Security Gamechangers: CrowdStrike’s AI-Native SOC & Next Gen SIEM Take Center Stage at RSAC 2025
CrowdStrike introduced several enhancements to its Falcon cybersecurity platform and Falcon Next-Gen SIEM at the RSA Conference 2025, highlighting artificial intelligence, managed threat hunting and operational efficiencies aimed at transforming modern
CrowdStrike introduced several enhancements to its Falcon cybersecurity platform and Falcon Next-Gen SIEM at the RSA Conference 2025, highlighting artificial intelligence, managed threat hunting and operational efficiencies aimed at transforming modern Security Operations Centers (SOC). The company’s recent updates are designed to address both the growing complexity of enterprise security and the inefficiencies of legacy systems. I had the opportunity to sit down with Ajit Sancheti, general manager of Falcon Next-Gen SIEM at CrowdStrike, for an engaging discussion while on the ground at RSA. Sancheti explained that while CrowdStrike is widely known for endpoint detection and response and threat intelligence, the company has since expanded to include cloud security and identity protection. With the acquisition of Humio three years ago, CrowdStrike integrated a high-speed logging database into its platform. “Much of the data going into a SIEM already comes from CrowdStrike,” Sancheti said. “We replaced the former back end with our own LogScale technology, which allowed us to offer better retention, faster search and cost-effective data logging.” AI Integration Expands Detection and Response The Falcon platform’s Charlotte AI system includes new agentic capabilities to automate investigative and response processes, building on detection triage innovation. Charlotte AI was trained on decisions made by CrowdStrike’s Falcon Complete MDR analysts. The company reports an over 98% accuracy rate in alert triage.
New capabilities include: Agentic Response for automated root cause analysis Agentic Workflows for SOAR-based AI decision-making Identity Threat Triage for improved prioritization of identity alerts CrowdStrike also released AI Parsers last year, which automatically generate parsers from proprietary log samples. According to Sancheti, this helps organizations integrate data from custom applications without manual configuration, freeing up valuable human resources to focus on more proactive and innovative work.
Third-Party Threat Hunting Added to OverWatch CrowdStrike expanded Falcon Adversary OverWatch to include threat hunting across third-party data. The managed service now reviews logs from systems not covered by Falcon agents, including VPNs, email gateways and unmanaged devices. The service operates continuously and uses real-time telemetry from Falcon Next-Gen SIEM. New features include user and entity behavior analytics, integrated case management, and automated identity-based response. Sancheti said this capability is especially important for small or understaffed environments, such as healthcare facilities in rural areas. “Whether it’s a large enterprise or a small clinic in eastern Oregon, they’re protecting the same type of sensitive data and protecting the customers they serve. But smaller teams often lack dedicated security staff, so extending MDR services to third-party data gives them the coverage they need,” he said. “This includes mission-critical SOC services.” The company initially offered managed MDR for CrowdStrike-generated telemetry such as EDR, identity and cloud data. It has now extended those services to include third-party logs, creating a more complete security solution for organizations with complex environments. Translation: CrowdStrike now extends protection of digital supply chains beyond organizations’ own ecosystems to third-party ecosystems. A critical enhancement in an age where supply chain security (both digital and physical) is viewed by global critical infrastructure customers of all sizes as a must-have to do business. “Any third-party environments our customers work with are part of their digital supply chain,” Sancheti said. “Those relationships must be secured as well.” CrowdStrike NG-SIEM Modernizes the SOCPerformance Improvements and Cost Control Built on LogScale, Falcon Next-Gen SIEM supports ingestion of up to one petabyte of log data per day. CrowdStrike claims 150-times faster search performance compared to legacy SIEM platforms and up to 80% cost savings over three years. Huge returns on investment for all organizations, especially when every dollar counts. CrowdStrike does not charge customers for ingesting Falcon telemetry. Only third-party data incurs ingestion costs, and customers can set retention periods. Additionally, the platform includes built-in SOAR functionality. Sancheti cited a customer who saved $1 million annually after switching from a legacy SIEM solution. That customer’s security analyst was recognized by executive leadership for the transition and overall positive impact on the business. Cloud and AI Protection Extended Additional Falcon platform updates across Falcon Cloud Security and Falcon Data Protection include features to support organizations deploying AI models and operating across multi-cloud environments. These updates include: AI model scanning to detect “trojanized” and manipulated code Shadow AI detection and monitoring GenAI data leak prevention using similarity analysis eBPF-based monitoring for runtime cloud data protection The platform also includes Falcon Identity Protection access control improvements, such as just-in-time privilege assignment, a critical and foundational element for zero-trust security. Data Protection and Security Services The Falcon Data Protection suite now offers runtime protection across endpoints, macOS, cloud workloads and SaaS environments. Updates include encrypted file exfiltration detection, identity-based protections and SaaS threat response. CrowdStrike also launched Pulse Services, a set of modular engagements to help customers improve SOC operations, implement readiness strategies and manage enterprise risk. Final Thoughts CrowdStrike’s RSAC announcements underscore a broader strategic shift to position Falcon as an AI-native platform capable of serving as the core operating system for modern SOCs. Their Next Gen SIEM offering continues to impress with tight integration into the fabric of the Falcon platform, massive ROI and options for customers of all sizes. The company’s integrated approach aims to reduce operational complexity and improve time to detect and respond, while extending visibility across traditional, cloud and hybrid environments. Most importantly, though, CrowdStrike’s continued commitment and focus on being the top “mission first” technology and security partner versus another security SKU pusher is the reason I have always been an advocate. And in security, where every organization’s starting point and mission is different, relationships matter as much as the bits and bytes. CrowdStrike continues to be a game changer and leader in both regards!
About Author
