CrowdStrike CEO George Kurtz On SIEM ‘Inflection Point,’ Wiz-Google Deal

In an interview with CRN, Kurtz speaks about CrowdStrike’s new Services Partner Program focused on Falcon Next-Gen SIEM along with Google’s planned $32 billion acquisition of Wiz.

CrowdStrike’s push into the fast-growing market for modern SIEM replacement technologies is the “perfect inflection point” for the cybersecurity giant to introduce a wider set of service opportunities for partners, according to CrowdStrike Co-Founder and CEO George Kurtz.

In an interview with CRN, Kurtz said the company’s deepening channel push around its Falcon Next-Gen SIEM offering is just one of many signs that the company is looking to do more with solution and service provider partners.

Without a doubt, “having the partners to help transition customers from their legacy, people-intensive processes — to a much more automated and AI-led process — is critically important,” he said. “There’s big opportunity and big dollars as companies look to build practices [valued in the] hundreds of millions of dollars” around products such as Next-Gen SIEM.

While SIEM (security information and event management) is a core technology used by Security Operations Center (SOC) teams for monitoring and mitigating cyberthreats, many now see the traditional SIEM approach as outdated for a variety of reasons. CrowdStrike has aimed to become a disrupter in the space with its Falcon Next-Gen SIEM, offering improved security outcomes through making full use of cloud-native technologies and AI, according to the company.

Looking ahead, Kurtz told CRN that the company will be increasingly depending on partners to help make Next-Gen SIEM a reality for customers.

“With Next-Gen SIEM, you really need a consultative approach to think about how to transform into an AI-powered SOC, as opposed to a legacy SOC,” he said.

Kurtz spoke to CRN just ahead of the company’s Americas Partner Symposium, which is taking place this week in Park City, Utah. In connection with the event, CrowdStrike introduced its new Services Partner Program, which will see the company rely heavily on partners to deliver the services around Falcon Next-Gen SIEM.

Notably, CrowdStrike’s rebound since the widely felt July 2024 outage has been bolstered by strong and expanding partnerships within the IT channel, Kurtz said during the vendor’s quarterly call earlier this month — disclosing, for instance, that MSSPs contributed nearly 15 percent of CrowdStrike’s new business during its fiscal 2025.

Speaking with CRN, the CrowdStrike CEO also discussed other major growth opportunities including Falcon Exposure Management — which was expanded this week with new Network Vulnerability Assessment capabilities — along with the surging cloud security market.

On the latter topic, Kurtz said that Google’s recently announced deal to acquire cloud security vendor Wiz for $32 billion is a welcome move, as it “validates the space.”

“It validates how valuable it is to be in this space, particularly in these emerging areas,” he said. “And Google is a great partner of ours. So we’re excited about it.”

CrowdStrike disclosed it was generating more than $600 million in annual recurring revenue as of the close of its most recent quarter, ended Jan. 31, which makes the company “one of the largest cloud security providers by revenue in the market,” Kurtz said.

Additionally, Kurtz spoke about CrowdStrike’s Falcon Flex subscription model, which he called a major growth opportunity for partners this year. “We want [partners] to be leading with it,” he said.

What follows is an edited portion of CRN’s interview with Kurtz.

In terms of your move into Next-Gen SIEM, how pivotal of a role are partners playing there?

When you think about some of the GSIs and what they’ve been able to do with some of the legacy players that are out there over the last 15 or 20 years, it’s been tremendous. So to have that backing by the Accentures and Cognizants and many others out there, I think is a real boon to the Next-Gen SIEM business.

When I first started the company, a big part of our success was immediate time-to-value. You install the agent up and it works, and there wasn’t much to it. As we’ve added more capabilities to the platform — we went from one module to 29 — obviously things got a bit more complex. And with Next-Gen SIEM, you really need a consultative approach to think about how to transform into an AI-powered SOC, as opposed to a legacy SOC. I think it’s really the perfect inflection point for us right now with our big partners around things like Next-Gen SIEM. But in general, partners are obviously how we go to market. And everything from MSSPs all the way through the GSIs have been an important element to our success.

How would you describe the importance of MSSPs to the CrowdStrike business as a whole at this point?

MSSP now is about 15 percent of our new business. It’s been a great opportunity for us. As you know, we started in the enterprise, and we went down market into the midmarket, and then into the smaller SMBs. The best route to market is to have partners who have those deep relationships, and can take us as part of a broader offering and bring it to [their customers]. What we found is, at the lower end of the market, the customers are really hungry for CrowdStrike. People know of us, and they know we protect some of the biggest brands in the world, and they want access to that level of security for their own business. And given what’s going on with e-crime and ransomware and business email compromise — for all these small businesses, it may not look like a lot of dollars to us, but it’s massive dollars to them. So this is an area that we invested in. We’ve added additional capabilities on the platform to make it easier for managed service providers to be able to manage their customers.

What has the traction been like recently around your Falcon Flex subscription model?

A big part of our success has been Falcon Flex, and really what we’re focused on with partners this year is getting them up to speed. Falcon Flex, I would say, was really operationalized last year with our own salesforce — which takes some time to move from [a single] module to, “Let’s talk about the entire platform, and let’s talk about the broader consolidation opportunity.” It’s more of a commitment model, like a hyperscaler. The feedback has been pretty amazing. [Partners] are like, “Where have you been hiding this?” And we haven’t been hiding it — but it’s a newer kind of go-to-market motion for us that we had to get right internally. Obviously, now it’s making sure that partners can lead with it. We were working with them to get the Falcon Flex deals done, but we want them to be leading with it. And I think that’s going to be exciting opportunity for us in this fiscal year.

How does the service opportunity for partners with CrowdStrike today compare to what it was in the past?

There’s more opportunity these days because of the platform element of CrowdStrike. It isn’t just one module. It is the broader solution provider that can bring a lot of value. As we’ve talked about this AI-powered SOC, it’s moving and training people from what they were doing to something new with better outcomes. Sometimes you get people [who are] ingrained in how they do things. So having the partners to help transition customers from their legacy, people-intensive processes — to a much more automated and AI-led process — is critically important. You look at Accenture as an example. They’ve got a huge business around AI consulting and security. They’re one of the biggest security consulting organizations in the world. Having folks like that being able to take our platform — and in particular, Next-Gen SIEM — and transform some of these processes into a more modern architecture [is] exciting for them and it’s exciting for us. There’s big opportunity and big dollars as companies look to build practices [valued in the] hundreds of millions of dollars around [products] like Next-Gen SIEM.

Could you say a bit more about the growth of Next-Gen SIEM and how quickly that turned into a major contributor to your business?

It’s an amazing story, because for years, we had customers ask us to put data into our platform. Obviously, we’ve had a very effective workflow. First, it was EDR and XDR, and [now] it’s Next-Gen SIEM. But we’ve had the workflows and the ability to identify things that people haven’t seen before. So probably four years back or more, customers came to us and said, “Hey, it’d be great if we can take the information that is not in CrowdStrike and put it into CrowdStrike.” Their comment was that 80 percent of the data they had [for SIEM] is from CrowdStrike — there’s only 20 percent that wasn’t CrowdStrike data in their SIEM. So they were taking the data out of CrowdStrike, and they had to move it, and they had to pay to put it somewhere else. Their comment was, “We already know your workflow. We love your platform. Just take the 20 percent that you don’t have — network devices and firewalls and email, those signals — and put it into CrowdStrike.” We’ve got hundreds of integrations now across different technologies. We’ve got a tremendous workflow. And now we’ve got our automated AI triage that can look at all this data and then synthesize it all to specific events and, really, incidents. That would take hours and hours of an analyst’s time to be able to do that. There’s a big AI component.

The other area, too, is in parsing. One of the things that’s always been hard in the SIEM world was, every time you have a new data source, you have to create another parser. We’ve created an AI parser, because at the end of the day, AI should be able to figure out what a field looks like just by figuring out that it’s an IP address. Why does a human have to map all that together — when you can have an AI parser that looks at the data and then can figure out these 10 elements, and just maps it to our [platform]? It’s been incredibly effective for us.

The thing also that probably is under-appreciated is really our SOAR [security orchestration, automation and response] capabilities with Falcon Fusion — which is our complete SOAR and workflow. We’ve wired all that into our Next-Gen SIEM. From a customer standpoint, it’s faster outcomes, better technology and lower cost. That’s a winning formula.

In terms of the rise of agentic AI, how does that relate to the future of your Charlotte AI technology?

Charlotte continues to get more capabilities, I think, almost by the week. But when we created Charlotte, it was really to be an agentic technology — before agentic AI had a name. We were saying, “Hey, you have to go beyond just chatbots. You have to wire it into workflows. You have to be able to make decisions.” If you look at the five categories of GenAI, we cover just about everything. One of the areas that we announced [recently] was improvement in reasoning with some of the Nvidia technology. The whole idea was, Charlotte gets smarter and smarter. And ultimately, we can see Charlotte being an AI agent that autonomously responds to all these activities and takes action on behalf of a customer without any interaction. In the early days, like most technologies, people want to understand what Charlotte wants to do and how it wants to do it. But where we see it going is that companies will be able to create different versions of Charlotte — that will allow them to create their own bespoke implementation of a security AI bot and do things on their behalf. I think that’s really where it gets exciting.

Exposure management is another area that has quickly turned into a major revenue contributor for you - what’s driving that growth?

[Exposure management] has always been a glimmer in my eye since I started Foundstone and when I sold that to McAfee. And when we look at what we’ve been able to do with our agent, we can gather incredibly rich information I could never get when I was at Foundstone. So we have all that rich information. And we really started in the vulnerability management space many years ago, but on the agent side of it. We’ve expanded that now into the network side, which was a missing element. Our goal ultimately is to be able to replace other vulnerability management technologies that are out there — legacy ones, because we’ve got the agent and now we’ve got network scanning. And we’ve got AI to help prioritize which ones are really important, and we have the workflow to get things fixed with Falcon for IT. So think about the scenario of, Charlotte kicks off a vulnerability scan, identifies the most critical assets, understands which ones are potentially being targeted by a nation state — and then kicks off a remediation through Falcon for IT, all autonomously. That’s why we’re excited — because at the end of the day, you really have to distill security down into risk and risk management, and then how you prioritize what’s really important. How do you reduce the risk for the dollars that you’re actually spending? What customers want is, maximum risk reduction for the lowest dollar spent, and that’s the formula that we’re really trying to help customers get to.

Given the recent major M&A activity in cloud security, could you say a bit about the opportunities you’re seeing there?

We’re one of the largest cloud security providers by revenue in the market. We talked about that in the last [quarterly] call. And I think the Wiz-Google deal validates the space. It validates how valuable it is to be in this space, particularly in these emerging areas. So that’s great. And Google is a great partner of ours. So we’re excited about it. And again, we’re going to continue to put a lot of effort and resources into our cloud offering, always anchored by our cloud workload protection. But we’ve got a full CNAPP [cloud native application protection platform] offering from CSPM to ASPM to DSPM to CIEM and every [acronym] in between. So we’re excited about it. It validates the space. And we look forward to continuing to partner with Google.

How are you viewing the tool consolidation opportunity at this point — does that remain a major driver?

Consolidation and [Falcon] Flex go hand-in-hand. We’ve done some massive, eight-figure deals where we’ve been able to work with customers [who’ve] got all these point products. They don’t always work together correctly. They create seams in their security fabric. And wherever there’s seams in your security fabric, you have potential for breach. There isn’t a company that we talk to today that isn’t looking to consolidate or save money. It is on everyone’s radar. I think we’ve done a really good job of being able to demonstrate real, tangible savings and ROI empirically, with a better outcome. That’s been, again, a key part of our success. And getting back to the partner angle, it’s making sure that we’ve got all these use cases and success stories — where we can go back into the partner community, and we can make sure people are enabled and educated. That success just breeds more success.

Overall, what is your message to partners right now?

The message should be, we’re the most innovative company that is going to help our partners be financially successful and have success, ultimately, with their customers. It’s about creating outcomes for their customers. It’s about our partners winning in their own business. And it’s about us continuing to drive innovation — not only in the platform, but innovation in the business model as well. When you think about Falcon Flex, it’s a very innovative model. So I think at the end of the day, the platform wins, the partner wins and the customer wins, and that’s a lot of winning. We like that.