HEUKING Improves Visibility with CrowdStrike Falcon® Next-Gen SIEM

With over 400 attorneys, tax advisors, and notaries across eight locations in Germany, HEUKING is one of the largest commercial law firms in the country. The firm’s legal expertise spans from mid-sized companies, both domestic and international, to large multinational corporations, including publicly traded enterprises, covering all areas of business law.

As a firm with approximately 1,200 employees, protecting sensitive data — such as confidential client information and legal documents — is a top priority for HEUKING. As a result, data protection and IT security play a central role in the firm’s operations.

In 2021, HEUKING decided to enhance its security posture in collaboration with the experts at CrowdStrike, implementing modern protections for endpoint, identity, and data security from the AI-native CrowdStrike Falcon® cybersecurity platform, along with 24/7 managed detection and response from CrowdStrike Falcon® Complete Next-Gen MDR.

Mathias Espeloer, IT Director at HEUKING, sees staying ahead of the increasingly complex threat landscape as the biggest challenge in IT security. This is essential to maintaining client trust and ensuring the integrity of the firm.

"We recognized early on that a traditional setup with signature-based antivirus solutions was outdated. What we needed was a modern and innovative platform that would provide comprehensive visibility at a glance while protecting against a wide range of threats, including advanced identity-based attacks," explains Espeloer.

From the first independent test in a dedicated environment, HEUKING was impressed with the Falcon platform. During this phase, HEUKING’s IT team interacted with members of CrowdStrike’s SOC team, gaining firsthand insights into real-world operations.

"It was crucial for us to evaluate the effectiveness of communication and alerting mechanisms. We conducted tests to assess alarm response times, communication workflows, and even simulated a real-world penetration test with isolation procedures. At the time, only CrowdStrike was able to support a test of this scope. Ultimately, CrowdStrike convinced us both technically and with its single-agent approach, powered by AI-driven security," Espeloer said.

Rollout of the Falcon platform via its lightweight agent was swift and seamless. Within days, HEUKING transitioned smoothly to the Falcon platform, deploying CrowdStrike Falcon Spotlight™ and CrowdStrike Falcon® Insight for endpoint detection and response across its 1,500 endpoints, managed by Falcon Complete Next-Gen MDR .

CrowdStrike’s MDR service has significantly optimized HEUKING’s IT security operations, enabling a shift toward risk-based, AI-driven alerts. Additionally, with Falcon Complete Next-Gen MDR, the team has become more efficient and gained a strategic partner in combating modern threats.

"Cybersecurity is a 24/7 responsibility, 365 days a year. Knowing that CrowdStrike’s security experts are always by our side is invaluable. With CrowdStrike’s modular platform and MDR service, we have elevated our security posture to a new level," said Espeloer.

Without CrowdStrike’s MDR support, Espeloer would require significantly more IT specialists with highly focused expertise. By leveraging CrowdStrike’s services, HEUKING can allocate internal resources more effectively and focus on areas such as patch management, vulnerability management, and access control to continuously enhance security.

"Our visibility into IT infrastructure has vastly improved with the Falcon agent. The Falcon console consolidates all events in a clear and structured manner, helping us better understand system interactions and dependencies," notes Espeloer.

As part of its security modernization efforts, HEUKING reached another milestone in 2023 by strategically expanding its use of the Falcon platform with CrowdStrike Falcon® Identity Protection.

"As a law firm, we handle countless sensitive documents. With identity becoming a prime target for attackers, it was essential for us to enhance protection in this area. Traditional tools struggle to detect identity-based attacks, and analyzing them is often time-consuming. The integration of Falcon Identity Protection provides us with a time advantage and helps enforce IT policies based on individual identity, behavioral, and risk analyses," explains Espeloer.

A key operational advantage of this module is its automatic activation of multi-factor authentication (MFA) for administrative access, making it significantly harder for attackers to infiltrate systems at any stage of an attack.

Since adopting CrowdStrike, HEUKING has further consolidated on the Falcon platform with additional modules, including CrowdStrike Falcon® LogScale™ to enhance log management and compliance processes. Falcon LogScale was selected for its user-friendly visualization, speed, pre-configured parsers, and seamless SOAR integration.

HEUKING has also implemented CrowdStrike Falcon® Data Protection and CrowdStrike Falcon® Exposure Management, strengthening its security framework. Falcon Data Protection safeguards critical data against insider threats and attackers, ensuring endpoint security where risk and productivity intersect. Meanwhile, Falcon Exposure Management helps HEUKING mitigate risk by providing complete asset visibility and real-time threat assessments using its existing Falcon agent.

"Point solutions do not work for us — we need full visibility with user-friendly management. Consolidating security on the Falcon platform allows us to address our unique security needs from a single, centralized interface. We can create custom dashboards, conduct tailored analyses, and quickly determine appropriate responses to incidents. Additionally, we can easily test new modules within our environment to assess their value. Over the past few years, we have significantly enhanced our cyber resilience," says Espeloer.

By consolidating on the Falcon platform, HEUKING has strengthened corporate security while reducing complexity and manual workloads that previously consumed substantial IT resources.

"With CrowdStrike, we have found a security partner that helps us detect and counteract current threats while providing a platform architecture that enables rapid responses to future threats. Building a strong, collaborative, and trusted partnership is essential for us, and that’s exactly what we have with CrowdStrike." concludes Espeloer.