Trinseo Builds a Modern SOC with Falcon Complete Next-Gen MDR

Trinseo is a specialty material solution provider whose products are embedded in everyday goods, from automotive components to consumer signage. Operating at industrial scale means even small disruptions can have serious consequences, making security and uptime critical to the business.

Yet just two years ago, the company’s small, regional SOC was largely reactive, spread across too many tools, and unable to see its environment end to end.

“We said we had a SOC, but really we didn’t,” confessed Tammy Klotz, CISO at Trinseo. “People were looking at separate portals and trying to connect the dots manually. We needed to move to a 24/7 model where alerts were correlated and prioritized automatically.”

To modernize operations, Trinseo turned to CrowdStrike Falcon® Complete Next-Gen MDR for around-the-clock managed detection and response delivered by CrowdStrike experts. Within months, the company added CrowdStrike Falcon® Next-Gen SIEM to unify its data sources and CrowdStrike Falcon® Flex to expand its platform capabilities on a flexible timeline. Together, these investments helped Trinseo consolidate tools, reduce manual work, and bolster defenses.

Before Klotz joined Trinseo in 2023, the company had already deployed CrowdStrike Falcon® Insight XDR for endpoint security. The tool provided strong endpoint detection and response (EDR), but the SOC’s limited hours left gaps in continuous monitoring and response. When Klotz arrived and assessed the company’s broader security posture, she saw an opportunity to expand from EDR to a fully managed detection and response model.

“Our SOC was limited to one time zone and operated reactively,” Klotz said. “We needed to move to a 24/7 model where alerts were monitored, analyzed, and acted upon in real time.”

To close that gap, Trinseo adopted Falcon Complete Next-Gen MDR, pairing CrowdStrike’s human expertise with the unified CrowdStrike Falcon® cybersecurity platform. Because the single Falcon sensor was already installed across the enterprise, deployment was seamless. No new infrastructure or reconfiguration was required.

“We moved from one time zone to a global, 24/7 posture almost overnight,” Klotz said. “Falcon Complete gave us immediate visibility and confidence that every alert would be analyzed, investigated, and acted upon.”

The addition of Falcon Complete Next-Gen MDR also changed how the internal team operates. Instead of triaging alerts across multiple consoles, Trinseo’s analysts now focus on root-cause analysis, process improvement, and the rollout of new security capabilities.

“Before, everything felt reactive. Our analysts were constantly playing catch-up,” Klotz said. “Now they’re freed up to work on projects that actually strengthen our security posture.”

Trinseo soon turned to CrowdStrike Falcon® Next-Gen SIEM to streamline investigation and reporting. The company’s previous SIEM offered flexibility but required extensive manual configuration. Dashboards had to be built from scratch, and limited automation meant valuable time was lost chasing alerts that didn’t matter.

“With our old SIEM, we spent more time managing the tool than using it,” Klotz said. “Falcon Next-Gen SIEM integrated easily and gave us dashboards out of the box. It immediately changed how we see our environment.”

Falcon Next-Gen SIEM consolidates logs and telemetry from multiple sources into a single pane of glass. That central view enables faster correlation, triage, investigation, and response by the Falcon Complete team. The improved visibility also supports compliance reporting, helping Trinseo demonstrate operational control to auditors and regulators without additional tooling.

The shift to a unified security platform has also reduced redundancy. “We had multiple products doing parts of the same job,” Klotz said. “By consolidating with CrowdStrike, we’ve started retiring tools that add cost but not value.”

As Trinseo continued to evolve its security strategy, the company adopted Falcon Flex to gain frictionless access to the CrowdStrike portfolio. As CrowdStrike’s flexible licensing model, Flex gave the team the freedom to expand its protection on its own schedule — adding new platform modules as needs arise without complex renewals or contract changes.

“Flex gave us the ability to experiment,” said Klotz. “We can activate a new capability, see how it fits our environment, and make an informed decision about long-term adoption.”

Through Falcon Flex, Trinseo has begun evaluating exposure management, identity protection and cloud security modules from CrowdStrike. Each pilot aligns with a specific business goal to improve visibility into vulnerabilities, reduce risk from unmanaged accounts, and simplify compliance in cloud environments.

The exposure management initiative in particular has already drawn executive-level interest. “Our board wanted to understand where our vulnerabilities were and how we were addressing them,” Klotz said. “Being able to visualize that risk in the Falcon platform has been a game-changer for those discussions.”

Building on the foundation of the Falcon platform and the Falcon Complete Next-Gen MDR service, Trinseo is expanding its use of AI and automation to strengthen defenses. Falcon Complete Next-Gen MDR and Falcon Next-Gen SIEM already incorporate CrowdStrike® Charlotte AI™, CrowdStrike’s generative AI security analyst, showing Trinseo how the technology can accelerate investigations and summarize incident data.

“We’re just beginning to see what AI can do for us,” Klotz said. “Having access to AI-driven solutions with CrowdStrike helps our team move faster and make better decisions.”

The company has also formed an internal AI task force to establish safe-use guidelines across the business, with security playing a key role in defining policies and protecting data. Looking forward, Trinseo plans to expand its use of the Falcon platform and explore agentless protection options to secure AI.

“The continuous evolution of the Falcon platform keeps us ahead,” said Klotz. “It gives us confidence that we’re protected and the flexibility to grow on our own terms.”