Fal.Con 2026

Fal.Con 2026 preview

Fal.Con is CrowdStrike's flagship annual user conference, gathering CISOs, security operations leaders, threat intel professionals, and incident responders running the Falcon platform across endpoints, cloud workloads, identity, and SIEM. Fal.Con consistently convenes the largest CrowdStrike customer audience of the year for keynotes, threat briefings, hands-on workshops, and the kind of practitioner exchange that defines a serious user conference.

Fal.Con 2026 takes place August 31 through September 3, 2026 at the Mandalay Bay Hotel in Las Vegas. The agenda is built around the full breadth of where the Falcon platform now operates — endpoint, cloud workload protection, identity threat protection, exposure management, next-generation SIEM, and the AI-driven SOC — anchored by the threat intelligence content that gives Fal.Con its characteristic gravity. For any organization defending production environments with the Falcon platform, Fal.Con is the most concentrated source of practical, actionable insight on the calendar.

Meet Echo at Fal.Con

Fal.Con attracts exactly the teams Echo is built for. CISOs, SOC leaders, cloud security architects, and the AppSec functions trying to keep their workload attack surface manageable — these are the people in the room. And for all of them, one of the most persistent operational headaches is the volume of vulnerability and exposure findings that Falcon Cloud Security and adjacent tooling generate on container workloads, the vast majority of which trace back to upstream CVEs in base images that the customer did not write and cannot easily fix.

Echo handles all of it. Every Echo image ships CVE-free, FIPS-validated using a CMVP-validated cryptographic module, and pre-hardened against DISA STIG requirements — so your team inherits a clean baseline rather than building one from scratch. Echo supports the largest variety of FIPS-validated crypto modules available, including OpenSSL, BoringCrypto, and Bouncy Castle, meaning you are covered regardless of what your development stack has chosen. All images ship with full SBOM transparency in both SPDX and CycloneDX formats, plus signed provenance and attestation via cosign and sigstore.

For Falcon customers, that combination produces a measurably smaller workload attack surface. Falcon Cloud Security surfaces fewer exposures, the SOC has less low-context noise to triage, and the signal Falcon delivers gets sharper because the underlying noise is lower. Echo's STIG validation tool produces per-image reports covering every required STIG check; the FIPS runtime tester verifies cryptographic compliance at runtime; and Echo's continuous monitoring scans, documents, and forwards justifications for unfixed vulnerabilities automatically — turning what is normally an analyst-hours problem into a configurable pipeline output.

The results speak for themselves: teams using Echo eliminate 10,000 CVEs, save 4,000 engineering hours per year, bring average remediation time down to 3 days, and can report and triage new findings in under 24 hours. To see what this looks like in practice, read how Varonis used Echo to achieve FedRAMP authorization — with zero vulnerabilities showing up at audit and an experience their Deputy CTO described as "just a smooth ride." For Falcon customers under FedRAMP or other regulated-market requirements, the same upstream-clean approach is reshaping audit posture across the program.

At a conference defined by the practical realities of defending modern enterprise environments, that is a message worth hearing.

What to expect at Fal.Con 2026

Fal.Con 2026 follows the structure that has made the event one of the most-attended security conferences of the year: deep threat briefings from CrowdStrike's intelligence team, hands-on workshops on the Falcon platform, customer-led keynotes covering operational maturity at scale, and breakout tracks across cloud workload protection, identity threat protection, exposure management, and next-gen SIEM. AI security is expected to dominate the 2026 program — both as a defensive accelerator and as a new class of risk that the SOC has to defend against.

Threat content remains the gravitational center of Fal.Con. CrowdStrike's intelligence team continues to publish the kind of detailed adversary tracking that is hard to find anywhere else, and the briefings consistently surface insight that shifts how attendees think about their threat model going into the next year. Networking opportunities — with SOC leaders, threat researchers, and the broader Falcon ecosystem — make Fal.Con one of the most efficient venues in the calendar for the relationships that matter to a modern security program.

Fal.Con 2026 passes and rates

Fal.Con 2026 registration is now open. Early-bird pricing is available for those who register early — securing your spot early is the best way to lock in the best rate and guarantee access to the most in-demand workshops and hands-on sessions, which historically fill quickly. Full pass pricing and registration details are available directly from CrowdStrike at crowdstrike.com/falcon. Fal.Con draws a senior, security-operations-heavy audience — the people who own SOC outcomes, threat intelligence programs, and cloud workload protection at their organizations. With Mandalay Bay's capacity behind it, the event scales without diluting that focus, but the most valuable session and workshop slots fill quickly. Registering early is recommended for anyone planning to attend.

Meet Echo at Fal.Con 2026

The Echo team will be at the Mandalay Bay Hotel in Las Vegas for Fal.Con 2026 for 1:1 conversations about how Echo can transform your container workload security and audit posture. Whether you are running Falcon Cloud Security at scale, navigating FedRAMP or CMMC requirements, or trying to break through a vulnerability and exposure backlog that has become a permanent line item, come find us. We can walk you through exactly how Echo's CVE-free, FIPS-validated, STIG-hardened images change the picture — and what your Falcon dashboards, audit evidence, and analyst capacity look like when your container images stop being the source of the findings.