CrowdStrike Launches Open Source Initiative


An interview with CrowdStrike Sales Engineer Evan Burns on new automation and workforce capabilities using the Falcon API.

To see Falcon Orchestrator in action, check out our demo video.

Read Video Transcript

CrowdStrike Launches Open Source Initiative

This is Steve Kovsky. And I recently had a chance to talk to Evan Burns. He’s a sales engineer for CrowdStrike– formerly on the implementation side. He’s based in Toronto. Here’s what Evan had to say.

Initially, when we started off with this being an early adopter, we had come to CrowdStrike with this proposition of what we were trying to accomplish. So, we were able to work with the engineering team and be some of the beta testers after the first initial public APIs.

So, really, what we were doing was extending the Falcon Host platform from the Cloud, and being able to consume that data locally within our on-premise architecture, and also integrate it into our other types of data sources. So, it was really the first poster child of integration in an extending Falcon Host platform.

Now that we’re going to roll this capability out into the workplace, what do you think it’s going to mean for customers? Have you had some conversations with customers? Are they excited about this?

Yeah, we’ve met with a few folks. I think, ultimately, the large value is going be to the types of organizations that do have some development expertise internally to really contribute back to the project. This is going to be an open source project, where we’ll open up the source code to the community as a whole and allow people to extend the platform. So, for folks that are going through a lot of pain points in terms of integration into SIMs are going to be feeling like the SIMs aren’t giving them everything they need out of a typical workflow, they’ll be able to take this open source code, extend it, and have it fit into the security process that makes sense to them.

So, another kind of methodology that I think about is– if you have a hammer, everything looks like a nail. Well, ideally, we like to build systems that adapt to the processes we want, rather than it have to fit our processes into existing technology.

OK. And you’ve seen this in action. Can you give us any examples of particular types of attacks, how you were able to respond to them quicker, or to deal with alerts and other information on a more holistic basis using this capability?

Yeah. I mean, I would say, primarily, the large volume in this is having additional context provided to the analysts. So, when they receive a detection of that from the Falcon Host platform– a traditional workflow would look like– reaching out to Active Directory, maybe understand what that user’s role is within the company, understand the potential implications if those credentials were compromised.

So, with this system, you have all of the contacts presented to you right at the onset, which allows you to respond much more quickly. Additional components to the platform will allow you to take responsive action on an endpoint itself.

So, let’s say we identify a compromised host, we could actually reach back, initiate a system restore, and revert back to an older configuration. Or, perhaps we’d want to go and actually extract a file and use that for post-analysis. Those are the type of capabilities that we built into the platform. Again, really, just aimed at streamlining the analyst workflow.

OK. Well, you’re at the forefront of this. If you look down the road six, eight months, where this is out in the field, what are some of the other capabilities that you think that our customers may be able to develop using this type of a workflow?

Yeah. I think, ultimately, the concept and market within security right now for security orchestration and automation is really becoming much more prominent nowadays, because folks are starting to realize that there’s immense value in being able to take all of your technologies, and rather than have them as disparate systems, really connect them together.

So, I hope that a lot of people get involved within the project to look at integration with maybe network level appliances and firewalls, or actually directly into the orchestration platforms themselves.

OK. Well, Evan Burns, I want to thank you for taking us on a little tour of the cutting-edge of enterprise security today, and also to thank you for the work that you’ve done and the work you’ll be doing in the future.

Absolutely. Thanks very much, Steve.


  • OS icon
  • deployment icon
  • installation icon

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.

Visit the Tech Center