CrowdStrike Unveils Managed XDR: 5 Big Things To Know

The cybersecurity giant is creating new partner opportunities with the extended detection and response offering, which expands upon its popular managed detection and response service, CrowdStrike Chief Business Officer Daniel Bernard told CRN.

CrowdStrike Chief Business Officer Daniel Bernard

CrowdStrike Chief Business Officer Daniel Bernard

End-To-End XDR

The improvements that endpoint detection and response (EDR) has brought to cybersecurity are unmistakable. Simply put, attacks against endpoint devices such as laptops are getting detected far more often and much faster than they were even just a few years ago. At the same time, today’s threat actors don’t limit themselves to endpoint devices, and are known to move between environments as a standard tactic of modern cyberattacks.

The need to bring detection capabilities to all of an organization’s systems has produced the fast-growing category of XDR, or extended detection and response. XDR aims to improve security by correlating data from across an organization’s environments, and then prioritize the most critical threats for a response. Among the foremost vendors in the XDR market is CrowdStrike, a company that initially made its name on EDR. On Wednesday, the cybersecurity giant announced its next major foray in the XDR space with the unveiling of Falcon Complete XDR, a new managed XDR offering that aims to make the technology applicable to more customers and partners than it has been to date.

[Related: 15 New Cybersecurity Products To Know]

In short, XDR can “become the control plane that they use to manage cybersecurity end-to-end,” said CrowdStrike’s chief business officer, Daniel Bernard, in an interview with CRN. “That’s revolutionary in the market. But also, folks need help doing it.”

As a managed XDR (MXDR) offering, Falcon Complete XDR follows the model of CrowdStrike’s popular managed detection and response (MDR) service. CrowdStrike’s MDR offering has provided 24/7 management of the vendor’s EDR technology to customers that lack the resources to do so themselves (which is not at all a rarity, amid the massive talent shortage in cybersecurity). In the same way, the CrowdStrike MXDR aims to offer management of the vendor’s XDR platform to make the technology relevant to more customers and partners, including resellers and managed service providers, Bernard said.

As EDR was getting established, “MDR became something that really helped a lot of organizations move into EDR,” he said. “And likewise, managed XDR becomes an offering that’s really compelling for organizations looking to get into XDR or get the full value out of XDR.”

What follows are five key things to know about CrowdStrike’s new managed XDR offering.

Extending Beyond The Endpoint

In addition to the fact that CrowdStrike’s MDR service has primarily focused on management of endpoints, the service has also only worked with CrowdStrike tools, Bernard said. With the debut of CrowdStrike’s managed XDR offering, the company will enable partners and customers to leverage tools from other vendors, as well.

Falcon Complete XDR will integrate tools from vendors in the CrowdXDR Alliance in key segments such as security service edge (Cloudflare, Netskope, Zscaler, Skyhigh Security, Menlo Security); identify security (Okta, ForgeRock, Microsoft Azure Active Directory, Ping Identity); email security (Mimecast, Proofpoint, Microsoft 365, Cisco Secure Email, Abnormal Security); network detection and response (Corelight, ExtraHop, Vectra); and firewalls (all the major firewall vendors, Bernard said, including Palo Alto Networks and Cisco).

The combining of data feeds from so many major security tools on a single platform, via XDR, is “what we’re delivering the service on top of — and that’s what our partners are able to leverage, too,” Bernard said. In addition to 24/7 management of the XDR platform, the MXDR service also includes threat hunting, monitoring and remediation, CrowdStrike said.

Improving Security

For partners and customers, CrowdStrike’s managed XDR offering ultimately promises improved security outcomes, Bernard told CRN. He offered an example, in the critical area of email security, for how the MXDR offering could enable better cyberdefense. Business email compromise remains a “major attack vector,” Bernard said. Previously, however, “email wasn’t something that was really integrated into the Falcon platform — we’re not an email security vendor.”

“What managed XDR lets us do — and lets our partners do — is, in an integrated fashion from the Falcon console, be able to deal with the telemetry, triage those alerts, take actions. It’s not just ’data in,’ it’s also actioning those alerts for our customers,” he said. “So it limits the amount of time you’ve got to spend into multiple dashboards, it limits the clicks, which ultimately results in faster mean time to detect, faster mean time to respond — which is what customers are really looking for.”

Key Differentiators

Because CrowdStrike’s managed XDR offering works with third-party security tools, Bernard said it will likely have broader appeal among partners and customers than other managed XDR options that are available. Partners and customers that choose Falcon Complete XDR “will not find themselves in a walled garden,” he said. “If you look at a lot of the other vendors in the market, whether it’s an operating system vendor or a firewall vendor, you end up in a walled garden, you have to live in their world.”

“But with CrowdStrike, you can choose the best of breed email security vendor. You can choose us for cloud, you can choose others for cloud,” Bernard said. “You’re able to deliver for your customers the benefits of XDR on your terms — flexibly — and you’re not limited to consuming it in one way.”

Another major differentiator is the way that CrowdStrike’s MXDR platform is integrated, he said. Competing offerings include “an operating system vendor with nine consoles, or 12 consoles” and a “hardware vendor that’s cobbling together multiple products, and they’re all still separate.” With CrowdStrike’s MXDR platform, however, “it’s all part of the Falcon platform and it’s all in an easy to consume UI,” Bernard said. “I think in terms of actually delivering XDR, we’re leaps and bounds ahead of where the market is.”

Partner Opportunities

Bernard, whose duties include overseeing CrowdStrike’s work with channel partners, said that there are an abundance of opportunities for partners with Falcon Complete XDR. For MSPs, for instance, delivering managed services to customers on top of the CrowdStrike managed XDR offering is a prime example, he said. “The innovation around XDR is the ability, in one place, to have all the data come in, as well as take action on those products — and do that from the Falcon platform. So if you’re a partner, you can do a whole lot more.”

And “not only is it more capability, it’s also a lot easier for partners to do that, versus building a bunch of custom tooling to try and do that themselves” Bernard said. “So that’s really the exciting piece here — partners are able to manage more offerings and do more across these different tools, faster — because it’s all consolidated.”

The bottom line is that with the CrowdStrike MXDR offering, partners “can customize it for end customers — and ultimately sell more products, sell more services and produce better cybersecurity outcomes.”


While extended detection and response has not typically been thought of as accessible for smaller businesses, CrowdStrike is aiming to change that with Falcon Complete XDR, Bernard said. The managed XDR offering “fits perfectly in [the SMB] world,” he said.

In part, that’s because for SMBs, it’s even more difficult to hire individuals with cybersecurity skills and buy cyber defense products, Bernard noted. All in all, SMBs want to “make it easy to cover their entire organization, and automate as much as possible, and produce a cybersecurity outcome — that they’re not breached,” he said. With CrowdStrike’s focus on making cybersecurity easy, “we are the best positioned to stop the breach for the SMB,” Bernard said.

And when it comes to how CrowdStrike will be looking to deliver that outcome for SMBs going forward, increasingly, managed XDR will become the “how,” he said. “It’s offerings like these that enable us to do it.”