CrowdStrike Summer Release 2017: Falcon Search Engine Brings Speed and Agility to Cybersecurity
Today we are proud to announce the CrowdStrike Falcon® Search Engine, the largest and fastest search engine exclusively for cybersecurity professionals. We recognize the transformative effects that search engines have had in other areas of our lives, and now we are bringing those benefits to the security industry. A search engine for cybersecurity means faster research and fuller understanding of a threat and its context — advantages that help CrowdStrike customers get ahead of, and stay ahead of, tomorrow’s threats. At the end of the day, security is all about speed and relevance: we want to empower our customers to outpace and outsmart the adversary.
The CrowdStrike Falcon® Search Engine, a subscription service, is the first of its kind and will be a true force multiplier for the experts in our industry. Specialists in key roles like cyber threat intelligence, security operations and threat research are fighting on the front lines every day, but they are hampered by slow tools that deliver incomplete and disjointed results. As organizations transition to the next-gen Security Operations Center (SOC) model, security teams demand tools that deliver comprehensive results in real time. The Falcon Search Engine makes these teams more agile by delivering security search results, augmented by in-depth threat intelligence, in seconds.
Two attributes make the Falcon Search Engine unique: speed and relevance.
Most malware research takes hours to get results from a single query that is only searching across a month’s worth of data. Just imagine how much more effective that researcher could be if provided with results in seconds from an index that includes more than five years of data. CrowdStrike’s malware search engine is the fastest in the industry, enabling searching of 560TB of data in mere seconds – compared to days or weeks with other systems. This speed delivers a 250X performance increase for malware research, without compromising on the amount of data being searched. It’s an exponential leap forward in a field where every second counts.
In search, speed is only an advantage if it yields the right answers. Imprecise or irrelevant search results can actually impede the research process and waste precious response time. CrowdStrike Falcon® Search Engine uses a revolutionary patent pending indexing technology that enables customers to search across file metadata, the binary contents of the file itself, and threat intelligence related to the file. The Falcon Search Engine binary index is game-changing for security researchers with the scope of the data it indexes and the speed at which it can be searched, delivering only the most relevant search results in real time.
We are uniquely positioned to deliver a cybersecurity search engine because of our cloud heritage. From Day One at CrowdStrike, we set out to build a true SaaS platform that is designed for scalability and speed. Our Falcon platform now collects and processes over 51 billion events every single day from our global installed base of endpoint protection customers. Combining that raw data with insights from our threat intelligence, managed threat hunting, and incident response teams has resulted in incredible effectiveness gains in the endpoint security space. With today’s launch of the Falcon Search Engine, we are expanding the platform’s capability in the malware and threat research space.
Introducing Falcon MalQuery
CrowdStrike Falcon® MalQuery launches today as the first component of the Falcon Search Engine. This subscription-only solution offers real-time malware search across the industry’s largest repository of malware samples — more than 700 million files — delivering the speed and relevance needed by SOC analysts, cyber threat intelligence professionals and threat researchers. Search results include complete details of all related malware and are further augmented by insights from CrowdStrike Falcon® Intelligence™, making it faster and easier for security teams to understand the threat and take protective action.
Falcon MalQuery streamlines malware research by delivering the following capabilities:
- Indexes file metadata as well as binary content from the largest searchable collection of malware in the world
- Simplifies search by supporting simple, plain text (ASCII and Unicode) or binary search (HEX), along with YARA-based queries
- Delivers results in seconds that include related malware samples and all of their attributes, including threat insights from CrowdStrike Falcon® Intelligence
- Reduces YARA rule testing and tuning iterations from hours to seconds
- Expands without compromise, starting with five years of historical data and constantly growing
Search has the power to transform security research and security operations. Today’s launch of Falcon MalQuery is the first step in our journey to build the most comprehensive search engine for cybersecurity. Over time, we are committed to indexing and providing access to additional elements from the Falcon platform. This will unlock billions of security events, artifacts and insights and put them at your fingertips through a simple search interface – ultimately enabling you to gain the upper hand against even the most sophisticated adversaries.