Blog

Fal.Con 2025: AI, Cloud and the Agentic SOC - Consortium's Key Takeways

Written by Consortium | Sep 24, 2025 3:22:38 PM

CrowdStrike’s annual Fal.Con 2025 conference in Las Vegas showcased a bold vision for cybersecurity’s future. As a Platinum Sponsor (and freshly awarded Global Technical Champion of the Year), Consortium had a front-row seat and even led four expert sessions on SOC transformation, IT deployment, AI-powered app development, and next-gen SIEM. For security leaders who couldn’t attend, we’ve distilled the most critical takeaways focusing on what matters for decision-makers evaluating CrowdStrike: the evolution of the Falcon platform, cloud security advancements, next-gen SIEM (Onum), and the rise of the AI-driven Agentic SOC.

“The SOC is trying to fight a 21st century war with 20th century weapons. That has to change.” – George Kurtz, CrowdStrike CEO, Fal.Con 2025

Kurtz’s keynote set the tone: AI is now table stakes in cybersecurity. Below we break down how CrowdStrike is addressing that imperative – and what it means for organizations in financial services, healthcare, manufacturing and beyond.

The CrowdStrike Falcon Platform Goes Agentic

Fal.Con 2025 marked a pivotal evolution of the CrowdStrike Falcon platform into what Kurtz called the “Agentic Security Platform.” This fall release is purpose-built to harness AI-driven agents across the enterprise. Key innovations include:

  • Enterprise Graph: a unified, AI-ready data layer connecting endpoint, identity, cloud, and data telemetry into one real-time contextual fabric.
  • Charlotte AI AgentWorks: a no-code environment to build, test, and deploy custom security AI agents at scale, with pre-built agent templates.
  • Agent Collaboration Framework (MCP): a secure coordination hub for multi-agent ecosystems, ensuring governance and guardrails across AI agents.
  • AI-Era Console: a new, natural-language-driven Falcon console surfacing insights clearly and role-specifically.

Together, these upgrades reframe Falcon from an endpoint suite into a truly AI-native security operations platform.

Protecting Cloud Workloads and AI Development Pipelines

Fal.Con emphasized extending security into cloud and AI innovation pipelines, critical for regulated industries:

  1. Falcon Cloud Security Enhancements: CrowdStrike can now scan container images for vulnerabilities, detect embedded ML models, and inventory AI assets across AWS, Azure, and GCP environments. This helps govern “shadow AI” and secure data science workflows.
  2. AI Detection and Response (AIDR): a new category pioneered by CrowdStrike to secure AI agents and applications. With its planned acquisition of Pangea, CrowdStrike is adding guardrails to control AI prompts, access, and actions – treating AI agents as first-class identities that require governance.

As Kurtz put it: “Having an AI agent is like giving an intern full access to your network… you’ve got to put guardrails around it.”

Next-Gen SIEM and Streaming Telemetry: Onum Accelerates Falcon

CrowdStrike’s acquisition of Onum highlights the shift toward streaming data architectures for SOCs. Onum ensures the right data is optimized and available in real time, enabling:

  • Speed: process up to 5× more events per second with instant context.
  • Efficiency: reduce SIEM log ingestion by filtering noise, cutting storage by ~50%.
  • Better Outcomes: incidents resolved up to 70% faster, with ~40% less ingestion overhead.

Onum feeds directly into Falcon analytics and Charlotte AI, powering real-time agentic workflows. For enterprises struggling with legacy SIEM costs and complexity, streaming pipelines are no longer optional – they’re foundational.

The Path to the Agentic SOC with Charlotte AI

The centerpiece of Fal.Con 2025 was the vision of the Agentic SOC: security teams orchestrating fleets of AI agents that reason, decide, and act.

Charlotte AI as Conductor

Charlotte AI has matured from assistant to orchestrator, coordinating agents with transparency and human-in-loop guardrails. Analysts elevate into supervisory roles, while AI handles repetitive triage and analysis.

Specialized AI Agents and AgentWorks
 

CrowdStrike launched seven purpose-built AI agents, including vulnerability prioritization, autonomous hunting, malware analysis, and correlation rule generation. With AgentWorks, organizations can build their own no-code agents tailored to unique workflows, democratizing automation in the SOC.

Security AGI on the Horizon
 

Kurtz spoke of “Security AGI” as the long-term vision. While not here yet, the incremental path is clear: deploy agents for well-defined use cases, build trust, and scale autonomy responsibly. The combination of human oversight plus AI speed will define the winning SOCs of the next decade.

Conclusion: Ready for the AI-Powered Future

Fal.Con 2025 reinforced that:

  • CrowdStrike is now a full platform provider, unifying endpoint, identity, cloud, and AI security.
  • AI has shifted from assistant to actor, with Charlotte AI and its agents handling 24×7 workloads.
  • Data pipelines matter – Onum’s real-time telemetry fuels both humans and AI with high-quality data.
  • Governance is non-negotiable, with AIDR and MCP ensuring safe and transparent agent operations.
Consortium’s recognition as Global Technical Champion of the Year underscores our leadership in helping clients operationalize these capabilities effectively. Whether deploying Falcon Cloud Security in healthcare, implementing Falcon Next-Gen SIEM in finance, or building agentic SOC roadmaps in manufacturing, Consortium ensures organizations extract maximum ROI from their CrowdStrike investments.

Fal.Con’s message was clear: the era of the Agentic SOC is here. With CrowdStrike’s platform and Consortium’s expertise, security leaders can navigate this new frontier with confidence.
View full post