As CrowdStrike® continues its mission of stopping breaches by harnessing the cloud to deliver the most powerful and effective cybersecurity on the planet, I’m excited to share with you the incredible advancements that are part of the CrowdStrike 2018 Summer Release. These new solutions and features will be a central focus for us at Black Hat this year and they exemplify CrowdStrike’s commitment to protecting our customers from today’s most sophisticated and virulent threats.
The advancements we will be sharing at Black Hat include: extending the capabilities of CrowdStrike Falcon X™; the introduction of Falcon Device Control™; and expanding our Linux capabilities to secure Docker container environments. CrowdStrike is also adopting MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework. Below are some details of these important new additions to the CrowdStrike platform.
Falcon X Premium
As part of our Spring Release in April, we introduced Falcon X, the first commercial product to automate threat analysis and deliver actionable, contextualized intelligence and custom indicators of compromise (IOCs) tailored to stop the specific threats our customers encounter. As our CEO George Kurtz states in his video blog today, the CrowdStrike Falcon® platform’s ability to fully automate threat intelligence is a major step forward in helping security teams take immediate and prioritized action on threats actively targeting their endpoints.
Today, we are announcing Falcon X Premium, which builds on the Falcon X offering by expanding its scope with the following new features:
- Intelligence Reports — Falcon X Premium delivers trusted, in-depth threat intelligence reports from the CrowdStrike Falcon Intelligence™ team that include real-time threat alerts, technical reports with expert analysis, and strategic reports outlining threats to specific industries, regions and infrastructure.
- Threat Monitoring — This feature provides tailored, automated monitoring that looks for adversary activity against an organization, enabling teams to prioritize resources and effectively respond to impending cyberattacks.
- Expert Malware Analysis — This allows customers to escalate interesting malware samples to a CrowdStrike expert for deeper research or to get a second opinion.
- Intelligence Support — The world-renowned Falcon Intelligence team ensures it has a clear understanding of customers’ intelligence requirements and that they are successfully onboarded; the team also delivers customized, quarterly reviews.
- YARA/SNORT Rules — Integrating these rules into your security infrastructure keeps you ahead of the latest adversary threats. YARA and SNORT rules created and validated by CrowdStrike experts enable faster responses with fewer false positives.
Falcon Device Control
The portability and ubiquity of USB devices has made them popular business tools, but they also pose a significant risk as conduits for malware, exploits and data leakage. That’s why CrowdStrike has developed Falcon Device Control, providing both extensive visibility and control over USB devices across distributed environments. Falcon Device Control provides unprecedented visibility across all USB devices in even the largest, most geographically dispersed environments, and ensures granular policy enforcement. As with all Falcon solutions, device control is seamlessly integrated into the platform and delivered via Falcon’s single lightweight agent and unified management console.
Falcon Device Control is another example of the easy extensibility of the cloud-native Falcon platform and why we are able to deliver such a rich array of security solutions while incurring minimal impact on performance. The deep visibility and customizable granular control exemplify unique capabilities that CrowdStrike brings with each of its products.
Securing Docker Containers
Cloud container technology, such as Docker, has allowed applications to be built, tested and deployed quickly by incorporating all the tools the software needs in each container, including libraries, system tools, code and runtime. This allows applications to be deployed and scaled to any environment instantly, but it also exposes organizations to yet another attack surface — one not easily protected by today’s standard endpoint protection solutions. Today cloud engineering teams want the flexibility and agility to deploy and iterate on code rapidly using DevOps practices. CrowdStrike firmly believes in empowering DevOps teams while simultaneously enabling security teams to have full visibility and control over such container environments.
CrowdStrike offers Docker compatibility that extends the protection of Falcon InsightTM endpoint detection and response (EDR) on Linux platforms, to ensure comprehensive visibility and protection across Docker platforms – all delivered via the same lightweight Falcon agent. Using CrowdStrike’s advanced artificial intelligence (AI), machine learning and behavioral protection, Falcon Insight identifies potential attacks within Docker containers in real time, enabling security teams to respond to threats quickly and effectively, and closing a security gap that can leave organization’s exposed.
CrowdStrike Adopts the MITRE ATT&CK Framework
While we continue to deliver industry-leading EDR capabilities, we have always strived to improve the productivity of SOC analysts. CrowdStrike led the way in identifying threat actors with unique, easy to remember names. These names are widely used by the entire industry. Today we are taking the next step by mapping alerts and detections in the Falcon Platform to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) Framework. The MITRE ATT&CK Framework is an independent industry standard and model for describing the actions an adversary might take to compromise, and operate within, an enterprise network. The framework helps to define and describe adversary behavior and can provide details on the tactics, techniques and objectives an adversary employs.
The framework offers details on adversary behavior based on the observations of millions of real-world attacks. This integration with the Falcon platform’s detections can shorten the time required to triage alerts, thus accelerating prioritization and remediation. Security teams will be able to instantly understand at which stage the adversary is operating, and answer key questions that can prioritize and accelerate responses — giving them the edge they need when dealing with sophisticated and stealthy attackers.
CrowdStrike Threat Graph: The Brains Behind the Falcon Platform
None of the powerful protection the Falcon platform delivers would be possible without the industry’s first graph database for security, CrowdStrike Threat GraphTM. Since we announced in May that CrowdStrike is now processing and analyzing more than 100 billion events per day into the CrowdStrike Threat Graph, we have continued to increase the data that is collected and correlated by CrowdStrike’s purpose-built, cloud-native graph database. The number is now up to 150 billion events per day and growing — which translates into 3.5 million blocking decisions every second. Our ability to process these massive amounts of data and share the results in real time with every customer across the globe is only possible through the power of the cloud, and the remarkable accomplishments of our world-class engineering team. It enables us to deliver the complete context of threats — the “how, why and when” — ensuring that the world’s best detection, prevention and remediation is delivered with unrivaled speed and accuracy. CrowdStrike’s cloud-native architecture is also the foundation of the Falcon platform’s unmatched extensibility, scalability and efficacy, and why we will continue to be the leader in stopping breaches.
- Read a blog with a video on Falcon X by Crowdstrike CEO George Kurtz
- Visit the Falcon X Premium web page.
- Visit the Falcon Device Control web page.
- Read the press release about Falcon X Premium.
- Read the press release about Falcon Device Control, Docker security and the MITRE ATT&CK Framework.
- Get a full-featured free trial of CrowdStrike Falcon Prevent™ and learn how true next-gen AV performs against today’s most sophisticated threats.