CrowdStrike CBO on ‘embracing AI’ in security, next-gen SIEM ‘transformation’

Since the shift from on-premises IT environments to cloud, the arrival of next-gen SIEM is ‘the biggest transformation in this market,’ CrowdStrike Chief Business Officer Daniel Bernard tells CRN.

The arrival of next-generation security operations technology that can replace traditional SIEM (security information and event management) is a massive “transformation” opportunity on par with the shift from on-premises IT environments to cloud, CrowdStrike Chief Business Officer Daniel Bernard told CRN.

SIEM (security information and event management) — a core technology used by security teams for logging, analytics and search capabilities that originated decades ago — remains a crucial system for responding to and mitigating cyberattacks. However, the vendors offering a traditional SIEM approach are increasingly no longer capable of handling modern cybersecurity needs, according to Bernard.

He compared the next-gen SIEM shift to the transition to cloud from on-premises data centers, which has reshaped the technology landscape since the first public cloud services became available in 2006.

“What I believe is that, since [the shift from] on-prem to cloud, this is the biggest transformation in this market,” Bernard said. “The whole world went from data centers to cloud — and in security, that watershed moment is going from legacy SIEM to next-gen SIEM.”

CrowdStrike has aimed to become a disrupter in the space with its Falcon Next-Gen SIEM offering, which has sought to displace longtime SIEM vendors such as Cisco-owned Splunk. Key advantages with Falcon Next-Gen SIEM include improved security outcomes through providing an approach that makes full use of cloud-native technologies and AI, according to CrowdStrike.

In March, CrowdStrike announced a major channel expansion as the cybersecurity giant unveiled its new Services Partner Program, which is seeing the company primarily rely on partners to deliver the services around its fast-growing Falcon Next-Gen SIEM offering.

Meanwhile, Bernard also spoke with CRN about the variety of reactions that cybersecurity vendors have had to the arrival of the latest generation of AI technologies. Some security vendors have chosen to largely ignore AI for their products, which is a short-sighted approach, he said.

“In a lot of other industries, I think embracing AI is optional,” Bernard said. “In cybersecurity, AI is not optional.”

What follows is an edited portion of CRN’s interview with Bernard.

What's the biggest AI-related issue that you're discussing with partners and customers right now?

“Can I trust an agent to do something for me?”—I think that’s the question of this year. “Can I trust an AI agent to operate a security program or part of a security program for me?” Two years ago, it was like “AI, AI, buzz, buzz.” Last year was, “‘I’m starting to see different [options to] glean information. It’s better than a Google search. It’ll talk back to me. I can tell it to do things.” And this year, I think it’s all, “Can this thing run some process from start to finish without me having to be involved?” That’s the evolution—the crawl, the walk and the run—that I see happening in security as relates to AI.

But how much we can trust agentic outputs is still a little unclear?

Yes. And it's not like, is it evil or doing things against me? I think it's more of a question is, does it have the capability to see all these different edge cases and leverage something that I saw [previously] in a certain way — is it going to have that experiential perspective? I think it's TBD. I think what we're seeing is that AI agents are able to deal with large data sets, apply reasoning to those data sets, and then come up with a decision. But is it the right decision? Did they miss something? Or is it actually a better decision than the human?

There's three different types of vendors [at RSAC 2025]. There's those that ignore the AI thing altogether. And my insight is that they probably won't be here very much longer coming back to RSA. So that's bucket one. Bucket two is the vendors that say, “AI is going to replace all the humans.” Well, I don't really think that that is a reasonable approach for security, but that is one of the other prevailing pieces of logic. Last I checked, there's a lot of humans here, and these humans buy products. So we need the humans to be in the loop. And the third is really where I think we live — which is, how does a human become way more effective, supercharged with AI?

It’s similar to how post-industrial revolution, humans always worked in sales, marketing, whatever the job is. But as soon as humans started to work with computers, the amount of work that you could get done grew exponentially. And I think that's what's happening in the SOC with cybersecurity. We're on the precipice of that moment.

So you would say it’s not really possible to be in denial about AI at this point?

In a lot of other industries, I think embracing AI is optional. In cybersecurity, AI is not optional. That's the reality. That's why this category is not, “nice to have” — it's “need to have.” The question is, which one is the right need-to-have technology? Whether you're an end customer or a partner, which one are you going to align with? Which one's going to be here in two years, four years, six years? Which one is investing in innovation — and is not just talking about investing in innovation, but is also doing and delivering innovation? There's a whole class of these new AI security companies. It's still the very early innings of that space. But I think the best AI security is going to be delivered by companies who have the best data, and have the right platform that's being used to secure the environment. I think we're really well-positioned to make a meaningful contribution to the market in that space of helping companies not only use AI for security, but also secure their AI that they're using to run their business.

What do you see as the biggest issues going forward when it comes to securing the adoption of AI?

I think the acceleration that the AI age has brought about, has only heightened the need for cybersecurity. I think that's widely accepted in the market. What is AI doing? It's providing a multiplicative force to data. Creating AI models [means] more data. Doing AI-driven work creates more output. More creativity, more data. So I think we're entering this next phase of the data revolution — and that means there's a lot more dimensions of society and of work that need to be secured.

Now you apply agentic AI models, and one person may have five agents doing different forms of work for them, all the time. How do you secure all that? That's what should keep people up at night. How do you make sure that there's a high fidelity and integrity of the data going in and the data going out? And then, how do you secure the whole process end-to-end, so that some [competitor] can't steal your stuff?

The SIEM market also continues to be increasingly competitive — how are things progressing with your push around Next-Gen SIEM?

I think the SIEM market continues to just play into our hands. Going from endpoint data and cloud data and identity data to SIEM is proving to be a much more effective — as well as streamlined — journey for a customer to go on, than going from a firewall to a SIEM. We're in the room because we built the room. And I think that's why we're seeing the scale of adoption, and the speed of adoption. What I believe is that, since [the shift from] on-prem to cloud, this is the biggest transformation in this market. The whole world went from data centers to cloud — and in security, that watershed moment is going from legacy SIEM to next-gen SIEM. Because what it is really doing is ushering in platform adoption. Ultimately, when you leave your legacy SIEM, you're making a platform decision for the future of your cybersecurity program.

What I see happening is, CrowdStrike becoming the operating system of security. So if you go to the SOC — whether that's a government SOC, whether that's a Fortune 500 SOC, whether that's a small-medium business that's running security, whether you go to a classroom where they're teaching people how to use a SOC — you look at what's up on the screen, and what's on the screen is the Falcon console. We don't do everything. Cybersecurity is very diverse. But what I'm seeing is, all these other capability sets are integrating with the Falcon platform. And then next-gen SIEM is where you're [determining] where you're going with threat management.

I think that that's really what makes this thing generational and much bigger than, “Hey, we're here to sell you cloud security today.” We're here to define and build how your security program is going to run in the AI era, period.

What is your overall message to the market?

I think for us, this year, there's so much innovation happening on the platform across our 29 different modules — that each module is kind of getting to the point where it's a company [of its own]. So as customers look to consolidate, they turn to their partners and say, “What's the right horse to bet on?” And the partners are feeling that that's us — because there's no stagnation. You don't have to sacrifice — “Oh, well, they do this really well, but they do this really badly.” Making a bet on CrowdStrike is making a bet on a much brighter cybersecurity future for you as a customer.