Change language

Change country

Fal.con Europe

“The sheer amount of information, collaboration with key personnel and leadership alongside tangible market insights and advice made CrowdStrike’s Fal.con a must attend event.”
Fal.con Europe
Andrew Smith
Andrew Smith

Chief Information and Strategy Officer

Kyocera Document Solutions UK

At the start of November I had the pleasure of attending CrowdStrike's first flagship conference in Europe. Held in Amsterdam Fal.con was the first time that CrowdStrike had brought their annual partner and user conference outside of the US.  

The event was well attended with CrowdStrike leading resellers, Managed Security Service Providers (MSSPs) and end-users in attendance. The event did not disappoint with Product announcements that were unique from the Fal.Con US conference as well as product, industry and market information. 

As is common place at these conferences the event also had a partner showcase area where key product partners were able to meet CrowdStrike customers and showcase their CrowdStrike integrations and technology. A great way to understand more about available technology and its value.  

The week started with a dedicated day focused around CrowdStrike growing MSSP community. They expressed the importance of the MSSP partner to CrowdStrike's growth but perhaps more importantly how the Canalys market data shows more and more customers turning MSSP partners to manage their broader risk profile.  

Moving to Wednesday the main event kicked-off with Keynotes from the CrowdStrike CEO and Senior Leadership team followed by break-out sessions across the site for the next 48hrs.  

Wow there was a lot of content! 

Their keynote on day two was extended by 1.5hrs to ensure they could fit in all the product and technology announcements! That kind of says it all in terms of the growth and strategy of the CrowdStrike platform and marketplace.  

Key CrowdStrike Platform announcements

+ For those more technical folk you may know the CrowdStrike platform was based on a Splunk backend. Over the recent period and showing their true commitment and insight to the trend of the market, CrowdStrike have completely redesigned their product to have their NG-SIEM at the core. Their NG-SIEM which was born from their acquisition of ‘Humio’ is now being leveraged as the driving force to insight and behaviour analysis across the platform. This is going to be big for the future! 

+ They announced their acquisition of Adaptive Shield, an existing partner and leading product in protecting SaaS and Cloud control planes. Whilst the acquisition concludes CrowdStrike were quick to announce the existing partnership, integrations and the value customers were receiving from Adaptive Shield announcing it was available to purchase from CrowdStrike directly, immediately that day.  

+ CrowdStrike's CEO noted the significant feedback from customers regarding their procurement challenges through traditional procurement cycles and the changing cyber landscape coupled with demand for increased platform use. As a result, CrowdStrike announced ‘CrowdStrike Flex’ - a new procurement approach providing flexibility for customers to consume spend on the platform how they wish, turning features and consumption on and off in line with their business needs. This could be game changing for customers! 

+ Project Kestrel was also a BIG announcement. CrowdStrike are investing in re-designing their product from the ground-up to be more focused and user friendly to the SOC analyst and end-user/partner use cases. Harnessing the power of the data platform itself the new look blew the crowd away! Built alongside the previously announced Charlotte AI the development sees significant benefits for partners and end customers alike.  

The product announcements did not attempt to cover over the incident that happened with CrowdStrike back in the Summer. Following their approach then CrowdStrike were open and transparent from the outset. 

They took their opportunity to thank partners and customers alike whilst also providing some announcements specifically linked to the incident itself.  

They announced further feature announcements under the banner of ‘Resiliency by Design’ built to place more control in the hands of the partner and end-user. They expressed their deep partnership with Microsoft and the technical community, explaining the detailed conversations that happened at the Redmond Conference on how the entire industry can learn from the event.  

To add a little weight, they had the Microsoft CEO dial-in to endorse their partnership. A nice touch! All wrapped with a genuine thank you and gratitude to their customer community….  

As a leading CrowdStrike partner I was pleased to see the continued transparency and learning. I could not agree more that the industry as a whole can learn and build from this unfortunate incident. I do take some comfort that the culture at CrowdStrike led them to react and deal with this in a way that enabled us all to recover and build from it.  

Looking at the broader landscape and market insights CrowdStrike took a deep dive into their leading Threat Hunting Report sharing:

+ Malware is not necessarily the problem but rather it’s the adversaries that are the problem.  

+ Threat actor motivation is trending from nation States, eCrime and Hactivism. 

+ CrowdStrike are actively tracking 245x active adversaries. 

+ 70% increase in using legitimate RMM tools as part of Cyber Attacks.

+ 5 of the top 10 used MITRE tactics were identity based.  

+ 142% increase in access broker advertisements for the healthcare sector. 

+ 75% increase in Cloud intrusions. 

+ Professional and Consultancy firms saw significant increase YOY in attacks as well as 70%+ increase in healthcare attacks. 

In summary

+ Cross-domain identity-based attacks are on the risk. 

Stealthy adversaries are exploiting legitimate credentials to gain access.  

+ Adversaries are targeting Cloud control planes to gain full access to Cloud Infrastructure.  

+ Exploitation of legitimate RMM tools is on the rise.  

+ Deep fake and unknowingly employing adversaries becomes a real-life threat for many.  

fal.con

There was a lot to take in, as expected the adversaries are reacting to changes in the marketplace and the increased efforts of Cyber Security technology, companies, employees and communities.  

On a more personal level I concluded:

+ Active Directory and Identity based protection is no longer a nice to have. It is now essential to a company’s Cyber Security Strategy.   

+ Cloud Control Planes are a target and are often outside of identity controls and procedures. Where companies are investing in Active Directory protection and similar they must not forget SaaS protection. 

+ MSSPs must move to a more flexible consumption model in both technology and services to ensure they can adapt to their customers’ needs, demands and changing IT use cases.  

+ SIEM has never been a nice to have BUT SIEM and SOAR have often been seen a cost prohibitive and resource hungry to implement. CrowdStrike NG-SIEM continues to strive toward simplification of this as well as reducing the overhead and burden. With their ecosystem of partners (Foundry) for the first time it is simple for AI and Automation to take real steps in protecting customers IT landscapes. 

+ Customers and MSSPs must be more cautious with RMM tools ensuring monitoring for unrecognisable tools and ensure correct configuration and security protocols for deployed toolsets.  

+ M-XDR, Phishing & Communication protection alongside a strong education programme are no longer cyber strategy items but MUST haves as a foundation for a Cyber Strategy.  

As a CrowdStrike partner we are often at the forefront of their developments, insights alongside our multi-vendor information feeds. Investment into attending such conferences can often be questioned based on such close working relationships already. However, the CrowdStrike event squashed those fears very quickly. The sheer amount of information, collaboration with key personnel and leadership alongside tangible market insights and advice made the event a must attend for me and my colleagues.  

Does this fit in with your Cyber Strategy?

If you want to know more or are interested in attending one of our upcoming events, speak to one of our experts today.

  • Craig McCann

    Craig McCann

    Cyber Sales Consultant - craig.mccann@duk.kyocera.com

  • Liam Ward

    Liam Ward

    Cyber Sales Consultant - liam.ward@duk.kyocera.com

Cookies and your privacy

We use essential cookies to make interactions with our website easy and effective, statistical cookies for us to better understand how our website is used and marketing cookies to tailor advertising for you. You can select your cookie preferences using the 'Preferences' button below, or select 'I agree' to continue with all cookies.

Cookie preferences

Field is required

We use cookies to make sure that our website is working properly or, occasionally, to provide a service on your request (such as managing your cookie preferences). These cookies are always active unless you set your browser to block them, which may prevent some parts of the website from working as expected.

Field is required

These cookies allow us to measure and improve the performance of our website.

Field is required

These cookies are only placed in case you give your consent. We use Marketing cookies to follow how you click and visit our websites in order to show you content based on your interests and to show you personalised advertisement. Currently you do not accept these cookies. Please check this box if you would like to.