Rajah & Tann Asia Secures Cross-Border Legal Operations with CrowdStrike Falcon Complete

Rajah & Tann Asia (RTA) is Southeast Asia’s largest network of  law firms with regional offices in China and firms across ASEAN in a total of 10 countries. Each firm is independently owned and governed yet deeply integrated in practice, with data regularly exchanged between jurisdictions.

While this federated model is a business necessity, it also introduces greater security risks.

“We’re constantly exchanging data between network member firms,” explained Konrads Klints, CISO at RTA. “If even one office is compromised, it may impact everyone else.” 

RTA faced constant phishing attacks and the threat of ransomware. RTA also has a fundamental obligation to keep its client’s data and confidential information protected against internal and external threats. Yet, the outsourced SOC providers it relied on delivered only limited alerts, rather than action. For Klints, that model was no longer acceptable. That’s when he turned to CrowdStrike.

At RTA, even the smallest security incident could trigger a regulatory disclosure or erode client trust. “Risk management for us is like carrying a bomb you hope doesn’t explode,” said Klints. “Any breach — even a single compromised mailbox — could have a massive impact.”

To eliminate that constant pressure, most of RTA adopted CrowdStrike Falcon® Complete Next-Gen MDR, gaining 24/7 managed detection and response from CrowdStrike experts. The service not only detects threats; it triages, investigates, and stops them in real time. Falcon Complete Next-Gen MDR replaced RTA’s legacy, alert-only SOCs and delivered the expert-driven remediation capabilities the team needed.

“CrowdStrike was the only logical choice,” said Klints. “In ASEAN, it’s rare to find a managed service that doesn’t just send alerts and ask ‘please confirm with the user.' Falcon Complete actually investigates and takes action, even when we’re asleep.”

The Falcon Complete team harnesses the Falcon platform to detect threats across the entire attack surface, taking rapid, decisive action to contain hosts, remove malicious files, and block compromised accounts. It has already neutralized several attacks, including Trojan-laced downloads, social engineering attempts using fake captchas, and identity-based compromise attempts.

“We were missing that investigative layer,” said Klints. “Now, if CrowdStrike says it looks bad, I trust them to block threats before they become disasters.”

CrowdStrike’s cloud-based architecture and managed service model were a natural fit for RTA’s environment, especially as the cybersecurity maturity varies across ASEAN countries. RTA was able to extend consistent protection without needing additional infrastructure or security personnel on the ground.

“CrowdStrike closed the gap we had in security capability,” said Klints. “That’s also protecting our business as we grow in emerging economies across the region.”

RTA leveraged CrowdStrike Falcon® platform capabilities to fortify its cybersecurity posture, licensing a broad suite of CrowdStrike solutions across endpoint, identity and SIEM. Deploying these tools from the unified Falcon platform provides superior protection without tool sprawl or complex coordination. 

By using Falcon Complete Next-Gen MDR to manage these tools, RTA gets outsized impact from its internal security team. “I didn’t go out and buy a platform, I bought a service that came with it,” said Klints. “It would have been delusional to think we could pull it off alone.” 

Each of these Falcon platform modules contributes unique value to RTA’s defensive capabilities. Falcon Identity Protection is used to surface suspicious logins, enforce privileged access policies, and eliminate risky account behavior, such as human use of machine-to-machine service accounts. Identity protection now fuels broader internal conversations around policy enforcement and IT best practices.

“It gives me insight into areas where we can do better … things I couldn’t see before,” said Klints. “I don’t try to solve security problems with security tools. I use security visibility to anticipate issues and intervene before they become problems.”

Meanwhile, Falcon Next-Gen SIEM provides critical context by ingesting third-party telemetry, including Microsoft identity signals, into a single view. Falcon Complete analysts perform correlation and triage, allowing RTA to focus on action rather than interpretation.

“Before, I’d get an alert saying a user logged in from France and be told to figure it out,” said Klints. “Now, CrowdStrike tells me what’s happening, what it means, and what to do. Falcon Complete is never silenced on weekends — that’s how much I trust it.”

The results speak for themselves: fewer alerts, faster action, and peace of mind. With CrowdStrike handling the heavy lifting, Klints is free to focus on business alignment, security modernization, and guiding policy across a complex legal network.

“I don’t have to think about classic ransomware attacks anymore,” he said. 

That’s the power of CrowdStrike in ASEAN: real-time protection, simplified operations, and the confidence to move forward — no matter how distributed the organization or how ambitious the security agenda.