This blog is by YETI Holdings Inc. (NYSE: YETI) Senior Security Architect Eric Ooi and discusses what led him to choose the CrowdStrike Falcon® platform to protect YETI endpoints. The views expressed in this article are the author’s alone.
In my role as senior security architect at YETI, it’s my mission to ensure that our information security systems, like our incredible products, are built for the wild. With this in mind, we continually measure and re-evaluate our security systems to determine if they live up to our high standards. We place particular emphasis on our endpoint security solution, as it is often the final defense against malware that has made it past systemwide security layers, such as email and network firewalls.
In the last year, our legacy solution was proving to be more frustrating than beneficial. From a complete lack of endpoint detection and response (EDR) capabilities, to little or no protection for modern attacks, and virtually non-existent integration with third-party platforms — it was clear that our current solution had fallen far behind, illustrating just how quickly the endpoint security landscape had evolved.
What We Were Looking For
We immediately set out to find a solution that not only directly replaced our current capabilities, but went beyond them to include the latest technological innovations. We focused on three main criteria:
- Combines endpoint protection platform (EPP) and EDR capabilities to avoid purchasing multiple products. Our incumbent solution would promise us new features, including EDR and forensics capabilities, but never delivered as the years went by. Ultimately, the solution didn’t grow with us and unfortunately, we didn’t have the budget or the desire to purchase a completely separate EDR solution.
- Lightweight and effective at blocking the latest threats, including PowerShell attacks. End users and IT typically think of endpoint security solutions as simply an antivirus that consumes all their computing resources. It’s what end users blame when their computers feel sluggish. The finger is always pointed at the security teams, which typically don’t have great reputations to begin with, due to the various controls “forced on users” (see: “Windows Updates”).
- Integrates with our existing security and system infrastructure. Like many businesses, we already have existing infrastructure that we depend on. We wanted something that would integrate with and complement our existing solutions. In particular, the solution needed to integrate with our SIEM and enrich our existing telemetry.
Why We Chose CrowdStrike
We reached out to three major endpoint security vendors — two who were familiar because we were already using other products from them, and one newcomer: CrowdStrike®. We selected CrowdStrike as our third candidate because their delivery model sounded compelling and we had heard positive word-of-mouth reviews. Going into the evaluation, we were confident we would ultimately choose one of the solutions from a vendor we were currently using. We fully expected that they would integrate well with their other products, which we already owned, and that it would ultimately be easier to work with one less vendor.
One of the challenges we ran into was how best to evaluate each of the solutions. I researched online and read through security mailing lists I was a part of, and put together what I found to be a useful methodology. This evaluation plan enabled me to review each product as fairly and thoroughly as possible, given my limited time and resources.
As I conducted my testing, it was clear our existing vendors were playing catch-up to what CrowdStrike offered. Time and again, the CrowdStrike Falcon platform met or exceeded our requirements. The competing solutions only offered half-baked features or were missing capabilities entirely.
Revisiting our requirements from earlier, we measured CrowdStrike against our criteria:
- Combines EPP and EDR capabilities to avoid purchasing multiple products. CrowdStrike Falcon® features a comprehensive suite of prevention mitigations to stop attacks, and collects an incredible amount of system and network telemetry, providing context in the event an attack is able to successfully execute. On top of this, Falcon’s Real Time Response feature enables our team to perform incident response no matter where an endpoint may be. Having used this feature on our internationally-based endpoints, I can attest to how easy and low-latency the experience is.
- Lightweight and effective at blocking the latest threats, including PowerShell attacks. The Falcon agent was quick to install and consumed very few computing resources in our testing. It successfully blocked known malware and PowerShell attacks, whether the system did or did not have connectivity to the CrowdStrike cloud. In testing the EDR capabilities, we disabled the prevention mitigations and allowed a full attack to run through completion. Falcon identified each step of the attack and mapped it to the MITRE ATT&CK framework.
- Integrates with our existing security and system infrastructure. Falcon integrates with our SIEM, and its rich data set complements the telemetry that we were already collecting from our existing systems. Unlike other platforms, Falcon organizes this large volume of data into understandable categories, brings notable events to attention, and offers great flexibility in searching through data.
Beyond meeting our requirements, we also appreciated these additional capabilities:
- The delivery model is built so that features can be licensed as needed, all while still using the same lightweight agent.
- The optional Falcon OverWatchTM managed hunting service acts as an extra set of eyes on our systems and if needed, can assist in incident response activities.
- CrowdStrike provides frequent feature updates and enhancements that simplify host management and improve prevention, detection, and response capabilities.
Immediate Results From Day One
Overall, we’ve had a great experience with CrowdStrike from the initial sales process to implementation. Where we’ve felt there was room for improvement, the CrowdStrike team has been receptive to our feedback and actively adds new features to meet our needs. Deployment of the agent across the organization was one of the smoothest we’ve experienced, and we saw immediate results from day one. Endpoint security is a crucial part of our layered defense approach, and we’re confident that CrowdStrike Falcon is truly built for the wild.
Additional Resources from CrowdStrike
- Learn more about the CrowdStrike Falcon platform by visiting the webpage.
- Download the white paper: Endpoint Detection and Response (EDR): Automatic protection against advanced threats.
- Learn more about the MITRE framework in the white paper: “Faster Response with CrowdStrike and MITRE ATT&CKTM.”
- See what third-party security testers and reviewers are saying about Falcon.
- Test CrowdStrike next-gen AV for yourself: Start your free trial of Falcon Prevent™ today.