As enterprises modernize security operations, CrowdStrike Falcon Next Gen SIEM is advancing an open architecture approach by integrating directly with Microsoft Defender for Endpoint telemetry.

CrowdStrike has announced that Falcon Next Gen SIEM can now ingest and correlate Microsoft Defender for Endpoint data, allowing organizations to enhance security operations without deploying additional endpoint sensors. The update reflects a growing demand for flexible, data driven security platforms that can operate across diverse environments while reducing operational complexity.

The integration enables Microsoft Defender customers to combine endpoint telemetry with Falcon’s broader capabilities, including threat intelligence, log data, and AI driven analytics. By correlating signals in real time, organizations gain deeper visibility into threats and can strengthen detection without altering existing endpoint deployments.

“Strategic alignment and disciplined execution between industry leaders is what drives meaningful innovation and stronger security outcomes for customers,” said Daniel Bernard, chief business officer at CrowdStrike. “Our integration with Microsoft accelerates legacy SIEM transformation without the operational burden of deploying additional sensors. By advancing our open, data-agnostic architecture, we are giving organizations the flexibility, performance, and data economics to modernize security operations across any technology stack meeting customers where they are to unlock the protection outcomes and value from Falcon.”

Microsoft also emphasized the importance of interoperability in modern cybersecurity ecosystems. “It is great to see Microsoft Defender telemetry being leveraged within Falcon Next-Gen SIEM,” said Rob Lefferts, corporate vice president for threat protection at Microsoft. “Defender operates at a global scale, and integrations like this reinforce the importance of an open ecosystem where leading platforms interoperate to help customers improve security outcomes.”

Ad Banner

CrowdStrike positions Falcon Next Gen SIEM as a core component of what it calls the operating system of cybersecurity. The platform has seen rapid adoption, with reported growth of 75 percent year over year, as organizations move away from legacy SIEM systems toward more scalable and cost efficient solutions.

In addition to the Defender integration, CrowdStrike introduced several innovations aimed at accelerating SIEM transformation. These include native Falcon Onum real time data pipelines, which improve data streaming performance and reduce storage costs, and federated search capabilities that allow analysts to query data across distributed environments without duplication.

The company also announced support for third party threat intelligence integration, enabling organizations to incorporate external indicators of compromise into their detection workflows. Another key feature is the Query Translation Agent, which automatically converts legacy SIEM queries into CrowdStrike Query Language, helping teams transition from older systems without retraining or disruption.

These updates are part of CrowdStrike’s broader push toward an agentic security operations model, where automation and AI play a central role in threat detection and response. By simplifying data onboarding and improving operational efficiency, the company aims to help security teams respond faster and more effectively to evolving threats.

As organizations continue to navigate complex, multi platform environments, CrowdStrike Falcon Next Gen SIEM highlights the importance of open, interoperable security architectures. By integrating with Microsoft Defender and enhancing real time analytics capabilities, CrowdStrike is enabling enterprises to modernize their security operations while maintaining flexibility and control.

Recommended Cyber Technology News:

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com



🔒 Login or Register to continue reading