How salutec Built a Scalable MDR Business With Falcon Complete for Service Providers

salutec, a Germany-based managed service provider, built a high-growth managed detection and response (MDR) business using CrowdStrike Falcon® Complete Next-Gen MDR via the Falcon Complete for Service Providers program. The partnership gave salutec a scalable foundation to deliver enterprise-grade security outcomes to customers without building a security operations center of its own.

“We scaled dramatically,” said Marvin Schaumann, senior cybersecurity consultant at salutec. “It couldn’t have been possible without CrowdStrike.”

That confidence was reinforced early in the partnership, when CrowdStrike detected a fileless attack during a customer rollout — activity that 10+ existing security tools had failed to detect. The incident became a clear proof point for salutec, as it showed how modern threats could bypass traditional defenses and why outcome-driven MDR mattered.

That realization reshaped the business. With CrowdStrike, salutec grew its cybersecurity revenue nearly 10x over five years, while operating with a team of 14 and helping secure more than 20,000 endpoints across customer environments. It also gave salutec a repeatable MDR operating model that scales without proportional headcount growth.

salutec’s experience reflects a broader shift across the MSP and MSSP market. Customer expectations for managed security have risen sharply as attacks become faster, more complex, and more identity-driven. Organizations want more than alerts or dashboards. They expect rapid detection, decisive remediation, and coverage that extends beyond endpoints into identity, cloud, and third-party systems.

Internally, salutec was constrained by a fragmented security stack. “We had a tools problem,” Schaumann explained. “We had separate systems for firewall, endpoint, identity, and so on. Each of them solved a piece of the puzzle, but it created chaos when we tried to connect it all together.”

That fragmentation slowed investigations, increased analyst effort, and limited automation — making it harder to respond quickly and scale operations. Correlating activity across tools took time, and meaningful context often required manual effort. As customer environments grew more complex, those limitations became harder to ignore.

salutec also examined what it would take to build MDR in-house. Delivering around-the-clock detection and response meant hiring specialized analysts, providing continuous training, and operating a 24/7 SOC. After evaluating the cost and feasibility, the conclusion was clear. 

“We calculated and discussed it internally, and it became clear that building our own SOC wasn’t feasible,” Schaumann said. “It’s extremely tough to find educated people who really know threat hunting and remediation. And if you want to scale your business, hiring more and more of these people just isn’t an option.”

salutec needed a way to meet rising customer expectations without locking the business into a costly, rigid operating model.

salutec approached its MDR decision with a clear focus on outcomes, both for its customers and its own business. The team tested multiple solutions to determine whether they could truly detect and stop modern attacks while supporting automation and scale. 

What differentiated CrowdStrike was the combination of platform and service. The CrowdStrike Falcon® cybersecurity platform unifies endpoint, identity, cloud, and broader telemetry under a single sensor and console, reducing deployment friction and simplifying operations. Falcon Complete adds 24/7 threat hunting, investigation, and full remediation performed by CrowdStrike analysts, rather than providing recommendations for salutec to act on itself.

“The Falcon platform was the only one, from a technology perspective, where we could bring all our security components together,” Schaumann said. “Automation was key, because you cannot scale in any way when you do not automate things.”

That differentiation became concrete early on. During a rollout at a large retail customer, the Falcon platform detected suspicious activity on a terminal server within minutes. CrowdStrike contacted salutec during deployment. The activity turned out to be a fileless attack that had bypassed more than ten existing security tools in the environment.

“That was totally crazy,” Schaumann said. “We had firewalls and every serious security mechanism you can imagine, and none of them found this. When we saw this during rollout, we had to wonder what was happening at our other customer sites.”

The incident reinforced two critical points: First, the Falcon platform’s visibility exposed activity other tools missed. And Falcon Complete ensured expert analysts were in place to investigate and respond. From that point forward, salutec standardized on the Falcon platform and made Falcon Complete for Service Providers the foundation of its managed security services.

Falcon Complete for Service Providers allowed salutec to offload the most demanding aspects of MDR. CrowdStrike handles continuous monitoring, threat hunting, investigation, and remediation, which enables salutec to deliver enterprise-grade outcomes without staffing a SOC or maintaining on-call rotations.

“CrowdStrike is really doing the heavy lifting,” Schaumann said. “Threat hunting, remediation …  everything needed to stop breaches.”

With those responsibilities handled, salutec focused on differentiation. The Falcon platform has become the operational core of its security practice, serving as a central hub for security-relevant data and automation. salutec connected endpoint telemetry, identity signals, and third-party data sources into the Falcon platform and used tagging and Falcon Fusion SOAR workflows to organize environments and automate actions across customers.

“Fusion workflows gave us so many capabilities to connect things in between,” Schaumann said. “We started testing what’s possible, and it worked incredibly well.”

This operating model enables salutec to extend its services beyond incident response. Using the Falcon platform’s visibility into vulnerabilities and identity risks, the team helps customers prioritize remediation, address misconfigurations, and proactively reduce exposure. 

“Before CrowdStrike, when we talked about Active Directory, we were helping customers add users,” Schaumann said. “Now we see vulnerabilities and misconfigurations that are extremely critical, and we help customers fix them.”

The expansion of Falcon Complete beyond endpoint protection was essential to this approach. Identity-driven attacks and cross-domain activity have increasingly defined real-world incidents. With Falcon Complete covering endpoint, identity, cloud and SIEM workflows, CrowdStrike analysts can correlate activity across domains and immediately respond, without delays caused by tool handoffs or integration gaps.

Falcon Complete for Service Providers fundamentally changed salutec’s growth trajectory. The company scaled its managed security business without adding proportional headcount, avoided the cost and risk of building a SOC, and gained the credibility needed to pursue larger and more regulated customers.

“CrowdStrike helped us open new markets,” Schaumann said. “There were customers we wouldn’t even have approached before. Together with CrowdStrike, we gained access to these markets and scaled rapidly.”

Security outcomes improved as well. “Before CrowdStrike, we sometimes needed weeks to detect incidents, or we didn’t detect them at all,” Schaumann said. “After CrowdStrike, we detect things within minutes.”

For salutec, Falcon Complete for Service Providers became more than an MDR offering. It became the foundation for sustainable growth, enabling the company to deliver real security outcomes while focusing its own expertise where it matters most.