CrowdStrike held its Fal.Con 2025 convention at a brand new location — the MGM Grand in Las Vegas through the week of September 15. The occasion attracted over 8,000 attendees – a 30% enhance from final yr – and greater than 100 sponsors. The expansion is indicative of CrowdStrike’s development as a safety platform supplier and its deal with rising its group of practitioners.
As may be anticipated of a cybersecurity vendor occasion in 2025, AI dominated. In reality, “AI” was the primary phrase uttered through the voiceover for the keynote opener and was oft-repeated all through the occasion, underscoring the emphasis CrowdStrike is inserting on its AI prowess.
Our highlights and takeaways from Fal.con 2025 comply with.
Two Acquisitions To Improve Its Platform And Consolidation Story
Demonstrating that it has moved removed from solely being solely an endpoint vendor, CrowdStrike emphasised itself as a safety platform supplier all through the occasion. Its acquisition bulletins added to this as the seller added to its rising capabilities, offering extra context concerning the Onum acquisition introduced simply earlier than Fal.con and introduced a brand-new acquisition: Pangea.
Onum introduces new knowledge pipeline administration functionality for CrowdStrike. Given the evolving nature, velocity, and quantity of threats, sending logs to a central platform for detection is now not scalable. The objective now could be to shift detection nearer to the info supply, even for third-party knowledge. Integrating Onum could compete with or substitute the present Crowdstream service, and CrowdStrike stays partnered with Cribl (one of many occasion sponsors). Shoppers ought to see how CrowdStrike integrates Onum’s capabilities into its platform as you construct your safety knowledge pipeline administration technique.
Pangea focuses on AI safety governance in visibility, detection, and response. It’s broader purpose is agent explainability and auditability consistent with Forrester’s AEGIS framework. Pangea’s monitoring and PII detection options complement Falcon Knowledge Safety, which emphasizes detecting and responding to adversarial assaults, GenAI misuse, and insider danger over conventional DLP approaches. AI safety will solely enhance in significance as its use will increase and adversaries goal these methods, so CrowdStrike clients ought to control how rapidly the seller makes new AI safety performance obtainable.
Enterprise Graph & Seven Brokers Unveiled: Shifting the Agentic SOC from Aspirational To Operational…In the future.
CrowdStrike launched its Agentic Safety Platform, an AI-based system combining endpoint, id, cloud, and risk intelligence right into a real-time enterprise graph. The platform options seven AI brokers: Malware Evaluation, Hunt, Publicity Prioritization, Search Evaluation, Correlation Rule Era, Knowledge Transformation, and Workflow Era. These brokers are designed to automate duties that beforehand required hours for human analysts to carry out.
These brokers do greater than merely help, they act. They’ll rapidly reverse-engineer malware, spot threats, prioritize dangers, and ship insights. The brokers additionally embody an explainability layer for workflow oversight. Nevertheless, they aren’t autonomous now, and it will likely be years earlier than we get anyplace close to that. In the course of the opening keynote George Kurtz used the instance of the levels of autonomous automobiles – which is able to change into essentially the most often used instance in cybersecurity in 2025 and 2026 – for the transition from one degree to the following over time.
CrowdStrike introduced a future the place human employees supervise AI workflows by: 1) validating outputs 2) governing deployment and three) assuring right actions are taken. Charlotte AI AgentWorks lets groups construct customized brokers with out code with simplified workflow instruments.
In his day one keynote, CEO George Kurtz said that attaining Safety AGI (Synthetic Normal Intelligence) is CrowdStrike’s aspirational vacation spot.
AI and brokers are right here at the moment and able to deploy whereas absolutely agentic and autonomous methods stay longer-term visions. Now could be the time to begin integrating these capabilities in your SOC, whereas keeping track of vendor developments. New capabilities are rising at an astonishing tempo.
SOC Analysts Are Elevated – However Solely The Ones With Expertise
CrowdStrike famous that mid to senior analysts will stay very important in AI SOCs, overseeing agent orchestration and deciphering outputs. CEO George Kurtz, said that safety groups, leaders would be the “human conscience of cyber protection.” Nonetheless, the unstated fact hung within the air on the MGM Grand — fewer practitioners shall be required, particularly these in conventional L1 SOC roles.
Whereas demand for conventional Degree 1 roles could decline, competitors for knowledgeable SecOps and IR professionals is predicted to extend, creating an expertise chasm not simply crossed with out deliberate thought and planning on the a part of safety leaders. Begin constructing a bench now and domesticate early profession expertise by refining recruitment processes and offering hands-on ability and expertise acquisition alternatives.
Shifting From Visibility To Motion
Visibility was all the fashion at Fal.Con 2024 with AI generated parsers, enchancment to Analyst Expertise, and integrations with cloud suppliers. However Fal.Con 2025 shifted the main target to implementation and motion. Past the foremost bulletins, such because the unified knowledge layer and AI brokers, CrowdStrike launched a essential element: the Agentic Gateway. This bi-directional interface permits Charlotte AI to securely entry third-party knowledge sources, advancing end-to-end AI implementation for customers in a safe method.
On the operations entrance, CrowdStrike launched the Adversary Technique Program. This unifies operations, providers, and R&D to remove silos in knowledge entry, assets, and experience to bolster and streamline their incident response capabilities.
On day 3, CTO Elia Zaitsev unveiled APEX (Anomalous Course of Execution), a brand new classifier in CrowdStrike’s AI-powered Indicators of Assault (IoA) mannequin household, which reportedly detects malicious exercise in official processes with a 99.95% true optimistic fee, which was validated by over 32,000 alerts from 700 clients.
Home windows Agent Enhancements
Chief Know-how Innovation Officer Alex Ionescu described enhancements to the Home windows endpoint agent to higher make the most of native assets to hurry detection and response domestically earlier than sending intel to the cloud for overview. He additionally outlined CrowdStrike’s ongoing work to make it suitable with Microsoft’s in-development Home windows Endpoint Safety Platform and transfer the Falcon agent exterior the kernel. Prospects should hold CrowdStrike accountable to make sure that using extra native assets doesn’t negatively impression their endpoint’s efficiency.
Pushing Into The IoT/OT Safety Area
By means of a number of periods, CrowdStrike confirmed its efforts to guard IoT and OT units. The seller has had some success inside OT environments with its conventional Falcon endpoint agent in addition to its separate XIoT module. CrowdStrike clients UPS and Land O’Lakes joined periods to debate how they’ve employed CrowdStrike to guard their environments.
As an agent-based resolution, CrowdStrike has some limitations deploying in some OT environments. Till extra OT distributors validate and certify the Falcon agent to run on their endpoints, CrowdStrike’s progress on this area shall be sluggish. Prospects wanting to make use of CrowdStrike for IoT/OT safety ought to validate the seller is licensed to work with their currently-deployed applied sciences.
Knowledge Safety Capabilities On The Rise
CrowdStrike introduced updates to Falcon Knowledge Safety and Falcon Subsequent-Gen Id Safety, together with beta releases and early entry options. Highlights embody a shopper community inspection beta for monitoring knowledge flows and stopping unauthorized GenAI interactions, an Insider Threat dashboard that mixes safety and id knowledge, and early entry to Falcon Privileged Entry.
CrowdStrike Falcon Knowledge Safety and Falcon Subsequent-Gen Id Safety is not going to absolutely substitute conventional instruments – but. Nevertheless, organizations with considerations round GenAI use and insider danger ought to consider Falcon Knowledge Safety. CrowdStrike is positioned for continued growth within the areas of information and id safety controls.
Let’s Join
Forrester shoppers who’ve questions or want to talk about additional can e-book an inquiry or steering session with any of us.
Additionally, you may be part of us in individual on the Forrester Safety & Threat Summit from November 5th to 7th in Austin, TX. The occasion is filled with visionary keynotes, informative breakout periods, interactive workshops, insightful roundtables, and different particular packages.
