How CrowdStrike consolidates tech stacks as a growth strategy

Driving tech stack consolidation by broadening the CrowdStrike Falcon platform is a proven strategy for driving growth, with Fal.con 2022 proving to be an inflection point. Four new product announcements stand out as core to CrowdStrike’s strategy. They include expanding cloud-native application protection platform (CNAPP) capabilities for CrowdStrike Cloud Security, including cloud infrastructure entitlement management (CIEM) and integration of the CrowdStrike Asset Graph; Falcon Insight XDR; Falcon Complete LogScale; and Falcon Discover for IoT.  

96% of CISOs plan to consolidate their security platforms, with 63% saying extended detection and response (XDR) is their top solution choice. Cynet’s 2022 survey of CISOs found that nearly all CISOs have consolidation on their roadmaps, up from 61% in 2021. CISOs believe consolidating their tech stacks will help them avoid missing threats (57%) and reduce the need to find qualified security specialists (56%), while streamlining the process of correlating and visualizing findings across their threat landscape (46%).

Gartner predicts that by 2025 [subscription required], 50% of midmarket security buyers will rely on XDR to accelerate the consolidation of workspace security technologies, including endpoint, cloud application and identity security.

XDR is a consolidation engine 

During his keynote, George Kurtz, CrowdStrike’s cofounder and CEO, provided insights into why XDR is such a high priority for its platform. He said, “80% of the security data you get the most value from [are] the endpoints and the workloads. That’s really where the attacks are. Yes, they happen across the network and other infrastructure. But the reality is [that] people are exploiting endpoints and workload.” 

Ingesting and managing security data needs to start with a focused, intentional purpose, a point Kurtz made several times during his keynote. XDR’s core value is providing an integrated platform of threat detection, incident response and remediation with real-time monitoring and visibility of cloud platforms, apps, endpoints and networks, including remote sensors. 

During his keynote, Kurtz defined XDR as being “built on the foundation of endpoint detection and response (EDR). XDR extends enterprise-wide visibility across all key security domains (native and third-party) to speed and simplify real-time detection, investigation and response for the most sophisticated attacks.” XDR is so core to the future of CrowdStrike that every keynote provided a glimpse of how and where it will be designed to deliver value. “We’re excited that we can democratize XDR for all of our customers,” Kurtz said during his keynote.

Acquiring Reposify accelerates consolidation 

Protecting internal attack surfaces is a challenge that even the most advanced ITops and secops teams constantly deal with. It’s because internal threats can strike at the heart of an identity access management (IAM) or privileged access management (PAM) system using stolen credentials and take control of servers in as little as an hour and 24 minutes, according to CrowdStrike’s 2022 Global Threat Report. Internal attacks are among the most difficult to identify and stop.   

CrowdStrike’s acquisition of Reposify brings an integrated external attack surface management platform onto Falcon. Reposify scans the web daily for exposed assets, giving enterprises visibility over their exposed assets and defining which actions they need to take to remediate them. Additionally, CrowdStrike announced plans to use Reposify’s technology to help its customers stop internal attacks as well.

“Reposify is a powerful external attack surface management platform. It scans the internet for vulnerabilities and exposes assets to identify and eliminate risk across your organization,” Kurtz said during his keynote. But, he added, “there’s no reason we can’t use it internally to continue to help you understand your risks inside, to continue to help you find those exposed assets.” 

Reposify’s platform has proven successful in helping secops and ITops teams find unknown exposed assets, identifying shadow IT and internal threat risks in real time before attackers breach infrastructure. It solves an issue many CISOs are facing today: getting more in control of external threats while strengthening the argument for consolidating on a single platform.

Why the CrowdStrike consolidation strategy works

The ongoing shortage of security engineers combined with tighter IT and security budgets make selecting best-of-breed security apps a tough sell for many CISOs. Meanwhile, cyberattackers are out-automating many organizations, devising malware-free techniques to avoid detection. Gartner [subscription required] found that 85% of organizations currently pursuing a vendor consolidation strategy show a flat or increased number of vendors in the past year.

Cybersecurity platforms provide economies of scale, drive a strong network effect across any company’s ecosystem, and force security providers to make customer success a core strength. Getting customer success right combined with the labor shortage and skyrocketing inflationary prices of running a business all work in CrowdStrike’s favor from a consolidation-strategy standpoint. It’s common knowledge that even if a best-of-breed vendor is integrated into a tech stack, CISOs are adamant that the contract is just for one year in case the system doesn’t deliver the expected value.     

No CISO wants to hear that they have to hire a new engineer just for a new app. Secops teams are short-staffed already, with team members often having multiple assignments. Having one person own a new best-of-breed app means they have to spend time learning it while doing their current job. 

Conversely, most secops teams have dedicated platform engineers who specialize in core platforms and infrastructure their organization needs to operate. CrowdStrike’s approach to making each of its 22 modules adhere to UX and workflow standards is very similar to Salesforce’s approach of defining a common user experience and having all partners and internal devops teams build to it. 

Kurtz mentioned during his keynote that he often hears the company is known as the Salesforce of security due to its reliance on cloud architecture. Cloud architectures bring greater UX and UI flexibility, making API integration possible with legacy on-premises systems.

Additionally, CrowdStrike’s devops discipline is clear from the announcements at Fal.con 2022, and the company’s product leaders take pride in how fast they can iterate on the platform. CrowdStrike’s reliance on the cloud helps speed up land-and-expand selling strategies in enterprises. Selling lower total cost of ownership and providing bundling options and pricing is how CrowdStrike turns consolidation into recurring revenue growth. 

IAM and PAM are due for consolidation 

With secops teams overwhelmed and cyberattackers looking to breach IAM and PAM systems to take control of servers full of identities and privileged access credentials, there’s room for consolidation in this market. Added to the urgency is how fast machine identities are growing, including the need to secure ephemeral containers.  

Organizations whose PAM and IAM systems are siloed today risk experiencing a breach and not knowing it. Many must improve their IAM infrastructure, updating systems to current standards while improving security best practices, including credential management and hardening security for Active Directory (AD).

Most importantly, consolidation of this market area would improve real-time monitoring of identity attack techniques while improving security access controls. In short, IAM and PAM would achieve the real-time visibility those systems need to stay secure while capitalizing on threat intelligence enterprise-wide, delivering a substantial benefit of choosing to consolidate on a single platform.