Encore Capital Group Uses Falcon Flex to Consolidate Six Security Tools into One Platform

When Konrad Fellmann joined Encore Capital Group® as CISO, he saw a fast-growing global financial services firm grappling with complexity in its security stack. Separate EDR, MDR, and SIEM solutions forced analysts to juggle multiple consoles, slowing investigations and clouding visibility across regions. 

Within months, Fellmann replaced them all with the CrowdStrike Falcon® platform — a single-sensor, single-console foundation that would transform Encore’s security operations.

“We went all in right from the beginning,” Fellmann said. “We consolidated three solutions immediately, and over the next two years we’ll consolidate three more. I’ll be paying less two years from now than I paid this year, and we’ll have a more capable platform.”

The impact was clear from the start. Searches that once took 30 minutes now run in seconds. Auditors and regulators can access reports on-demand. And a global security team is now united around a common source of truth.

Fellmann’s first move as CISO was to listen. “I interviewed all of the team just to see what their struggles were,” he said. “As we looked across EDR, MDR, and SIEM, we had three different solutions, but multiple consoles for each because of our global operations.” 

Furthermore, the company was strategically advancing its security posture in key areas like cloud, identity, and exposure management — striving for deeper visibility and more efficiency.

Having used CrowdStrike successfully at his previous company, Fellmann knew where to start. “I’ve been a CrowdStrike customer for seven years and love the platform,” he said.

When Encore’s contract renewals aligned, he saw an opportunity to consolidate three expiring tools immediately and evaluate additional modules through a proof of concept. “We had separate EDR, MDR, and SIEM solutions coming up for renewal,” he said. “CrowdStrike was the only platform that could replace them all, and add new capabilities we didn’t have before.”

Falcon Flex licensing made it possible to unify fast. Flex is a usage-based licensing program that lets customers purchase platform credits upfront and allocate them across products as needs evolve. This flexible structure let Fellmann stay on budget while expanding the initial rollout to include other protections. 

“Initially, we weren’t going to roll out identity,” he said. “If it wasn’t for the Flex package, I wouldn’t have been able to get that solution in place.”

Replacing Encore’s legacy SIEM was one of the team’s top priorities, and CrowdStrike Falcon® Next-Gen SIEM delivered instant results. “No more goofy queries and poking around,” Fellmann said. “It was very intuitive for the team to learn. We weren’t worried about getting all the right data in … it was just there and it worked.”

The difference was measurable. Searches that had taken half an hour in the old tool were now “almost instant,” he said. Built-in dashboards automate evidence collection and compliance reporting, reducing the burden on teams managing audits across the U.S., U.K., Spain and France. 

“It’s easy to pull up evidence for different audits,” Fellmann said. “We can automate dashboards and reports instead of doing them manually, which will drive a lot of efficiency within the team.”

With case management now live inside Falcon Next-Gen SIEM, Encore plans to retire its existing SOAR and move to CrowdStrike Falcon® Fusion, keeping automation and orchestration on the same platform as detection and response. 

“We’re going to replace our SOAR and vulnerability management solutions,” Fellmann said. “Having those capabilities in the Falcon platform just makes sense.”

Encore operates across Azure, AWS, Microsoft 365, and dozens of SaaS applications. Before CrowdStrike Falcon® Cloud Security, the team had limited insight into how those environments were configured, and it required a lot of manual effort. 

“In a matter of just a few steps … connecting some APIs and throwing in credentials … we got an amazing amount of visibility into all our cloud solutions,” Fellmann said. “We needed to wrap our arms around that, and get better visibility and protection at the same time.”

That visibility is helping Encore strengthen its regulatory posture while accelerating its cloud transformation. “It was time intensive to figure out whether things were configured properly or secure,” Fellmann said. “Now we can see configuration details instantly and start addressing them.”

Identity protection quickly followed. CrowdStrike Falcon® Identity Protection has helped Encore modernize authentication and policy management to protect more than 10,000 accounts at a time when identities are popular targets. 

“We want to see how identities are being used and if they’re being abused,” he said. “The risk-based approach and the ability to trigger MFA in one solution is powerful.” 

On the vulnerability management side, CrowdStrike Falcon® Exposure Management replaces periodic scanning with real-time visibility and prioritization. “Exposure management has been great for holistic visibility of our vulnerabilities and our attack surface,” Fellmann said. “Having vulnerability data that’s always current means we won’t have to schedule scans anymore … we can act immediately.”

Bringing CrowdStrike to Encore didn’t just unify technology, it unified people. Thirty team members across North America and Europe now collaborate in a single console, sharing dashboards, findings, and enthusiasm. 

“I discover something new every time I go into the tool,” Fellmann said. “CrowdStrike’s innovation keeps raising the bar. Having this for my team puts our organization in a better spot. We have a better capability to protect ourselves.”

The transformation has also given Fellmann time to focus on strategic work. “I don’t have to worry about how our EDR is doing or how our MDR is functioning,” he said. “I can focus on driving improvements for the business. I have full confidence that we’re protected.”