Unified Security Platforms: An Enabler of Secure Business Operations : Fabio Fratucello, Field CTO World Wide, CrowdStrike

In an exclusive conversation with Express Computer, Fabio Fratucello, Field CTO World Wide, CrowdStrike, discusses how the cybersecurity landscape has dramatically shifted. Today’s adversaries are highly organised, fast-moving, and increasingly operate like businesses — what CrowdStrike describes as “the enterprising adversary.” Fratucello emphasizes the growing need for unified security platforms that offer end-to-end visibility, seamless integration, and real-time threat correlation across domains. These platforms help defenders detect, investigate, and respond more effectively by harmonising data into a cohesive threat narrative. Powered by AI—both generative and agentic AI—unified platforms serve as force multipliers, reducing response times, and automating complex tasks.

How has the cybersecurity threat landscape changed in the last few years, and what are the implications for enterprise security strategies?

Over the past few years the threat landscape has continued to escalate as attackers become more sophisticated in their tactics and techniques. As CrowdStrike identified in the 2025 CrowdStrike Global Threat Report (GTR), adversaries are taking a global approach and running their operations like businesses – with the GTR describing 2024 as the year of the “enterprising adversary”.

Adversaries are increasingly leveraging new technologies and sophisticated tactics, which enable them to execute attacks faster than ever. In fact, the fastest recorded eCrime breakout time – the time it takes an adversary to move laterally from initial compromise to a secondary host – was just 51 seconds. This demonstrates why speed is more crucial than ever for defenders in detecting and responding to attacks. As adversaries increasingly adopt a global focus, defenders must be prepared for attacks to come from anywhere – whether nation-state actors or eCrime groups. Organisations must understand these shifts in today’s threat landscape to effectively build or strengthen their security strategies.

What fundamental advantages do unified security platforms offer over traditional point-product approaches?

In today’s threat landscape, adversaries are overwhelming defenders by chaining attacks across multiple domains, such as identity, endpoint, and cloud. Adversaries are ferocious and methodical in their approach, leveraging new technologies to increase the speed of their attacks. This significantly challenges defenders that rely on fragmented security solutions and point-products, which generate large volumes of noise and fail to provide full visibility of what is occurring across their infrastructure.

Unified security platforms provide organisations with the visibility required across endpoint, identity, and cloud, harmonising all the different signals generated from each domain in a meaningful manner. This enables teams and technology – from human expertise to AI capabilities – to unify visibility, close protection gaps, and stop breaches faster.

How do unified platforms improve cross-domain visibility, threat detection and operational efficiency?

 Adversaries are leveraging a range of social engineering techniques to obtain precious identities, including spear phishing emails, vishing (voice phishing), SMS-based phishing (smishing), and phone calls to impersonate IT help desk personnel and influence users to reveal their credentials. Identity combinations – such as a username and password – allow adversaries to log in, instead of having to break in. This makes their activity harder for defenders to detect because it blends in with normal operational traffic. Once they gain access, attackers may try to create persistence in an organisation’s systems by accessing other identities, exploit cloud environments and change or disable cloud controls, and do significant damage by exfiltrating data or executing ransomware attacks.

By providing cross-domain visibility, unified security platforms allow organisations to understand the activity occurring across their system and initiate their response. However, if an organisation is reliant on security point-products, they simply won’t have this end-to-end visibility and data harmonisation. While each action from an attacker may raise an alert and be considered a malicious activity, it may instead be deemed legitimate activity due to a lack of correlation on the attacker’s individual activities and movement across domains. These gaps put significant strain on defenders, who have to rely on individual alerts and response tasks – instead of having a holistic view of attackers’ activities linked together as part of a single attack chain. This is why unified security platforms that deliver comprehensive, real-time visibility across an organisation’s domains provide real value in stopping breaches.

Looking ahead, what does the next evolution of unified security platforms look like in the age of AI, IoT, and quantum threats?

The next evolution of unified security platforms will be shaped by a combination of business and technical objectives. From a business standpoint, the impetus to adopt a platform approach to security delivers on the need for consolidation, simplification, and a reduction in operational costs. From a security standpoint, AI-native, unified security platforms provide organisations with force-multiplying agentic AI and generative AI capabilities that shrink the time to detect and respond to threats. These capabilities up-level security analysts, allow them to run searches and queries more effectively, and even write code to run response activities. These AI-driven advantages help organisations regain precious time in defending against adversaries, who are also actively embracing AI to be faster and more effective in achieving their business objective of compromising other businesses.

When evaluating unified security platforms, what key criteria should CISOs and security leaders prioritize?

While organisations may understand the importance of adopting a unified security platform, it’s crucial they also understand what a true platform is and what it is not, as there are certain criteria that should be considered mandatory. Firstly, a platform must have a cloud-native backend that provides scalability because data consumption constantly grows. As organisations consume and produce more data than ever before, the telemetry they need to detect and respond to an attacker’s activity increases.

It is also vital to ensure the security platform being evaluated is not an amalgamation of different solutions that may have been bolted together – including through acquisitions – resulting in users having to navigate different menus, UIs, and understand different taxonomies. True unified security platforms are fully unified – running on a single-agent, regardless of whether expansions in capabilities originate from acquisitions or internal innovation, providing cohesion and data harmonisation. This ensures organisations benefit from consolidation and simplification, allowing them to streamline operations and eliminate hidden operational costs. Simplification and harmonization are essential in fighting adversaries, particularly when defenders may only have 51 seconds to detect and respond to an attack.

How are AI and machine learning transforming modern cybersecurity platforms?

AI and machine learning are creating a step-change in cybersecurity – not just for defenders, but for adversaries. As attackers use these technologies to accelerate and scale their operations, security teams must embrace AI andML to stay ahead. These tools aren’t optional – they’re critical to identifying threats faster, reducing noise, and stopping breaches before impact.

Organisations need their human and technology resources to work together in a coordinated manner. They must be able to harness the intelligence, insights, and knowledge that is unique to humans through their professional experience, while simultaneously benefiting from innovative technologies that deliver the machine speed required to process large datasets. AI offers not only incredible capabilities, but acts as a conduit between humans and technology – delivering productivity gains, automating tasks, and addressing human inexperience.

How do you see the relationship between AI and unified security platforms evolving over the next 3–5 years?

The relationship between AI and security platforms will be dependent on how humans and machines continue to evolve together – particularly as humans become more comfortable with AI and further understand the advantages it offers. Already, organisations are considering automation and autonomous security systems, including systems that can automatically and independently react, change their security posture, and initiate self healing. However, while many organisations are exploring these capabilities, most are not truly comfortable with this approach yet. This comfort will likely increase greater as more AI-powered capabilities are leveraged and become more familiar.

The good news is that there are AI-native, unified security platforms that provide organisations with agentic AI capabilities that significantly improve their ability to detect and respond to threats at speed, while delivering the safeguards they need to comfortably adopt this transformative technology.

CrowdStrike already provides customers with game-changing agentic AI capabilities – like Charlotte AI Agentic Detection Triage and Charlotte AI Agentic Response and Agentic Workflows – that transcend ‘ask-and-respond’ co-pilots, delivering autonomous reasoning and action on first- and third-party data. These agentic AI capabilities operate with customer-defined bounded autonomy, enforcing defined guardrails that give security teams full oversight of AI-driven decisions. Organisations can control when and how automated actions occur, keeping AI-driven automation trusted, accountable and under human agency.

As someone who’s worked extensively across APJ, Europe, and META, how do regional cybersecurity challenges influence platform adoption and architecture choices?

There are differences in the cybersecurity challenges that certain regions or industries face. For example, the types of threats that financial services companies face differs to that of government agencies or telecom providers. However, what is important is that organisations understand the key drivers of today’s threat landscape. While nation-state adversaries and eCrime adversaries may have different motivations, their tactics and techniques are starting to blend.

Identity abuse has seen a rapid increase globally, as adversaries seek to leverage compromised credentials to log in, not break in, which allows them to hide behind the disguise of legitimate operations. Adversaries are also targeting cloud environments throughout the world – regardless of the varying levels of digitisation that exist in certain geographies – because of the valuable data and sensitive information that are stored in cloud environments.

A prime example of the regional to global shift in focus from adversaries is their use of social engineering tactics. A few years ago, a phishing email was identifiable based on its grammar, which was often either incorrect or not up to scratch. This meant adversaries had to be proficient in a local language or their target would be easily able to spot the phishing content as being malicious. Now, with generative AI, their grammar is spot on – sometimes even better than a human’s grammar. Adversaries can also craft more compelling messages that create urgency to persuade victims to act on their requests. These tactics and techniques highlight why organisations must have comprehensive visibility – that only a unified security platform provides – across their endpoints, identities and cloud environments to correlate attackers’ activity, eliminate blindspots, and stop breaches.

What unique innovations or strategic approaches have you seen emerging from these markets that could serve as a blueprint for global cybersecurity transformation?

Adopting a unified security approach ensures organisations have the security capabilities to stop breaches. While there’s no shortage of game-changing innovation across modern security platforms, the right blueprint comes back to consolidated architecture. It must be single-agent, single-platform, single-console, with each module sharing data and insights to the other, powering advanced AI that correlates platform-wide activity and delivers machine-speed detection and response.