Travel + Leisure Builds Future-Ready Security with AI and Falcon Next-Gen SIEM

That ability to investigate and respond quickly is essential for a business of Travel + Leisure’s scale. The company manages more than 800,000 owners and 270 resorts worldwide, supporting millions of transactions across its broader hospitality, travel, and membership services. Owners connect across the globe, often through seasonal surges and sometimes from insecure networks.

For Anderson, consolidating data across endpoints, identities, and exposure points into Falcon Next-Gen SIEM created the visibility and speed his team needed to stay ahead of attackers.

For years, Travel + Leisure relied on a legacy SIEM, but the costs were escalating and investigations were often slow and cumbersome. With Falcon Flex licensing, Anderson moved aggressively to Falcon Next-Gen SIEM. Falcon Flex enabled the company to shift credits, accelerate the migration, and expand capacity without waiting for lengthy procurement cycles.

“The first thing that convinced me to move from our previous SIEM was quite frankly the outrageous cost of it,” Anderson said. “But more importantly, once we started the transition, we saw synergistic capabilities that didn’t exist before.”

With case management and integrated analytics, the SOC team now works with greater speed and precision, trusting the unified Falcon platform to connect signals across the business.

Identity quickly emerged as one of the company’s most pressing attack surfaces. Owners log in from across the globe, often from insecure networks, while adversaries target them with phishing campaigns and account takeover attempts. By deploying CrowdStrike Falcon® Identity Protection, Travel + Leisure gained a centralized view of its identity environment, complete with risk scoring and anomaly detection.

“One of the biggest problems for us was understanding what was happening in our identity space,” Anderson said. “We’re at the intersection of hospitality, real estate, and business information, so having one place to see and respond to identity threats has been a game changer.”

At the same time, Anderson is applying CrowdStrike Falcon® Data Protection to a new frontier: securing internal AI systems.

“AI has accelerated the attack cycle,” he explained. “If you’re not using AI-enabled tools in cybersecurity, you’re going to lose — and you’re going to lose very, very quickly. But AI itself becomes part of the attack surface, so you need governance and protection. CrowdStrike monitoring gives me confidence we can innovate without adding new risks.”

Anderson is equally bullish on AI as a defensive tool. His team plans to adopt CrowdStrike® Charlotte AI within Falcon Next-Gen SIEM to simplify searches and investigations. He expects that what once required specialized expertise with the legacy SIEM will soon be accomplished through natural language queries — accelerating response and reducing training overhead.

“With our previous SIEM, my analysts had to spend years perfecting search techniques,” Anderson said. “With Charlotte AI, they won’t need to know how to ask … they can just ask, and the answer will come back quickly. That means my team can focus on the philosophy of security instead of the mechanics.”

The shift toward AI has also inspired internal innovation. Anderson’s team has built its own automations to streamline repetitive security workflows, saving significant time on complex architecture and compliance assessments. Those results illustrate what’s possible as AI begins to take on more operational work inside the SOC — a glimpse, he said, of what’s next for the Falcon platform.

“The next step is AI that doesn’t just answer questions but does the work … safely, transparently, and with governance,” Anderson said. “AI is either going to bring unprecedented resilience or unprecedented risk. What gives me comfort is that CrowdStrike shares my concerns. They aren’t just bolting on AI, they’re building it responsibly, with governance and protection in mind.”

Since first adopting CrowdStrike in 2019, Travel + Leisure has steadily expanded its platform use, adding SIEM, identity protection, exposure management, and data protection on top of CrowdStrike’s flagship endpoint security. The strategy has eliminated overlapping tools and reduced costs while delivering stronger security outcomes.

“Since I joined Travel + Leisure, we’ve eliminated duplicative tools … in some cases three vendors for the same problem,” Anderson said. “Consolidating on CrowdStrike gives me confidence every module will integrate seamlessly and evolve quickly. I know I’m working with the industry leader.”

For Anderson, the relationship comes down to a shared mission. “Every single encounter I’ve had with CrowdStrike has reinforced the mission: to stop breaches,” he said. “That’s my mission too. CrowdStrike helps me protect our owners, safeguard their trust, and make sure they can enjoy their vacations without worry.”