Straumann Group Automates 80% of Security Workflows with CrowdStrike

80% of Straumann Group’s security operations now flow through automated workflows. For a global healthcare and MedTech organization supporting 13,000 internal users across cloud platforms, SaaS applications, and manufacturing sites, this shift represents a deliberate redesign of how security operates.

Headquartered in Switzerland, Straumann protects highly regulated patient data and valuable intellectual property across a distributed environment that includes corporate IT, multicloud infrastructure, SaaS services, and production sites filled with sensors, robotics, and connected devices. Managing that complexity with fragmented security tools had become unsustainable.

By consolidating on the AI-native CrowdStrike Falcon® cybersecurity platform — integrating endpoint, identity, cloud, XIoT, and next-gen SIEM capabilities — Straumann centralized telemetry, improved protection, and embedded automation at scale. This set the foundation for an agentic SOC, where security workflows operate as code, AI augments human expertise, and oversight remains firmly in control.

Here’s the story of how Straumann replaced siloed tools with a unified security platform and built a scalable security program designed for the AI era.

Like many enterprises, Straumann’s security program evolved over time through point solutions.

“We started with a very fragmented, siloed security program,” said Carlos Valderrama, Global Head of Security Operations at Straumann Group. “We had different tools covering specific areas, and trying to integrate them was really challenging.”

As the organization expanded globally and increased its reliance on cloud and SaaS technologies, the integration burden grew. Visibility gaps, operational overhead, and manual correlation slowed response and made consistent enforcement difficult across regions.

Straumann made a strategic decision to consolidate onto the unified Falcon platform. The initial deployment focused on endpoint security to establish organization-wide visibility and enforce prevention and response policies. Once EDR coverage was stable, the company extended into identity protection, cloud security, SIEM, and SaaS protection. 

“We found a strong potential in having one centralized platform where we could leverage our security program at scale,” Valderrama said. The Falcon platform’s single-agent architecture and integrated modules allowed Straumann to retire multiple siloed tools and reduce operational friction.

As Straumann’s infrastructure evolved, traditional network boundaries became less relevant. Users accessed systems from different geographies, devices, and cloud environments. Manufacturing systems and SaaS platforms were tightly integrated with core operations. Identity became the consistent control point across all of it.

“Our program is identity-based and data centric,” Valderrama said. “Managing and controlling identity is the real perimeter.”

CrowdStrike Falcon® Next-Gen Identity Security provides coverage across on-premises Active Directory environments, cloud-based identity platforms, and SaaS applications. It also addresses one of the most difficult areas in modern enterprises: non-human identities.

Non-human accounts in production environments can directly impact manufacturing output if compromised. Straumann implemented granular, policy-based controls and behavioral detection for both human and non-human identities, which allowed the security team to detect deviations from normal behavior at scale.

By shifting to an identity-centric model, Straumann aligned security policy with how the business actually operates. Instead of relying solely on network segmentation, the company enforces control based on who or what is accessing resources, regardless of location.

Falcon Next-Gen SIEM became the central nervous system of the company’s SOC. “Next-gen SIEM is the tip of the pyramid for us,” Valderrama said. “It’s our central brain for cross correlation.”

By unifying security telemetry from endpoint, identity, cloud, and SaaS sources, Straumann gained a consistent, cross-domain view of activity. The real impact, however, came from automation. “The key value we started getting was automation,” Valderrama said.

Straumann integrated Falcon Next-Gen SIEM with CrowdStrike Falcon® Fusion SOAR to convert detections into structured, automated workflows. Instead of relying on manual triage and ad hoc scripts, the team codified response processes and embedded them directly into playbooks.

“Right now, around 80% of our operations are landing in Fusion SOAR,” Valderrama noted.

This level of automation enables Straumann to accelerate response across global sites, close identified coverage gaps, and scale security operations as the business grows. Valderrama describes the approach as “security as code,” reflecting the team’s effort to treat workflows as version-controlled, repeatable components rather than one-off tasks.

The automation-first model is especially important in manufacturing environments, where production pressure amplifies risk. The Falcon platform’s coverage extends into production sites with CrowdStrike Falcon® for XIoT, which helps secure endpoints, identity interactions, and data flows across cameras, sensors, and robotics. Centralized correlation and automated workflows allow the SOC to manage both corporate and operational technology environments within a unified framework.

Beyond operational metrics, consolidation changed how Straumann’s security leadership allocates time and attention.

“I can rely on CrowdStrike for the operational components,” Valderrama said. “That allows me to focus more on the strategic part of the organization.”

With endpoint, identity, cloud, and SIEM capabilities integrated on a single platform, the team spends less time managing tools and more time aligning security strategy with business objectives. Protecting patient data and intellectual property remains the priority, but the means of achieving it are now consistent and scalable.

Straumann is also incorporating AI carefully and pragmatically. CrowdStrike Charlotte AI supports automation efforts and helps identify potential gaps, but always within the framework of trusted data and defined workflows.

“AI is a fantastic technology, but it starts with data,” Valderrama concluded. “We want to use AI for automation. Our program is based on automation for scalability.”

By consolidating on the Falcon platform, making identity the central control plane, and routing the majority of operations through automated workflows, Straumann has set the foundation for agentic SOC transformation without sacrificing oversight.