CrowdStrike Holdings Inc. was founded in 2011 as a cloud-native, single-agent security solution designed to “stop the breach, not just stop malware.”

Today, the company is a leading independent security firm with aspirations to become a generational platform. Its second-quarter financial results for the fiscal year 2023 showed annual recurring revenue over $2 billion and record net new subscriptions. And the evolution of its Falcon platform shows how CrowdStrike is attempting to solve security’s perennial problems and extend security beyond the endpoint.

The latest updates were on show during CrowdStrike’s Fal.Con 2022 event, which was marked by the announcement of Falcon LogScale and the addition of new third-party telemetry to Falcon Insight XDR, as well as energized by CrowdStrike’s active expansion of its partner ecosystem.

TheCUBE’s industry analysts Dave Vellante and David Nicholson were on the ground at Fal.Con 2022 reporting on the news and gaining first-person insights from the CrowdStrike community. (* Disclosure below.)

In case you missed “theCUBE @ Fal.Con 2022,” here are our top three takeaways from the event:

1) The ‘Crowd’ in CrowdStrike stands for crowdsourcing security.

Multiple analogies compare cybersecurity to fighting an ongoing battle. In war, countries form alliances to strengthen their stance by sharing information. CrowdStrike applies the same strategy to cybersecurity.

“It is a big circle where you’ve got human beings and intelligence and technology all working together to make the system smarter, to make the people smarter and make the customers safer,” Shawn Henry, president of the Services Division and chief security officer of CrowdStrike Holdings Inc., told theCUBE during the event.

The company is able to crowdsource threat information at scale, gathering 7 trillion events per week in its Threat Graph breach prevention engine to provide a comprehensive database of current attack vectors and vulnerabilities.

“That crowd gives what we call community immunity,” CrowdStrike Chief Executive Officer George Kurtz said during an interview with theCUBE. “We see all kinds of attacks across 176 different countries.”

Combining this holistic view of what’s happening in the threat landscape with artificial intelligence enables CrowdStrike to tell the difference between potential threats and actual threats and creates its current value proposition, according to Geoff Swaine, global vice president of cloud and tech ecosystems and program strategy at CrowdStrike.

“We’re taking all the data so we can see everything and then we pick what we want to review, rather than having to do the checkpoint approach of ‘Stop here, let me see your credentials,” he told theCUBE. “Because we have a full field of knowledge and information on what the device is doing and what the user is doing, we’re able to take the trust but verify style approach.”

Here’s theCUBE’s complete video interview with George Kurtz:

2) CrowdStrike is merging observability and security.

During Fal.Con 2022, CrowdStrike announced that it had rebranded Humio as Falcon LogScale, creating a product that Vellante called “their Splunk killer” in his analysis. The acquisition of real-time log management company Humio Inc. in 2021 has been instrumental in CrowdStrike building observability into its Falcon platform.

Event collection and asset visibility are the two areas of observability where CrowdStrike demonstrates its strength. Falcon LogScale provides event collection, and CrowdStrike’s endpoint agents bring oversight into what assets a company has and the potential vulnerabilities and performance weaknesses of each one.

“I thought the extension into observability was very interesting,” Nicholson said during theCUBE’s keynote analysis at Fal.Con 2022. “Over the years, there have been times when saying your infrastructure required an agent would have been a deal killer. CrowdStrike stuck to their guns because they knew the best way to deliver what they have is through an agent in the environment, and it has proven to be the right strategy.”

The acquisition of external attack surface management vendor Reposify Inc. was also announced during the event. The addition bolsters CrowdStrike’s already impressive threat intelligence portfolio and increases its ability to identify risks and stop breaches before the attacker has a chance to do damage to an organization.

“Data is the new currency that people trade in. So how do you identify and protect endpoints and workloads? How do you tie that together with identity, as well as understanding how you connect the dots and the data and where data flows? That’s been our focus, and we continue to deliver on that for customers,” Kurtz told theCUBE’s analysts.

Here’s Dave Vellante and David Nicholson’s complete analysis of Fal.Con 2022 during the day one keynote analysis:

3) XDR widens threat visibility across the entire landscape.

CrowdStrike made its fortunes as an endpoint detection and response vendor. But the security landscape has become more complex, and a comprehensive strategy requires a wider view. Enter extended detection and response, known by the acronym XDR.

CrowdStrike Falcon Insight XDR, announced during Fal.Con 2022 adds third-party telemetry data into Falcon Insight, uniting the company’s expanding partner ecosystem in the CrowdXDR Alliance and enabling threat data to be collected from previously siloed security tools.

“XDR is about first-party and third-party integration and making all of the telemetry work together,” CrowdStrike Chief Technology Officer Michael Sentonas told theCUBE during an interview at the event. He introduced Insight XDR during his keynote address at Fal.Con 2022, demonstrating how CrowdStrike is pulling in data from partners, including Zscaler, Proofpoint, Palo Alto Networks and Microsoft.

This means that CrowdStrike’s crowdsourcing capabilities have expanded, increasing its ability to pinpoint newly recurring threat patterns and identify vulnerabilities. But XDR is about including more than uniting first- and third-party data, according to Sentonas.

“There’s a lot of marketing in the industry with XDR, so we’ve been talking a lot about what it means, the benefit that it provides from a technology perspective [and] what you need in the architecture,” he told theCUBE. “We firmly believe it is a philosophy, and we build all our technology to work together.”

Sentonas demonstrated the lack of consensus over the meaning of XDR with a “man on the street” video during his keynote, where people were asked to give their personal understanding of the term. The best response was “a holistic approach to end-point security,” according to Vellante. “It’s really an evolution of EDR.” 

The area protected under XDR includes not only assets contained within the distributed computing landscape of cloud, edge and data center, but the physical environment in which the hardware resides. The widest definition of XDR, therefore, includes the employees as part of the threat landscape and includes protection from social engineering.

“There’s no real perimeter. The network expands into the physical space,” Henry said. “If you don’t protect the server room and somebody can walk in because the door’s unlocked, you’ve got a vulnerability that might be exploited.”

Here’s theCUBE’s complete video interview with Michael Sentonas:

To watch more of theCUBE’s coverage of “theCUBE @ Fal.Con 2022,” here’s our complete event video playlist:

(* Disclosure: TheCUBE is a paid media partner for the “theCUBE @ Fal.Con 2022″ event. Neither CrowdStrike, the main sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Image: SiliconANGLE