It was a pleasure to be at Black Hat USA 2018 in Las Vegas this year, where I was able to talk with customers, analysts and media to share my excitement over new, expanded capabilities of the CrowdStrike Falcon® platform. They were particularly interested in the extension of our game-changing Falcon X™ solution. With the introduction of Falcon X, CrowdStrike became the first company to truly integrate threat intelligence with endpoint protection. Now, Falcon X Premium broadens the scope of the Falcon X offering by adding intelligence reports with global indicators of compromise (IOCs), intelligence support, custom malware analysis, and all Falcon Intelligence™ APIs. This ability to combine the protective capabilities of endpoint security with the predictive capabilities of threat intelligence has been our vision since founding CrowdStrike.
Adaptive Security Architecture Model Fulfilled
We’re not the only ones who recognize the importance of this integrated approach. This vision of “prevent, detect, respond and predict” as the core elements of effective protection has been validated by Gartner’s adaptive security architecture. Most technologies offer the first three, but CrowdStrike is the only endpoint security provider to deliver all four. This is important because the predictive piece is what will finally move the industry to a proactive state. Simply stopping attacks when they arrive at your doorstep is not good enough. We need to learn from all of those encounters and treat them as an opportunity to identify who is attacking us, their motivations and where they are likely to strike next. This allows you to marshal your defenses and focus on the highest value targets, giving you the ability to optimize your defense against future attacks.
Ultimately, this benefits the entire industry by raising the cost to the adversary. Adding threat intelligence to your defenses makes it much harder for attackers to re-use their tradecraft — in essence, you are forcing them to be more selective and invest more of their time and resources in finding and operationalizing new tactics, techniques and procedures (TTPs).
That’s why Falcon X and the new features we’ve added in Falcon X Premium are so vital. We firmly believe that enabling automated threat intelligence and analysis capabilities is the “next big thing” in endpoint protection – and Gartner* agrees, stating: “By 2021, endpoint protection platforms (EPPs) will provide automated, orchestrated incident investigation and breach response.”
It’s important to emphasize that any size organization can benefit from Falcon X, from the largest enterprise to the smallest company. For a large, distributed organization that has its own dedicated 24/7 security operations center (SOC), Falcon X helps automate and accelerate the triage process dramatically. Typically it takes an average of eight hours for a security team to understand what a piece of malware is trying to do, including all the related research that’s required. With Falcon X, we can accomplish that in about 10 minutes. At the other end of the spectrum, for small and mid-sized companies that don’t have a dedicated SOC, Falcon X delivers rich, fully-automated intelligence, instantly giving them the same level of security enjoyed by the world’s largest organizations.
An Adversary-Centric Approach to Threat Intelligence
We believe we’re doing threat intelligence better than anyone else because we take an adversary-centric approach that allows you to truly know your enemy. Falcon X is powered by the Falcon Intelligence™ team, a group of elite intelligence analysts who are able to drill down to different geographical regions and industry sectors, look at the threat actors operating in those areas with deep understanding of their specific motivations, campaigns and TTPs — then anticipate their next likely activities and targets. This information is instantly disseminated globally so that all organizations in the CrowdStrike community are proactively prepared.
Other Enhancements to Your Cybersecurity
Thanks to everyone who attended Black Hat last week and took the time to stop by and chat with our security experts about Falcon X, Falcon X Premium and other new features and enhancements to the Falcon platform, such as Falcon Device Control and our new security features for Docker environments. I hope you were able to sense our genuine excitement and unstinting commitment to delivering the most powerful and effective cybersecurity on the planet, and doing it with virtually zero impact on endpoint performance. Our mission and our brand promise to customers has never wavered from Day One: We stop breaches.
*Gartner “Magic Quadrant for Endpoint Protection Platforms” Ian McShane, Avivah Litan, Eric Ouellet, Prateek Bhajanka, 24 January 2018.
- Watch my video on Falcon X Premium.
- Read the press release about Falcon X Premium.
- Read the press release about Falcon Device Control, Docker security and the MITRE ATT&CK Framework.
- Read a blog by CrowdStrike Chief Product Officer Amol Kulkarni.
- Get a full-featured free trial of CrowdStrike Falcon Prevent™ and learn how true next-gen AV performs against today’s most sophisticated threats.