{"id":4879,"date":"2025-09-16T18:00:00","date_gmt":"2025-09-16T18:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4879"},"modified":"2025-09-16T18:00:00","modified_gmt":"2025-09-16T18:00:00","slug":"crowdstrike-bets-big-on-agentic-ai-with-new-offerings-after-290m-onum-buy","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4879","title":{"rendered":"CrowdStrike bets big on agentic AI with new offerings after $290M Onum buy"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

In late August, cybersecurity giant CrowdStrike announced<\/a> that it agreed to acquire real-time telemetry pipeline management company Onum for $290 million. The company said the acquisition would transform the security operations center (SOC)<\/a> for the agentic AI era by turbocharging real-time data and analysis into threat intelligence in \u201cmilliseconds.\u201d<\/p>\n

Today at CrowdStrike\u2019s annual Fal.Con event<\/a> in Las Vegas, the company is taking the wraps off two initiatives that aim to build on the Onum platform in hopes of helping enterprises create and maintain cutting-edge cybersecurity projects that employ agentic AI.<\/p>\n

The first initiative is its Agentic Security Platform, a cluster of innovations the company says will speed security responses by expanding agentic capabilities across users\u2019 assets. The second initiative is CrowdStrike\u2019s Agentic Security Workforce, which aims to eliminate repetitive tasks for security analysts to free them up for more strategic pursuits.<\/p>\n

Taking on an AI-powered threat landscape<\/h2>\n

CrowdStrike, like most big cybersecurity providers, is diving headfirst into agentic AI as an early adopter to jump on the rapidly advancing AI train and exploit the benefits<\/a> of this disruptive and complex technology. But it is, perhaps more importantly, trying to counter threat actors who are also quickly embracing various forms of AI to achieve their malicious ends.<\/p>\n

\u201cWe need to enable defenders to operate at scale and faster to be able to keep pace with these adversaries,\u201d Adam Meyers<\/a>, head of counter adversary operations at CrowdStrike, said during a press briefing. \u201cA good example of this is Famous Chollima<\/a>,\u201d the group of North Korean threat actors who are getting remote IT jobs to generate revenue for the country\u2019s ruling regime.<\/p>\n

\u201cWe\u2019ve seen them use generative AI in every step of the kill chain,\u201d said Meyers, explaining that the group uses LLMs and generative AI to create LinkedIn profiles and resumes, uses deepfake technology to mask its members\u2019 appearances during interviews, and uses generative AI to answer questions during those interviews.<\/p>\n

Moreover, \u201conce they get employed, they\u2019re heavily relying on Copilot coding to be able to hold 50, 60, 80, 90 jobs at scale, which can generate millions and millions of dollars for the regime. And by using generative AI to help with their coding tasks, they\u2019re able to do that at scale as well,\u201d Meyers said.<\/p>\n

CrowdStrike\u2019s Agentic Security Platform<\/h2>\n

CrowdStrike developed its Agentic Security Platform precisely to help organizations keep pace with increasingly AI-equipped adversaries. \u201cThe increasing speed of the adversary, the increasing use of generative AI means from a defensive standpoint, we want to leverage these technologies as well to match and hopefully exceed the speed and efficiency of the adversaries,\u201d CrowdStrike\u2019s CTO Elia Zaitsev said during the briefing.<\/p>\n

CrowdStrike entered the generative AI era last year with the release of its Charlotte AI chatbot<\/a>, but now the company plans to head \u201cinto an even deeper layer of autonomy where we are really after what we call the agentic SOC,\u201d Zaitsev said. \u201cWe want multiple agents working in an orchestrated ensemble fashion to progressively automate more and more aspects of what a human analyst does today.\u201d<\/p>\n

To get there, CrowdStrike will rely on what it calls its \u201centerprise graph,\u201d which is not a new graph database in the traditional sense. Instead, it is what Zaitsev called \u201can amalgamation and an abstraction of all the other things that we built in our platform and have invested in over almost 15 years now.\u201d\u00a0<\/p>\n

The enterprise graph relies on the Onum platform as its foundation layer, atop which is a data layer graph with a time-series contextualization of detection and response, asset data, risks, and intelligence. These layers feed into an utmost layer consisting of a semantic data model that enables human analysts and AI agents to take actions.<\/p>\n

The real innovation is a common language, a \u2018Rosetta Stone\u2019<\/h2>\n

All the systems CrowdStrike has built into its enterprise graph look and work differently, with different schemas, different ways of naming and calling the same objects, different query faces, and different APIs, which can be a challenge for not only human interfaces but also AI agents.<\/p>\n

The real innovation in CrowdStrike\u2019s Agentic Security Platform, then, is that the top two levels of the enterprise graph \u201cact as abstraction layers that hide all this complexity away from both human and agentic AI users,\u201d Zaitsev said. \u201cThe semantic data model essentially gives you one common language, a Rosetta Stone that we can use to abstract away the differences between all these different security domains, all these different vendors, and proprietary schemas. And we do it essentially in plain, simple English.\u201d<\/p>\n

An example illustrates how this innovation operates. \u201cOne vendor like CrowdStrike might call something an IPv4 in a log event, and another vendor may call something an IP underscore four,\u201d Zaitsev said. \u201cAs humans, we kind of intuitively know if you have a cybersecurity background, they\u2019re talking about an IP address version four.\u201d<\/p>\n

But \u201cprotocol machines don\u2019t typically work that way, though they need that mapping done for them. So not only have we done that mapping without disturbing the underlying data, but we\u2019re also using plain, simple semantic meaning \u2014 concepts that any agentic system will understand out of the box without any specialized training or fine-tuning,\u201d he said.<\/p>\n

The semantic meanings are used as a data catalog of sorts for the global query and global command engine. \u201cThese are abstraction layers that both query these underlying systems and also allow response actions to be taken with them as well,\u201d Zaitsev said.<\/p>\n

He explained that \u201cwith the global query engine, a human analyst or a machine analyst will write a simple one-line query that uses those plain English language semantic data model concepts, and the engine will automatically identify which of these underlying data systems, and sometimes it may require multiple of these systems, are best suited or most optimized to answer that complex query. And then it will automatically translate it into all the underlying systems, schemas, API calls, and languages, bring all that information back, and then return that as one unified set of results.\u201d<\/p>\n

As part of the Agentic Security Platform, CrowdStrike will release an even more intensive AI version of its Charlotte platform called Agent Works, which is \u201ca no-code platform for customers to be able to securely test, develop, orchestrate, and deploy their own agentic systems with their own custom data sets and enterprise- or organizational-specific knowledge baked into it,\u201d Zaitsev said.<\/p>\n

Agent Works can also develop agents through generative AI using natural language. \u201cWe\u2019re actually at the point now where we have agents building out other agents,\u201d Zaitsev said.<\/p>\n

For customers who want to integrate the wide variety of other AI systems and applications in the marketplace with the Falcon platform, the Agentic Security Platform also offers the ability to integrate all the solutions through what CrowdStrike calls its operating center.<\/p>\n

Finally, the Agentic Security Platform offers a dynamic user experience, through which \u201canalysts as well as agent systems can dynamically customize and develop their own user experience, their own workflows on the fly, which can span multiple different modules, data sets, and repositories,\u201d Zaitsev said.<\/p>\n

Agentic Security Workforce<\/h2>\n

Meanwhile, CrowdStrike\u2019s Agentic Security Workforce platform was developed to help security analysts who are overwhelmed by time-consuming tasks and in cases where traditional security measures cannot keep up with AI-powered threats.<\/p>\n

This virtual workforce delivers automated mission-ready agents inside Falcon sensors, transcending \u201cask-and-respond\u201d copilots. \u201cOne of the top concerns we\u2019ve heard from CISOs is that their enterprises, their end-users, are rushing to adopt AI technologies,\u201d Zaitsev said.<\/p>\n

\u201cCISOs are in a tough place,\u201d he added. \u201cThey don\u2019t want to stop that innovation. They don\u2019t want to be a hindrance to organizational adoption, but they\u2019re also terrified about data leaving the front door and going to all these third-party systems that they have no visibility over, no control over, et cetera.\u201d<\/p>\n

\u201cSo, a couple of months ago, we launched the capability through our data protection application to identify in the browser usage and the ability to detect and prevent usage of unapproved versus approved generative AI services,\u201d he said. \u201cWe\u2019re extending that capability now to go across the entire endpoint.\u201d<\/p>\n

For example, \u201cwe can detect that there are secrets or passwords or source code that are unintentionally left exposed,\u201d Zaitsev said. \u201cIf a developer then tries to send that source code to an unapproved gen AI code assistant, we can identify and block that. But conversely, we can allow them to continue to use that with an approved enterprise coding assistant, where they would be allowed to send things like secrets because it\u2019s controlled and audited.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

In late August, cybersecurity giant CrowdStrike announced that it agreed to acquire real-time telemetry pipeline management company Onum for $290 million. The company said the acquisition would transform the security operations center (SOC) for the agentic AI era by turbocharging real-time data and analysis into threat intelligence in \u201cmilliseconds.\u201d Today at CrowdStrike\u2019s annual Fal.Con event […]<\/p>\n","protected":false},"author":0,"featured_media":4880,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4879","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4879"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4879"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4879\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4880"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4879"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4879"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4879"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}