CrowdStrike announced it is opening its Falcon cloud-based platform for providing endpoint security to developers of complementary third-party applications.
Amol Kulkarni, senior vice president of engineering for CrowdStrike, said the company is making available the same platform-as-a-service (PaaS) environment it built on top of a graph database, as part of an effort to create a broader cybersecurity ecosystem. Third-party developers also will be able to employ a CrowdStrike Store to market applications that share the same graphical interface as CrowdStrike to an existing installed base of customers, Kulkarni said.
Developers of applications that take advantage of the platform will also be able to take advantage of the same agent software that CrowdStrike deploys to drive its service, as well as the anonymized data collected by the company’s cloud service. Those two capabilities solve two critical challenges that now face developers of cybersecurity applications, said Kulkarni.
The first is resistance from IT organizations that don’t want to deploy any additional agent software in their environments. Many enterprise IT organizations today are running so many different classes of agent software on their endpoints that they now have rules that prohibit additional agents from being deployed on endpoints without removing at least one existing agent, he said.
The second major hurdle developers of cybersecurity applications now face is collecting enough data to drive artificial intelligence (AI) models. Kulkarni said CrowdStrike will provide partners with access to the endpoint data required to drive those AI models.
The core Falcon platform already provides antivirus (AV), endpoint detection and response (EDR), threat intelligence and managed threat hunting capabilities that CrowdStrike is now looking to extend via third-party partnerships.
Existing partners participating in the CrowdStrike ecosystem include Interset, a provider of user entity behavioral analytics (EUBA) software, and Truefort, a provider tools for discovering and mapping enterprise applications.
It remains to be seen how large an ecosystem CrowdStrike will be able to build on its platform. Kulkarni said CrowdStrike is deliberating copying the same business model Salesforce built around a customer relationship management (CRM) platform to build an ecosystem around an existing portfolio of software-as-a-service (SaaS) applications that address cybersecurity. CrowdStrike Falcon is already correlating more than 1 trillion security events a week from across the globe, which can provide a much-needed level of critical mass for next-generation cybersecurity AI applications.
In fact, the need to achieve that critical mass is already driving a wave of mergers and acquisitions across the cybersecurity landscape. The CrowdStrike approach, however, is intended to make it possible for many independent companies to flourish as “satellites” of larger vendor. That vendor then may decide to acquire or continue to partner with those third-party vendors as circumstances dictate.
In all probability, most large cybersecurity vendors soon will be looking to expand the size of their ecosystem by exposing open application programming interfaces (APIs) as well. For many organizations decisions concerning what cybersecurity vendor to rely on going forward soon may have as much to do with the size of the ecosystem that surrounds that vendor as much as it does the capabilities of the core cybersecurity platform they have developed.