CSO Magazine Reviews CrowdStrike Endpoint Detection and Response: “Falcon Breaks the EDR Mold”

Paper Airplanes Flying In Different Directions

A recent product review in CSO Magazine titled, “CrowdStrike Falcon Breaks the EDR Mold,” explains how the CrowdStrike® Falcon endpoint detection and response (EDR) solution transcends the standard industry EDR approach and “breaks the mold, offering EDR in a new way that is easy to install and manage, always keeps its agents connected to a central hub, and enables immediate responses to threats as well as the ability to unmask and counter known threat actors whenever they strike.”

Testing Falcon

The author of the review, John Breeden II, lists several factors that distinguish the Falcon platform from a growing number of solutions that offer EDR, but don’t meet the standard that CrowdStrike has set in the EDR market. Some of the characteristics cited in the review include the following:

  • “The biggest differentiator with Falcon is that the brains of the platform exist complete in the cloud,” Breeden writes. He argues that any attack on a Falcon-protected endpoint, anywhere, can benefit all customers, and that the advantage of this “shared defense model far outweighs any outdated concerns about keeping everything inside an owned security perimeter.”
  • The Falcon agent is very lightweight and is constantly connected to the Falcon hub in the cloud so users get an instant response to new threats as they are discovered. Because the traffic generated is spread out over an entire 24-hour period, network connectivity is never bogged down.
  • Falcon’s discovery model shows the number of agents deployed and where, so users can see which endpoints are covered. Breeden explains, “It does not take very long at all to install agents, and the whole process can be scripted for even greater speed.”
  • The review cites that agents remain connected to “the brains of the system inside the cloud” so that there are constant updates, with new attacks identified quickly so a threat response can be instantaneous. Breeden says, “In our testing, it took less than a minute for the details of a new variety of attack made against an endpoint at one organization to be shared with all of the endpoints at others.”
  • The author also addresses Falcon’s comprehensive reporting via a detailed process tree, stating, “Where many EDR platforms will simply report on the successful blocking of a malicious program or restricted process, Falcon graphically shows all the other associated activity happening on that same endpoint.”

Example of a detailed Falcon process tree

Other Falcon Platform Attributes

The reviewer also cites the value provided by Falcon OverWatchTM managed threat hunting, which is an integrated part of the Falcon platform. In describing the work of the OverWatch team Breeden says, “CrowdStrike can alert local IT teams about dangerous threats they might have overlooked or not prioritized, work with them to solve problems, or even mitigate threats on their behalf.”

The reviewer also explains how CrowdStrike recognizes the importance of gathering threat intelligence, such as IP addresses and the tools and techniques used, so the adversary can be unmasked.  He writes, “Once they have enough information, CrowdStrike gives the hacker group a name, a cartoon-like icon, and a full report about their activities, and thereafter, the platform can identify those same attackers and lets targeted organizations know if they ever launch a campaign against them.”

Falcon Is “Close to Perfect”

The CSO review closes by reiterating the value of CrowdStrike’s cloud-based, comprehensive approach to cybersecurity in general, and EDR in particular. Breeden writes, “While the concept of cloud-based EDR may be a bit of a stretch for more traditionally minded IT security teams, in practice, the advantages far outweigh any concerns. The CrowdStrike Falcon Platform is highly responsive, easy to use and install, and has agents that are kept constantly up to date about the latest threats occurring worldwide. When you add in the optional Overwatch feature, it’s a form of endpoint protection that comes about as close to perfect as one can get in this era of constant attacks.”

Additional Resources

CrowdStrike Falcon Free Trial

Try CrowdStrike Free for 15 Days Get Started with A Free Trial