program shows how CrowdStrike — which generates more than 95 percent of its non-services revenue through the channel — is “doubling down on investing in partners,” said Amanda Adams, the company’s vice president for Americas alliances. “We’ve gotten pretty aggressive in providing the incentives and payment for partners that are adding a ton of value throughout the sales cycle,” Adams told CRN.
With its planned acquisition of Bionic, CrowdStrike plans to integrate the startup’s application security posture management capabilities into its cloud security offering. Bionic is akin to a “Google Maps for your apps,” CrowdStrike President Michael Sentonas said during his keynote session Wednesday.
The Bionic technology not only provides visibility into the applications, cloud environments and third-party services that are in use, but also stands out as the “only product that takes this visibility one step further to show you the services that are running inside of an application,” Sentonas said. “These are the microservices and serverless functions that developers update everyday through their CI/CD pipeline. [Bionic can map] application services showing all the dependencies and how they communicate with each other. You need to know this information.”
Falcon For IT
While CrowdStrike has had aspirations in the broader IT space over the past couple of years, the company signaled that one of its product announcements this week — Falcon for IT — could be a turning point in that initiative. The new offering will enable partners and customers to utilize the same Falcon agent for IT-specific uses, not just security-specific ones.
During his keynote at Fal.Con 2023, Kurtz shared a few examples of major uses for Falcon for IT — each of which he demonstrated with the help of Charlotte AI. Those include asset inventory, determining which assets are out of compliance and CPU utilization on devices, which can impact performance. Another example, Kurtz said, is around determining software utilization and which applications are going unused.
On top of all these new capabilities for IT outside of security, Kurtz said there’s another advantage for organizations: While there has long been a “wall” between IT and security, “we think we have some unique technology that can help both teams get along.”
For the new release of Falcon — referred to as “Raptor” to signify that it’s a major update to the platform — CrowdStrike has brought in numerous new capabilities. Among the big updates is that CrowdStrike is now using its own LogScale technology to serve as the underlying data layer — enabling Falcon to natively ingest data from third-party tools. That ultimately allows Falcon to treat CrowdStrike data and third-party data exactly the same, leading to better visibility and correlation of threats across tools using CrowdStrike’s XDR (extended detection and response) technology, executives said.
“The whole concept of Raptor is about bringing data in, making it easy for analysts to triage and analyze whatever information is being provided and then getting to the next step — which is, ‘What’s my response action?’” said Raj Rajamani (pictured), chief product officer for data, identity, cloud and endpoint at CrowdStrike. “It’s actually opening up XDR for everyone. And it is significantly going to reduce [incident] analysis time for analysts.”
Other major updates in the “Raptor” release include the Charlotte AI Investigator, which can correlate related context around security incidents and provide GenAI-powered summaries of the incidents; unified alerts and incident workbench capabilities to improve investigations and speed up remediation; and the Collaborative Incident Command Center, a collaborative environment for security analysts — akin to Google Docs or Slack — to work together on incidents in real time. The latter capability is “very unique,” Rajamani said. “We are not aware of any other products in the market that offer [security analysts] that level of collaboration.”
CrowdStrike introduced at Fal.Con a new no-code application development platform, Falcon Foundry. The platform is meant for partners and customers, even those with no coding experience, to create and share custom apps that leverage Falcon’s data, orchestration, automation, response and AI capabilities, the company said.
In order to enable the no-code development functionality, CrowdStrike is again leveraging Charlotte AI, Rajamani said. The workflows, scripts “or any other code that needs to be developed will all be automatically generated by Charlotte,” he said.
A significant portion of Kurtz’s keynote at Fal.Con included a demonstration of what Charlotte AI will be able to offer security analysts in the future. While analysts will actually be querying Charlotte by typing rather than voice-based interactions, partners who spoke with CRN said the demonstration offered them a better sense about the potential for the technology.
From what’s been shown so far by CrowdStrike, one of the big advantages for security analysts in using Charlotte AI is that the tool can not only present more data, but “more of the right data,” said Jordan Hildebrand, practice director for detection and response at St. Louis-based World Wide Technology. Charlotte also would appear to be especially useful in areas such as threat hunting, which often falls by the wayside with prevention and incident response taking priority, he said. If Charlotte can automate some of the work involved in threat hunting, that would be “super exciting,” Hildebrand said.
Falcon Exposure Management
One of the new CrowdStrike offerings debuted at Fal.Con is not brand new, per se, since it leverages existing capabilities on the Falcon platform. But what the Falcon Exposure Management offering can provide, in terms of security capabilities, is definitely new, according to Zeki Turedi, CTO for EMEA at CrowdStrike. Falcon Exposure Management combines external attack surface management (from Falcon Surface) with vulnerability management (Falcon Spotlight) and asset visibility (Falcon Discover), Turedi said.
As one example, Falcon Exposure Management can help an organization to understand the likely path an attacker would take to access an organization’s most important data — its “crown jewels” — so that it can then focus on blocking off those paths, he said. Exposure Management can “take these pieces together and pull them into a narrative” — something that in the past has been extremely difficult due to the amount of disparate data that must be pulled together, Turedi said.
With a model similar to cloud marketplaces from hyperscale platforms, the newly announced CrowdStrike Marketplace aims to provide centralized access to complementary tools from third-party vendors. For partners, the opportunity is to receive offers and present those offers directly to clients, all through the marketplace, Adams said.
While being able to procure through marketplaces is something that many customers are asking for, it’s “also an easier way for our partners to work with the expansive ecosystem,” she said. Ultimately, “if there’s a way to make it easy for our customers, but also our partners, to drive those integrations and purchases through marketplace, it’s going to be a great outcome for all,” Adams said.