ExtraHop and CrowdStrike have achieved “partnership nirvana” by seamlessly integrating their platforms and giving customers unparalleled visibility into cyberthreats, said Daniel Bernard, Chief Business Officer at CrowdStrike, during a conversation with ExtraHop CEO Patrick Dennis at the Fal.Con Investor Day briefing.
ExtraHop was one of three partners that CrowdStrike invited to speak at its investor presentation. Meanwhile, 175 other CrowdStrike partners were exhibiting inside Caesars Palace. CrowdStrike asked Dennis to join Bernard on stage so that they could describe how the two companies have deepened their technology integration partnership to become “a go-to-market force” ready to take on legacy SIEM providers.
Bernard noted that the network-level visibility and detection capabilities provided by Reveal(x) is a strong fit with the XDR and SIEM tools provided by CrowdStrike.
“There’s customer demand for the technology that we have together,” Bernard said. “We make integration so easy.”
Indeed, earlier at Fal.Con, Dennis showed a customer how to fully integrate Reveal(x) and CrowdStrike FalconⓇ in four button clicks. The long-term technology and go-to-market partnership between the two companies, with a focus on sharing data and ease of use, is driven by customer demand to use the two products together, he told Bernard.
The partnership “speaks to the necessity to marry up endpoint data with network data,” Dennis said. “When we take all the great products that CrowdStrike has to offer and integrate them deeply with what we’re doing in the network, our customers see amazing outcomes.”
Feeding Network Data into LogScale
The integration of Falcon LogScale with Reveal(x) allows customers to join their NDR telemetry with their XDR data and achieve deeper visibility when identifying and responding to threats. This integration has helped customers using both Reveal(x) and Falcon combine rich network telemetry with other security logs, increasing accuracy and reliability for analysts.
During the conversation, Dennis said Reveal(x) customers can use the Falcon LogScale SIEM for storing network metadata. “We get a bunch of network information, and we have to go put that network information somewhere,” Dennis said. Reveal(x) can migrate that network data into LogScale to support a “single source of truth” for security logs.
ExtraHop currently collects more than 10 petabytes of network metadata per month, with the number headed toward 20 petabytes, Dennis said. Adding just some of that information to LogScale “will be an amazing way to mash up” data and provide extended detection and response (XDR) capabilities, he said.
The integration between Reveal(x) and LogScale is important because the SIEM marketplace is ripe for disruption, Bernard said. And with Cisco recently announcing its intent to purchase Splunk, that disruption could already be starting. Organizations are looking for next-generation SIEM products that give them better, more contextual threat information through unified log management, machine learning, and threat intelligence data.
Dennis agreed, saying many ExtraHop customers are dissatisfied with their current SIEM tools. They’re looking for broader XDR benefits while cutting SIEM costs, and the time is right for next-generation SIEM tools to leap ahead of the competition, he said.
Moving Fast, Focused on the Customer
Also during Fal.Con, ExtraHop described how it will integrate the world-class CrowdStrike FalconⓇ Intelligence service into Reveal(x) as an out-of-the box service for all customers. ExtraHop conducted a thorough evaluation of numerous threat intelligence services, and CrowdStrike came out as the clear leader, Dennis said.
CrowdStrike also announced it is deploying Reveal(x) as part of its Services offering and making Reveal(x) available in its newly launched CrowdStrike Marketplace, a one-stop destination for top security products.
Dennis sees the partnership as a natural fit because the two companies have the same values, he said. He saw great camaraderie between the two engineering teams as they worked together to integrate LogScale into Reveal(x).
“We love going fast, we’re incredibly customer-centric, and we want to have an outsized impact,” Dennis told Bernard. “When I think about the partners that want those same things, that’s your DNA, and it really makes it easy for the teams to work together.”
View the CrowdStrike investor briefing here. The conversation between Dennis and Bernard begins at about 1:49:07.