From Crisis to Confidence: How SiteOne Transformed Security with CrowdStrike Services

When a ransomware attack struck SiteOne Landscape Supply in 2020, Chief Security Officer David Black was thrown into the middle of a high-stakes incident. With potential data exposure and business continuity at risk, he needed answers fast. CrowdStrike delivered.

"We were not a CrowdStrike customer, but they came highly recommended by our outside counsel," said Black. "We just called, and within minutes, the team was on it. From the first conversation, we had confidence we were in the right hands."

That initial incident response engagement marked the beginning of a long-term partnership. CrowdStrike helped SiteOne quickly contain the breach, eradicate the threat actor, recover all critical operations data and avoid a significant impact on business operations. But the journey didn’t stop there.

Coming out of the breach, Black sought enhanced protection and a trusted partner. The company replaced its legacy antivirus with CrowdStrike Falcon® Complete Next-Gen MDR, CrowdStrike’s fully managed detection and response service. The rollout was seamless.

"We deployed the Falcon agent to about 6,000 devices within hours," said Black. "No additional training, no complex setup … it just worked. And having CrowdStrike’s 24/7 expert monitoring as additional support gave us peace of mind like never before."

The move to Falcon Complete Next-Gen MDR delivered next-level support, with continuous protection and faster endpoint detection and response — all backed by CrowdStrike’s elite security analysts.

"Complex incidents require deep specialization," noted Black. "CrowdStrike took a major weight off our shoulders, bringing world-class expertise and execution to aid our response. They had the playbooks, the people, and the process ready to go."

Soon after the breach, SiteOne also signed a CrowdStrike Services Retainer — a decision that would transform the company’s security maturity over the next several years.

One of the first major efforts was a series of bespoke tabletop exercises. CrowdStrike facilitated both technical and executive-level sessions, giving SiteOne the opportunity to pressure-test its response playbooks. The results were immediate and memorable. 

"Our legal, HR, and marketing teams emailed me after the tabletop to say how eye-opening it was," said Black. "It put an even bigger spotlight on cybersecurity for everyone."

Next came adversary emulation: a true stress test of SiteOne’s post-incident defenses. With only the company name, CrowdStrike’s red team simulated a targeted attack. The exercise validated SiteOne’s security upgrades, including Falcon Complete, and the response readiness procedures developed through tabletop exercises. 

"They got in using real-world tactics and helped us better understand where vulnerabilities lie," said Black. “While it confirmed that our defense systems were working, there are always areas for improvement … and it’s far better for CrowdStrike to identify these under safe conditions than for an adversary to find and exploit them in the wild."

Each services engagement uncovered new ways to strengthen security. SiteOne added CrowdStrike Falcon® Identity Protection and CrowdStrike Falcon® Exposure Management after seeing their value in real-world assessments.

"We had Falcon Spotlight and Falcon Discovery, but the additional context from Exposure Management helped us prioritize faster and cut down the manual effort," said Black. "We no longer need Excel pivot tables to track vulnerabilities."

The company also replaced its legacy SIEM with CrowdStrike Falcon® LogScale™, CrowdStrike’s cloud-native logging solution. By pairing it with Cribl to filter noise and control costs, SiteOne created a faster, more scalable analytics foundation.

"With LogScale, more teams can access and use security data without needing a special query language," Black said. "Now our service desk resolves account issues on the first call, without escalating to my team. That’s a huge win."

SiteOne also saw broader operational benefits of consolidating on the AI-native CrowdStrike Falcon® cybersecurity platform. "Having one platform, one console, and fewer tools to manage makes life easier for everyone. The less time we spend navigating multiple systems, the more time we spend protecting the business."

From breach recovery to proactive hardening, CrowdStrike Services has refined SiteOne’s security program. The result isn’t just better tools, it’s a better team.

"My team is small but exceptional, and I don’t want to burn them out," said Black. "The more we consolidate into CrowdStrike, the easier their jobs become. They’re happier, more effective, and focused on what matters."

Today, SiteOne continues to grow with CrowdStrike at its side: confident, prepared, and better protected than ever.

"It’s not just the technology," Black concluded. "It’s the people, the process, the consistency. That kind of partnership is rare. And we don’t take it for granted."