Cushman & Wakefield Speeds Investigations and Reduces Costs by Consolidating with CrowdStrike

Cushman & Wakefield, a global leader in commercial real estate services, operates in 60 countries with nearly 400 offices, 52,000 employees and billions in annual revenue. Many of these employees work onsite with clients, creating a dynamic and distributed workforce. 

“With so many employees working outside our offices, relying on a traditional security stack was never going to be sustainable,” explained Erik Hart, CISO at Cushman & Wakefield. “We needed a modern approach that would protect our workforce wherever they were, without the constraints of legacy infrastructure.”

In 2018, Hart brought in CrowdStrike, initiating a multi-year cybersecurity transformation journey focused on consolidation, innovation and protecting the company from modern threats.

When Erik joined Cushman & Wakefield, the company relied on a traditional antivirus product that posed significant challenges to its distributed workforce and security team. The solution required employees to connect via VPN to receive updates and send telemetry, a process that proved inefficient given that 70% of Cushman’s workforce operated outside corporate offices. Additionally, the legacy product demanded extensive infrastructure management.

“We needed an alternative that was lightweight, easy to deploy and could protect our endpoints no matter where they were,” Erik explained. The decision to implement the AI-native CrowdStrike Falcon® cybersecurity platform marked the beginning of a major shift.

The initial deployment of CrowdStrike Falcon® Insight for endpoint detection and response (EDR) was seamless. With a single lightweight agent, Cushman & Wakefield’s security team could protect over 35,000 endpoints globally without disrupting performance or requiring costly infrastructure. This eliminated the need for resource-intensive projects that previously consumed months of time and significant human resources.

“We deployed CrowdStrike once and haven’t had to think about it again,” Erik shared. “It just works. We’ve reduced the time spent on upgrades and maintenance from months to virtually zero, freeing up our team to focus on strategic initiatives.”

With endpoint telemetry pouring into the Falcon platform, CrowdStrike Falcon® Adversary OverWatch managed threat hunting service became a critical extension of Cushman & Wakefield’s security operations, delivering proactive threat detection and response.

“OverWatch alerts are treated as major incidents. They’ve been incredibly accurate, allowing us to respond quickly and decisively,” noted Erik.

Building on the success of its EDR deployment, Cushman & Wakefield turned its attention to protecting its workforce’s identities — a vital need as the company’s reliance on SaaS applications grew. The activation of CrowdStrike Falcon® Identity Protection offered advanced capabilities to seamlessly manage and secure user identities.

Cushman & Wakefield enhanced its defenses against identity-based threats using the same lightweight Falcon agent already deployed for endpoint security. New capabilities included identifying and disabling stale privileged accounts that posed potential security risks, enforcing multi-factor authentication (MFA) across key access points and implementing tailored security policies for high-risk employees.

“Identity is the new firewall,” Erik explained. “With 80% of our operations powered by SaaS, protecting our workforce’s identities is critical. CrowdStrike’s identity protection module has been a game changer, both for visibility and ease of use.”

Learn how Falcon Identity Protection delivered $1.26M in total benefits over three years.

Falcon Identity Protection enabled Cushman & Wakefield to reduce vulnerabilities linked to stale or misconfigured accounts. Through continuous monitoring, the team gained better insight into user behavior and potential misuse, both for its on-premises Active Directory (AD) and cloud-based Microsoft Entra ID deployments. 

Additionally, deploying identity protection from the Falcon platform allowed the company to consolidate tools and streamline operations. “The beauty of this integration is that it doesn’t just add a new layer of security, it enhances how all layers work together,” Erik added.

Cushman & Wakefield’s adoption of CrowdStrike Falcon® LogScale marked another major milestone in its cybersecurity consolidation journey. Before implementing Falcon LogScale, the company’s log management process relied on rudimentary tools and external collaborations, which often resulted in slow and inefficient investigations. Logs were manually aggregated from multiple sources, a process that could take weeks to complete.

Falcon LogScale transformed this process by offering lightning-fast data ingestion and search capabilities, enabling Cushman & Wakefield to automate many routine tasks. Investigations that once required significant time and resources were now completed in hours or even minutes. 

“With Falcon LogScale, we’ve reduced investigation times by two-thirds. Our SOC can now focus on proactive threat hunting instead of spending countless hours on manual data aggregation,” said Erik.

The cost efficiency of Falcon LogScale further reinforced its value. Compared to other solutions, Falcon LogScale proved to be three times more cost-effective and twice as fast. This efficiency allowed the company to maximize the utility of its security tools while minimizing operational overhead.

Falcon LogScale’s seamless integration with other Falcon platform modules amplified its impact. The team could quickly correlate data from endpoint, identity and other areas, creating a unified view that enhanced both visibility and response times. 

“The integration between Falcon LogScale and the rest of the Falcon platform has been tremendously helpful,” Erik noted. “We can now take immediate action based on insights derived from a single, cohesive platform.”

Cushman & Wakefield’s longstanding alliance with CrowdStrike has been instrumental in its cybersecurity transformation. Erik credits CrowdStrike’s exceptional support and commitment to innovation as key factors in the company’s success.

“CrowdStrike’s support is unmatched,” Erik said. “Whether it’s a simple question or a critical issue, we always get answers quickly. They truly operate as an extension of our team.”

Looking ahead, Cushman & Wakefield plans to explore additional CrowdStrike capabilities, including vulnerability management. Erik sees these investments as part of a broader strategy to consolidate tools, enhance visibility and stay ahead of emerging threats.

“Cybersecurity is a team sport,” Erik concluded. “By collaborating with CrowdStrike, we’ve built a resilient security program that protects our business, empowers our workforce and enables us to lead as innovators in the industry.”