CrowdStrike’s ‘Incredibly Strong’ Platform Strategy Driving SIEM, AI Growth Surge: Partners

‘The overall message is we’re embracing partners and we’re focused on them making money,’ CrowdStrike CEO George Kurtz tells CRN.

According to solution provider executive Ryan Morris, behind the stunning growth of cybersecurity vendor CrowdStrike is something that’s been in shockingly short supply lately around the tech industry: long-term vision.

From “day one,” CrowdStrike has stayed firmly committed to delivering cybersecurity through a cloud-native, single-agent architecture, noted Morris, president of Annapolis, Md.-based Blackwood, No. 107 on CRN’s Solution Provider 500 for 2024. Despite the many advantages of this approach, this commitment has also frequently been tested—including in past discussions with federal customers, which often included requests for an on-premises version of CrowdStrike’s software to run in their data centers.

CrowdStrike’s answer, however, has always been a “no,” since this would split its architecture in two. And as the industry continues to move in a cloud-first direction, it’s increasingly obvious that this answer was the right one, Morris said.

“I think you have a lot of customers that are looking back now and realizing, ‘That’s fundamentally the architecture that we need if we’re going to do more progressive things, like having an AI-native SOC [Security Operations Center],’” he said.

Thus, it’s now becoming clear to more of the market that CrowdStrike’s “incredibly strong conviction in their design principles” is a main reason for the vendor’s massive growth today, even though it may have created friction before, Morris said.

Ultimately, even as many vendors remain narrowly focused on the immediate term, CrowdStrike has stood apart with its forward-looking approach, he said.

“When you do have an actual long-term strategy that is strong, it’s super unique. And that’s what I keep seeing at CrowdStrike,” Morris said. “They’re not just focused on this quarter. They’re focused on 10 quarters from now.”

‘It’s All Integrated’

In an interview with CRN, CrowdStrike co-founder and CEO George Kurtz said that the company’s single-agent architecture and cloud-native platform strategy are paying off in a major way, as the cybersecurity giant expands more broadly across the market.

The vendor’s Falcon platform now extends well beyond its core EDR (endpoint detection and response) offering to provide capabilities in cloud security, identity protection and, most recently, Next-Gen SIEM (security information and event management). Another newer foray, Falcon for IT, seeks to make CrowdStrike a larger player in the broader IT space and is proving extremely popular, Kurtz said.

Overall, CrowdStrike’s long-running, cloud-native approach is now yielding huge growth opportunities by enabling simplified adoption and deployment of additional security capabilities for partners and customers, Kurtz said.

“A big part of what CrowdStrike is focused on is making sure that we deliver technology that works and that’s integrated as part of the platform,” he said.

For instance, “when you look at Next-Gen SIEM, it isn’t a hodgepodge of technologies strewn together that take six months to get off the ground,” Kurtz told CRN. “It’s easy for partners to get a customer up and running. It's easy for them to add some value-added services around it. But it’s all integrated.”

Beyond The Core

Solution provider executives who spoke with CRN applauded CrowdStrike’s forward-thinking platform strategy, which in recent quarters has helped lead to the company surpassing growth expectations even amid a challenging economic environment. For the first quarter of CrowdStrike’s fiscal 2025, ended April 30, the company easily beat analyst expectations while reporting that revenue grew 33 percent from the prior year, reaching $921 million.

Executives at four top solution provider partners of CrowdStrike told CRN that they’ve seen accelerated growth in adoption of Falcon capabilities beyond endpoint security.

“We’re just doing more in areas that are outside of the core EDR platform,” said Mark Thornberry, senior vice president for vendor management at GuidePoint Security, No. 39 on CRN’s Solution Provider 500 for 2024.

“They make it easy for customers to consume. And they make it easy for us to sell,” Thornberry said. “From our perspective as a business partner, that’s our primary concern.”

The adoption comes in part thanks to the industrywide trend around vendor and tool consolidation, driven by myriad forces including shortages of talent needed to manage tools and out-of-control complexity in cyber defense. Consolidation also tends to produce cost savings, which have remained a major priority for customers as economic conditions have stayed sluggish.

Within this environment, CrowdStrike’s recently launched Next-Gen SIEM offering has gotten off to a fast start thanks to its promise of providing both better security outcomes and lower costs than rival offerings, Kurtz said. The cost benefits come partly from not needing to move or store endpoint data—which constitutes a sizable portion of the data utilized by a SIEM system—across two separate data lakes.

Solution provider executives called this a huge advantage for CrowdStrike, which is stepping into a fiercely competitive market dominated by Cisco-owned Splunk and other established players.

“Cheaper and better is a really deadly combination when you’re competing against somebody [more established],” GuidePoint’s Thornberry said.

All in all, CrowdStrike is “very well-positioned to capture more than their fair share of that [SIEM] market. We know that they are an execution machine,” he said. “We do think CrowdStrike is poised to be a big player in that space.”

Consolidation Push

CrowdStrike is also excelling at enabling partners to drive consolidation on its platform through new licensing options, such as the recently launched Falcon Flex subscription model, partners said.

The model helps to incentivize customers to deploy more of CrowdStrike’s 28 modules, through providing “the flexibility to deploy the different modules at the right time, as other products come up for renewal,” Chief Business Officer Daniel Bernard told CRN.

Bernard said the model has caught on with larger solution providers, and the company is now looking to expand the approach to a broader set of channel partners.

Falcon Flex “really is an invitation to consolidate,” he said. “It can really help them to super-size deals.”

At Denver-based Optiv, No. 25 on CRN’s Solution Provider 500 for 2024, CrowdStrike’s new software licensing model is closely aligned with the company’s efforts around “engaging the customer where they are in their security journey,” said Optiv CRO John Hurley.

“The availability of Flex—in giving us that opportunity to be very focused on the business outcome—is exactly the way we want to be able to do it,” Hurley said. “The customer can buy it the way they want to buy it. They can consume it in the way that they want to consume it. And it’s a very easy transactional conversation to have.”

Overall, when it comes to CrowdStrike’s strategy for empowering platform consolidation through partners, “they are on the absolute right track right now, for sure,” he said.

Focus On SMB

CrowdStrike’s traction with partners has also been fueled by working with a broader base of partners and in a wider set of markets, including SMB, executives said.

SHI International, No. 13 on CRN’s Solution Provider 500 for 2024, began its partnership in earnest with CrowdStrike about 18 months ago as part of its push to offer more “best-in-class” cybersecurity capabilities, said Brian McGrath, vice president of commercial and SMB sales at Somerset, N.J.-based SHI.

The partnership between SHI and CrowdStrike is now kicking into a higher gear as the companies have begun to win more deals together, McGrath said.

SHI also expects to intensify its efforts to work with CrowdStrike in serving SMB customers, he noted. The partnership has already seen a “lot of success” in bringing EDR to smaller businesses and is now looking to bring additional capabilities from the Falcon platform into the SMB market, according to McGrath.

“We’re looking to really invest in this commercial SMB space. And ultimately, we’re working with partners like CrowdStrike to help us achieve those goals,” he said.

Notably, CrowdStrike’s SMB-focused endpoint security tool, Falcon Go, is continuing to be “well-received” at the smaller end of the market, Kurtz said. And CrowdStrike is seeing strong results from its initiative to reach smaller MSPs through the vendor’s partnership with cloud marketplace Pax8, he added.

On the whole, SMB “has been a bright spot for us,” Kurtz said. “I think you can look at our results, and you can see that we’re taking market share from others that have traditionally been strong in the SMB.”

‘Partner-First’

The running theme across CrowdStrike’s channel efforts, according to Kurtz, is that investments made to bolster its work with partners in recent years are increasingly leading to major customer wins, both in endpoint security and in newer areas. The progress was marked in a big way earlier this month, as 170 executives from top CrowdStrike partners gathered in Southern California for the vendor’s inaugural Americas Partner Symposium.

“We’ve really focused on the partner-first selling motion,” Kurtz told CRN. “The overall message is we’re embracing partners and we're focused on them making money— and not [on] giving a bunch of products away.”

Without a doubt, CrowdStrike has put the right types of incentives in place for today’s customer buying behavior, which is less focused on one-time transactions than in the past, Blackwood’s Morris said.

CrowdStrike is, in fact, “the only company that I’ve seen that has taken notable steps to realign [incentives] to the influence that they’re looking for,” he said. “You can absolutely make money on selling—but you can make money on advising, you can make money on servicing. And as you get to a certain threshold of adoption, there’s additional incentives.”

All in all, CrowdStrike is “really doing an amazing job on the partner side right now,” Morris said.

CrowdStrike has also laid the foundation for its massive recent growth by building trust with partners and customers, including through sticking with its single-architecture platform strategy, he said.

More recently, this has been coming into play as the arrival of generative AI has created a surge of new products being launched by vendors around the industry. Fo CrowdStrike, however, “the fact that they already have the trust in their customer base—that they're going to execute the road map as published—is really big in an AI world,” Morris said.

That is, while CrowdStrike has already made a strong early push with its Charlotte AI technology, the vendor has also established trust that it will release even more advanced GenAI-powered capabilities in the future—“versus rushing and getting things to market that are just not ready to go,” he said.

This is crucial, Morris said, because customers won’t make the move to adopt a security platform when “they don’t have full trust in the vendor. They really need that if they’re going to go from two modules to 12 modules.” For CrowdStrike, he said, “the fact that they actually maintain discipline in their road map is what’s creating the trust that they need with customers to go all in.”