Live from Las Vegas for CrowdStrike Fal.Con 2025, theCUBE’s Dave Vellante and Rebecca Knight sit down with ColorTokens leaders Mac Grant and Sunil Muralidhar to talk about speed, stopping lateral movement and making SOC teams more effective. This conversation dives head-first into ColorTokens’ “be breach ready” approach and why microsegmentation is becoming a frontline control as breakout times shrink.
Grant and Muralidhar explain how ColorTokens integrates with CrowdStrike to avoid extra agents, use Falcon telemetry to push policy and deliver containment value in as little as 90 days. They share customer outcomes where segmentation kept the minimal viable business running across sectors like healthcare, manufacturing and pharma and describe how limiting the most abused ports and protocols adds friction for attackers. The discussion hits the SOC analyst experience, alert fatigue and how AI, including tools like Charlotte AI, can raise the signal while ColorTokens reduces noise. For CrowdStrike customers, they outline a five-day Zero Trust assessment that surfaces exposures and prescriptive next steps.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
CrowdStrike Fal.Con 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For CrowdStrike Fal.Con 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for CrowdStrike Fal.Con 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
CrowdStrike Fal.Con 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to CrowdStrike Fal.Con 2025
Please sign in with LinkedIn to continue to CrowdStrike Fal.Con 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Mac Grant & Sunil Maralidhar, ColorTokens
Live from Las Vegas for CrowdStrike Fal.Con 2025, theCUBE’s Dave Vellante and Rebecca Knight sit down with ColorTokens leaders Mac Grant and Sunil Muralidhar to talk about speed, stopping lateral movement and making SOC teams more effective. This conversation dives head-first into ColorTokens’ “be breach ready” approach and why microsegmentation is becoming a frontline control as breakout times shrink.
Grant and Muralidhar explain how ColorTokens integrates with CrowdStrike to avoid extra agents, use Falcon telemetry to push policy and deliver containment value in as little as 90 days. They share customer outcomes where segmentation kept the minimal viable business running across sectors like healthcare, manufacturing and pharma and describe how limiting the most abused ports and protocols adds friction for attackers. The discussion hits the SOC analyst experience, alert fatigue and how AI, including tools like Charlotte AI, can raise the signal while ColorTokens reduces noise. For CrowdStrike customers, they outline a five-day Zero Trust assessment that surfaces exposures and prescriptive next steps.
Live from Las Vegas for CrowdStrike Fal.Con 2025, theCUBE’s Dave Vellante and Rebecca Knight sit down with ColorTokens leaders Mac Grant and Sunil Muralidhar to talk about speed, stopping lateral movement and making SOC teams more effective. This conversation dives head-first into ColorTokens’ “be breach ready” approach and why microsegmentation is becoming a frontline control as breakout times shrink.
Grant and Muralidhar explain how ColorTokens integrates with CrowdStrike to avoid extra agents, use Falcon telemetry to push policy and deliver containm...Read more
exploreKeep Exploring
What does the phrase "Be breach ready" mean in the context of cybersecurity?add
What impact does the shrinking breakout period have on security operations center (SOC) teams, and how does microsegmentation help mitigate this issue?add
What is the concept and importance of microsegmentation in enhancing cybersecurity?add
>> Hello everyone, and welcome back to theCUBE's Live coverage of Fal.Con 2025 here in Las Vegas. I'm your host, Rebecca Knight, alongside Dave Vellante, my co-host and co-founder of theCUBE. I'd like to welcome two guests to our segment, Mac Grant, VP America Sales and Channels at ColorTokens. Welcome, Mac.
Mac Grant
>> Thank you, Rebecca. Good to be here.
Rebecca Knight
>> And his colleague, Sunil, Sunil Muralidhar, VP of Marketing and Partnerships at ColorTokens.
Sunil Muralidhar
>> Happy to be here.
Rebecca Knight
>> Thank you so much for coming on.
Sunil Muralidhar
>> Thank you. Thank you.
Rebecca Knight
>> So I'm going to start with you, Mac. Why don't you tell our viewers a little bit about ColorTokens and what you're all about?
Mac Grant
>> Oh, sure. So if you look at our tagline from our website, you'll see "Be breach ready"; three words, Be breach ready, which deserves a little bit of explanation. What we mean by be breach ready is, as most CISOs will attest, it's not a matter of if but when somebody's going to get past some sort of defenses. There's been a lot of time and effort put into protecting organizations from breaches occurring. Our job picks up when they do occur. And our job with Be breach ready as that phrase is once that happens, we want to defeat lateral movement through the proper use of software-based microsegmentation. So we can stop the lateral movement, which means an organization can really be confident that they will not be owned by ransom will. They won't have one of those big kind of security incidents.
Dave Vellante
>> So stop the breach, CrowdStrike, but if you can't.
Mac Grant
>> That's right.
Dave Vellante
>> That's where you guys come in.
Mac Grant
>> That's exactly right.
Dave Vellante
>> And so, we hear a lot about breakout times. What are the trends you're seeing in breakout times? They're shrinking, obviously. So that means you've got to go after lateral movement very quickly. George Kurt's always talking about speed. What's your point of view on this, Sunil?
Sunil Muralidhar
>> Yeah, I think CrowdStrike has been measuring the breakout period for the last several years. And you can see it's nosedived about 90%, right? Adversaries are getting out of the first laptop or whatever they compromised within minutes. And what that means is it puts a lot of strain on the SOC teams. Right? So they have to get back, they have to find this particular malicious attacker, they have to stop him. It's a lot of stress on a SOC team. So what microsegmentation does is actually helps you get more time. It adds more friction to the attacker so the attacker is not free to move on so easily. It reduces the attack surface for the attacker to move around. And that's what the SOC teams would love from us. Right?
Rebecca Knight
>> And are CISOs buying what you're selling, or do they see it as just another buzzword? Do they understand the idea of just slowing the attack down?
Mac Grant
>> They could certainly relate to it, that's for sure. And that's where our jobs come in, of course. And the reality is that there's a lot of skepticism around one thing that can solve all the problems. But we have customers, and I think when they engage with us and they talk with our customers, we have good friends that are CISOs that have been attacked on the same day that other organizations have been attacked with the same stuff. And if you have proper microsegmentation, you can stop it. And there's evidence of that and it has occurred.
Dave Vellante
>> But it's-
Mac Grant
>> But if you don't, it has,
Dave Vellante
>> Go ahead. Sorry.
Mac Grant
>> No, that's all right.
Dave Vellante
>> But it's seen as complicated by many. What have you guys done to simplify sort of an operationalized microsegmentation?
Mac Grant
>> Oh, that is such a great question, and it's right at the heart of why we're here at Fal.Con. So one of the challenges with microsegmentation has been historically, it's got a perception that it delivers incredible value because you can stop that lateral movement. But it's been hard to make progress because you have to, in a lot of cases, deploy yet another agent in order to get that done.
Dave Vellante
>> Right.
Mac Grant
>> With our integration with CrowdStrike, we don't have to deploy that agent. We communicate with CrowdStrike and we can gain the telemetry and then we can push the policy right back without deploying all the things that slowed things down. So, I don't know. Tell me where did I lie there, Sunil? Because I'm sure I did somewhere.
Sunil Muralidhar
>> No, you were great. You were great.
Rebecca Knight
>> Yeah. I was going to ask you, Sunil, can you walk us through a real-world scenario or circumstance where effective microsegmentation would've really slowed down the attack?
Sunil Muralidhar
>> Absolutely. I think we've got so many such examples. Customers actually tell us in their words that, "We would've been toast if not for you guys." Right? So that's what we really wake up in the morning all excited about. These are the kinds of testimonies that we love. And what happens usually is that when there is an attack, the rest of the organization that did not get attacked, that's what they're worried about. That's what the customers care about. They call it the minimal viable company or minimal viable business. They want to keep the parts of the business running as much as possible that will allow them to give customers their service. Right? So when an attack happens, it's our job to contain it, keep the rest of it free from the attacker, and let the business continue. And we've got customers from Mexico who is producing sugar to nuclear energy companies who saw a live attack being stopped by ColorTokens. The list is long.
Dave Vellante
>> We had Allie Mellon on a couple years ago from Forrester. She was doing a lot of research on the SOC analyst experience. And that wasn't something that a lot of people talked about. We're hearing with Charlotte AI and AI generally that experience is changing. What are you seeing and what role do you play in terms of making the SOC analyst's life easier?
Sunil Muralidhar
>> Absolutely. I can take that Mac, and you can add to it.
Mac Grant
>> Yeah, go ahead. Sure.
Sunil Muralidhar
>> So I think the SOC analysts are getting buried with alerts after alerts, right? So that's really what they're going through on a daily basis. And you brought this beautiful tool called the Falcon platform, right? It's like this Ferrari that you've got, but you're driving this Ferrari on a road that's got potholes, it's got roadblocks, it's got a whole bunch of stuff. Why I say that is you want the SOC team and the Falcon platform to be focusing on the most hardest problems that you're trying to solve. You want to cast the adversary. Instead, if you're dealing with low level alerts that could have very well been solved in the first place, that's what you want. So that's where we come in. We clear the road for the Ferrari, right? So we take away all the noise in the system, we reduce the noise level, and we increase the signal. We boost the signal that the SOC teams need, so 10% more productive SOC teams.
Dave Vellante
>> So you guys are relatively-
Sunil Muralidhar
>> 10X, not 10%.
Dave Vellante
>> Yeah, 10X. Oh, there you go. So now you're viable in my book. You've got to be 10X, right, as a startup?
Sunil Muralidhar
>> That's right.
Dave Vellante
>> But you're a relatively new company. What specific problem did you set out to solve, and has that evolved as sort of the AI heard around the world came out in November, 2022?
Mac Grant
>> You want to take that or do you want me to?
Sunil Muralidhar
>> Yeah, go ahead.
Mac Grant
>> All right.
Sunil Muralidhar
>> I can add to it.
Mac Grant
>> Yeah. I think what we want to shout from the mountaintops is there is an ability to stop lateral movement and there is an ability to be sure that you will not experience a debilitating cyber attack. And the way to make that happen is to properly microsegment your environment. And it can get done with our integration with CrowdStrike. It can get done in 90 days. So we don't have to look at a two-year or three-year deployment plan. We can deliver real value in 90 days to an organization, real risk mitigation.
Dave Vellante
>> And the secret sauce is the way in which you do microsegmentation, right? So explain that. Is that like you're cordoning off parts of the infrastructure so that the malware can't get out, and then you're sort of narrowing down? Is it like the Titanic where if three go, it's okay. If five go, it's not so... So explain that if you would.
Mac Grant
>> Yeah, a couple of different ideas there. Do you want to take the first shot at it?
Sunil Muralidhar
>> I can take it and then, yeah. Yeah. So you're right. I think it's all about breaking your entire network into smaller chunks. Like the Titanic, if there is flooding in one part of the ship, you don't want the whole ship to go down. So it is exactly that. That's the whole idea. The words segmentation and microsegmentation have seemed to be confusing the audience, right? So segmentation was invented maybe like decades ago, right? Segmentation initially started to manage the network. It was like monolithic. You wanted to have different IP addresses and so on to manage. Somewhere along the way, it became a security tool. Segmentation was never meant to be segmentation tool. Right? It was a network management tool. Microsegmentation, on the other hand, is all about reducing your attack surface and keeping it as small as possible so you can run the rest of your business. Right? So in theory, you're right that once something gets compromised, you want to keep it as small as possible, keep the rest aside, and then have somebody like CrowdStrike or somebody come in and contain it and clean it up, and then you're back in business again. Right?
Rebecca Knight
>> Didn't you say-
Dave Vellante
>> And do that in near real time. Sorry, Rebecca.
Rebecca Knight
>> Good.
Dave Vellante
>> You've got to do it before anything is exfiltrated, right? That's the key.
Sunil Muralidhar
>> In fact, you've got to do it before the breach. We say it's proactive security, not reactive, right?
Dave Vellante
>> Right.
Sunil Muralidhar
>> In the sense that imagine... It's like the kids in the school who do earthquake drills. They don't do it during, they do it before. They know exactly what to do. So this is more proactive. So if you can reduce the attack surface of your environment way before an attack happens, you're in a much better shape.
Rebecca Knight
>> Didn't you also say you're adding some friction to the attacker too, to thwart what's going on and slow it down?
Mac Grant
>> Yeah. Well, think of it this way. Look around this conference. This conference would not exist if it weren't for standards. Attackers have standards too. They would not be successful if they didn't have a reason to believe that every one of the customers that's in this is running a lot of the same protocols, it's built on the same IP stack, all of that stuff. Right? So because they have those standards, we know what ports and protocols those attackers are using to move laterally. So the very first thing that we do when we go into microsegment and environment is once we've gotten the technology out there with CrowdStrike, we take a look at the most abused and the riskiest ports from the perspective of can an attacker use it to move laterally? And we limit the use of those ports and protocols so that when the attacker lands in, before we even do any left to right segmentation, we limit their use of those risky ports and protocols that they need to move laterally. So that's how we're able to deliver value in 90 days or less, because those are not the same ports that the applications are using, by and large.
Dave Vellante
>> Mac, as the go-to-market guy, what are you hearing from customers? What are their two or three most pressing concerns right now that you're hearing?
Mac Grant
>> Oh, so a hundred percent if you talk to CISOs, they are concerned about these types of existential cybersecurity threats like ransomware, and they're concerned about the cost that they're incurring in order to defend effectively against it. So they're looking for ways to flip that math and give them a chance to fight against it while at the same time fighting for the budgets. And that's where the magic of CrowdStrike and ColorTokens working together can help, because we can leverage the investment they've made in CrowdStrike, layer microsegmentation on top of that, and get more bang for the buck, quite frankly.
Rebecca Knight
>> Excellent, excellent.
Sunil Muralidhar
>> And I might even want to add to that, if that's okay.
Mac Grant
>> No way.
Rebecca Knight
>> Yeah.
Sunil Muralidhar
>> So imagine, if you go to a hospital, the questions or the concerns that they have is different. They want to keep their Epic system secure, they want to protect their medical devices. But if you go to a manufacturer, on the other hand, they're worried about the factory floor. They're worried about the devices that are on their OT networks that needs to be protected. If you go to a pharma, for example, the CISO is worried about the labs where they're mixing these chemicals and they got to get that right. And they are under attack too. Those are IOT and OT devices there. So depending on who, which vertical you're talking to, the concerns are different. But at the end of the day, it's exactly the same thing that we do, which is to give you that peace of mind with microsegmentation right across the enterprise.
Rebecca Knight
>> So for the CISOs who want to see this in action, what is your advice in terms of helping them evaluate whether this makes sense for their environment? Mac?
Mac Grant
>> Engage us. We are here at Fal.Con, come see us at our booth, hit our website, request a demo. We're happy to engage. We've got personnel all around the globe ready to engage with enterprises to talk about this, their concerns.
Sunil Muralidhar
>> Yeah. And specifically for our CrowdStrike customers, you can get a zero-trust assessment done in five days. We give you a beautiful report that tells you where your vulnerabilities are, what recommendations that we have. And because of our integration with Falcon, it can be done very quickly, no effort involved from the customer side. In five days, you know what to do.
Rebecca Knight
>> Excellent.
Dave Vellante
>> Awesome. Thank you, guys.
Rebecca Knight
>> Excellent. Well, Mac and Sunil, thank you both so much for coming on theCUBE. This was a great conversation.
Mac Grant
>> Thanks for having us. Good luck. Really enjoyed it.
Sunil Muralidhar
>> We enjoyed it. Thank you very much.
Rebecca Knight
>> I'm Rebecca Knight for Dave Vellante. Stay tuned for more of theCUBE's live coverage of Fa.Con 2025. You're watching theCUBE, the leader in enterprise tech news and analysis.
Rebecca Knight
Dave Vellante