CrowdStrike Delivers a Trifecta of New Products and Features: CrowdStrike Falcon® Intelligence, EPP Complete and Major Enhancements to Falcon Insight
April 16, 2018George Kurtz Executive Viewpoint
I’m proud to announce that CrowdStrike® continues its mission to deliver the most powerful endpoint protection in the industry with our spring platform release — a trifecta of new security solutions designed to push the envelope on proactive security, conserve internal security resources and enable instant response access across your distributed enterprise.
CrowdStrike Falcon® Intelligence — Making Predictive Security a Reality
If you really want to stop breaches, you need to get proactive. CrowdStrike believes this deeply — and so does Gartner. Their Adaptive Security Architecture (ASA) model recommends security architecture that can detect, respond, prevent and predict. Most products on the market today do three of the four — prevention, detection and response. These are important capabilities, but they are all reactive. For truly proactive security, you need be able to predict future attacks and deploy proactive countermeasures. CROWDSTRIKE FALCON® INTELLIGENCE™, CrowdStrike’s new threat analysis module, does just that. By adding these new predictive capabilities to the AI and behavioral analytics on which the Falcon platform is built, we further empower our customers to stay one step ahead of the adversaries.
This is big. Until now, the process of learning from attacks, then applying that knowledge to proactively and predictively prevent future attacks, was simply beyond the reach of most organizations. Even the largest security teams are limited in their capacity to do predictive protection. The resources and skills necessary to conduct these kinds of investigations and turn that analysis into proactive security measures are substantial and the number of incoming attacks is too high. For a large team to apply this process to even 10 percent of the attacks they encounter would be impressive. And for small teams — forget about it. The process has been simply out of their reach. This has left almost every security team worth their salt feeling uncertain, worried, and with little confidence in their ability to stop the attacks of tomorrow.
That changes today. CrowdStrike Falcon® Intelligence is the first commercial product to automate the entire threat analysis process and deliver actionable intelligence and indicators of compromise (IOCs) specifically tailored for the threats you encounter. You can share these IOCs with other security tools to strengthen your overall security posture and you can use the intelligence gleaned from the attacks targeting your environment to inform security decisions, so that you can marshal your resources in the most effective manner possible. CrowdStrike Falcon® Intelligence enables you to quickly see all the relevant threat intelligence and receive IOCs for the threats you encounter (and for all the known variants of those threats) — making it easy for your team to deploy proactive countermeasures against future attacks. That sound you hear is the predictive piece of the security puzzle snapping into place.
To clarify, CrowdStrike Falcon® Intelligence offers these two critical benefits:
- Customized IOCs (machine-readable) — These are “custom” because they come from threats you actually encountered. They are superior to other IOCs because they include indicators from all related samples. This is an exclusive feature, made possible only because of Falcon Malquery™, CrowdStrike’s massive malware repository. These IOCs can be immediately shared via our API so that other security products can be made more effective instantly. This allows you to be truly proactive because the IOCs include protection against the threat you just encountered and the next ones, since they include all known variants and critical items that can persist across multiple variants (i.e. command and control IP addresses or the underlying vulnerability being exploited by the attack, etc.).
- Customized threat intelligence (human-readable) — This is about really understanding the “who, why and how” — and specifically the “how important” — aspects of an attack. When they receive an alert, most administrators simply don’t have enough information to determine what the appropriate level of response should be. Should they ignore it, or call the FBI? Are they being targeted by a sophisticated threat actor, or did they just get caught up in a commodity malware dragnet? These are key questions that drive the decision-making for security teams, but without CrowdStrike Falcon® Intelligence it is very difficult to get answers. With CrowdStrike Falcon® Intelligence you get the right answer — and you get it in seconds, not hours or days.
Delivering this degree of automation will be a rising tide that lifts all ships. Big security teams can now stop picking and choosing which threats to analyze and start analyzing all of them. Small security teams can unlock access to a critical security capability. And, of course, with more security teams operating at this level, they will be raising the cost to the adversary. Because of the revolutionary real-time, cloud-based, massively scalable CrowdStrike Falcon® endpoint protection platform (EPP), predictive security is now within reach for all organizations, regardless of their security team’s size or sophistication. Let’s move the industry forward and make every organization more able to stop breaches.
Learn More About CROWDSTRIKE FALCON® INTELLIGENCE
Falcon EPP Complete — Comprehensive Turnkey Security
Another exciting solution that’s part of CrowdStrike’s spring platform release is Falcon EPP Complete™. This is a real game-changer because it allows any organization, regardless of their size or skill level to raise their security to the highest possible standard. EPP Complete combines CrowdStrike’s unmatched protection technologies with the people, processes and expertise necessary to handle all aspects of endpoint security — everything from onboarding, configuration and maintenance, to monitoring, incident handling and remediation.
The EPP Complete solution combines the effectiveness of the Falcon platform with the efficiency of a dedicated team of CrowdStrike security professionals. By unifying all the elements needed to handle every aspect of endpoint security into a single turnkey offering, every organization now has access to a complete, hassle-free security solution that instantly puts them on par with the world’s best-protected private and public organizations. The integration of Falcon’s best-in-class prevention, detection, response and IT hygiene capabilities, coupled with the Falcon EPP Complete team of security experts, provides a powerful defense against threats of all types, from commodity malware attacks to the rapidly changing tactics, techniques and procedures (TTPs) used by the world’s most skilled and determined adversaries. EPP Complete’s scalability means it can offer the highest level of endpoint security possible — and more importantly, the peace of mind that comes with it — to virtually any organization in any industry, anywhere in the world.
Falcon Insight Adds Real Time Response and Real Time Query Capabilities
Another development included in our spring platform release are two new features we’ve added to our Falcon Insight™ endpoint detection and response (EDR) solution. Real Time Response and Real Time Query empower incident responders by providing deep access to systems across your distributed enterprise — allowing you to contain compromised systems, fully investigate incidents, and eradicate threats with surgical precision, all in an instant.
With Real Time Response, we’ve added powerful interactive capabilities that deliver instant visibility into the local file system, registry, network, and more. It also allows you to close the door on threats by killing malicious processes and removing remaining traces left behind by the attacker. Real Time Query delivers ultimate visibility and control — empowering your team with custom-tailored information collection and response actions.
These new features enable teams to remediate security-related incidents faster, more effectively and more efficiently than ever before. By being more strategic with your incident response efforts, you’ll be able to take decisive remediation steps quickly and minimize damage from cyber incidents, while operating with full knowledge of what is happening in your environment. The ability for you to respond from anywhere allows your organization to get back to business quickly, minimizing the costs associated with a cyberattack.
In closing, to our existing customers: We are sincerely grateful for your unwavering support. Your feedback continues to drive our roadmap, and we are dedicated to earning your loyalty by executing our mission, which is to consistently deliver the most effective endpoint protection on the planet.
Learn More About Falcon Insight
- Read the CrowdStrike Falcon® Intelligence press release
- Read the Falcon EPP Complete press release
- Read the Real Time Response and Real Time Query press release
- Attend a demo of the CrowdStrike Falcon® platform and see these new features in action.
- Get a free trial of Falcon Prevent™, CrowdStrike’s unrivaled next-gen antivirus solution.