This week at the Fal.Con 2025 event, CrowdStrike inked one of its multiple partnerships, in this case an extension of one that was already in place. Building on recent integrations with Falcon Next-Gen SIEM, network detection and response (NDR) vendor ExtraHop has taken the next step in their CrowdStrike relationship, ExtraHop and Austin TX-based CrowdStrike are now working together, in order to further unify data and deliver faster, simpler investigations for security operations teams with federated search.
The logic behind this extended deal makes a lot of sense. As SOCs face mounting pressure from siloed tools and rising costs, Seattle-based ExtraHop and CrowdStrike are aligned on a vision to break down barriers and bring endpoint, network, and log data together in more seamless ways. Capabilities under development are designed to give analysts deeper visibility, faster access to evidence, and simpler workflows – without the burden of data duplication or added complexity. With this integration, customers using ExtraHop RevealXTM Premium Investigation will be able to access ExtraHop data within the Falcon platform to unify visibility and accelerate investigations.
“SOC teams are under constant pressure, and too often they’re forced to waste time piecing together fragmented data from siloed tools,” said Kanaiya Vasani, Chief Product Officer at ExtraHop. “At ExtraHop, we believe complexity is the enemy of speed. Together with CrowdStrike, we’re working toward a simpler, more unified SOC experience – one that gives analysts the clarity they need to stay ahead of threats and respond with confidence.”
For more than five years, ExtraHop has partnered with CrowdStrike to give security teams the complete picture they need to detect and stop every threat with speed and precision. While ExtraHop monitors, decrypts, and analyzes all the traffic and activity inside a network, CrowdStrike provides a close-up view of every device, offering a powerful combination of inside-out and outside-in visibility that helps organizations find threats – before they can cause damage.
“ExtraHop and CrowdStrike are using AI and advanced machine learning to detect, uncover, and stop threats faster than ever before,” said Girard Ordway, lead partner solutions architect at ExtraHop.
In threat hunting, the challenge is seeing the forest, not just the trees. Traditional tools create data silos, giving you a detailed view of a single device but missing the broader context of a threat moving through your network. ExtraHop and CrowdStrike shatter those data silos by combining network and endpoint visibility for a unified, comprehensive view. Instead of having to piece together information from separate sources, security teams can combine network and endpoint data to hunt for threats with greater speed and accuracy.
“ExtraHop is putting identity at the forefront of NDR investigations,” Vasani said. “As threat actors increasingly weaponize user identities and exploit stolen credentials, security teams face a huge challenge in understanding the full scope of a compromise.”
To overcome this, we’re giving SOC analysts a complete picture of an attack based on user identities, showing them which devices they’ve accessed, what protocols they’ve used, and any detections they’ve triggered,” he stated.”
The rapid proliferation of unsanctioned AI applications and services, known as shadow AI, has put organizations at risk of data exposure, exfiltration, and non-compliance. These tools often bypass established security controls, creating dangerous blind spots that adversaries can exploit or access misconfigurations that can lead to breaches.
“Attackers are increasingly leveraging Impacket, an open-source collection of Python scripts, to move laterally across networks and escalate privileges,” said Henry Peltokangas, Director, Engineering, at ExtraHop. “They often use these tools to blend in with legitimate activity, making them harder to detect.”
By integrating ExtraHop’s deep network telemetry with first and third-party data from Falcon Next-Gen SIEM and automated remediation from Falcon Fusion SOAR, SOC teams get a complete picture of their AI footprint across their entire infrastructure – from endpoints to the cloud. With this holistic view, you can instantly identify unauthorized AI models and agents, visualize exactly how and where these tools are being used, and automate containment actions to prevent sensitive data exposure.
It’s nearly impossible to maintain security hygiene and compliance without a full, continuous view of your organization’s network. You need to know every single device, communication, etc. coming in at all times. The ExtraHop and CrowdStrike integration provides this full-spectrum insight with continuous asset discovery, comprehensive monitoring, and policy and control enforcement. When a new IoT device connects to a healthcare network, your security tools will instantly discover, monitor, and protect its communications, preventing the device from becoming an open door for attackers.
Finally, the longer an attacker remains undetected, the more damage they can inflict, expanding their foothold, moving laterally, escalating privileges, finding critical assets, and deploying malicious payloads. The ExtraHop and CrowdStrike integration is built to prevent attackers from hiding in your systems by combining the best of network and endpoint security. Then, after an attack is neutralized, packet-level forensics help you confidently ensure the network is completely clean to prevent re-infection and boost resilience.
“The agentic era is accelerating everything, and legacy SOC models can’t keep pace with today’s scale of threats and data,” said Daniel Bernard, chief business officer at CrowdStrike. “By expanding our partnership with ExtraHop into Falcon Next-Gen SIEM, we’re giving customers a modern foundation that unifies endpoint and network visibility, helping them respond faster and achieve outcomes that siloed tools simply can’t deliver.”