CrowdStrike Store brings third-party endpoint security agents to its platform

Cloud-based endpoint security company CrowdStrike has launched a new platform that allows other security vendors to use its own software agent to collect data. It’s a new model that, if successful, could disrupt the endpoint security space and could solve a problem that many organizations have: Being forced to install software agents from multiple vendors for specific use cases.

The new CrowdStrike Store opened this week with applications by Truefort and Interset, two companies that use behavioral analytics to detect suspicious activity on endpoints. Integrations that allow the sharing of data for threat detection between products from different vendors already exist, but what’s new with CrowdStrike’s platform is allowing partners to also use its software agent called Falcon to collect the data they need.

This is not simply a cloud-based API, according to Amol Kulkarni, CrowdStrike’s senior vice president of engineering, but a deep integration at even the business level. For example, CrowdStrike has worked in advance with its launch partners to add the functionality they needed to its own agent and plans to do the same for any future partner.

The company is aiming to revolutionize the endpoint security market in the same way Salesforce revolutionized the CRM space, he said.

Cloud infrastructure providers like Amazon and Microsoft have also built marketplaces that allow security vendors to plug into and extend their infrastructure-as-a-service offerings, but this is a first for integration at the endpoint level, regardless of whether the endpoint is a virtual machine in the cloud or an on-premise workstation.

“Protectwise is a similar solution for network data, but they are just an aggregator of the data,” Peter Firstbrook, research vice president at Gartner said via email. “McAfee was the most famous of the API approach; they have a lot of partners that integrate at a reporting level with ePolicy Orchestrator. This is different because it mines the data collected for different purposes. It is a really good illustration of the disruptive change of cloud endpoint solutions. Much like other software markets, the endpoint market is poised to be disrupted by cloud. It is much more extensible and agile vs client-server architecture.”

Complementary solutions most likely to adopt the CrowdStrike model

It’s unlikely that CrowdStrike’s direct competitors will want to join the company’s marketplace and become dependent on a software agent they don’t fully control, even though Kulkami said CrowdStrike is open to collaborations. Some will probably end up copying the model, but those who develop complementary solutions for use cases that CrowdStrike’s own products don’t cover are likely to be more open to this new model and take advantage of it.