X

Our website uses cookies to enhance your browsing experience.

CONTINUE TO SITE >

Introducing CrowdScore: A New Approach to Eliminate Alert Fatigue and Provide CxO-Level Real-Time Threat Metrics [VIDEO]

This week, in conjunction with Black Hat USA 2019, CrowdStrike® is proud to announce a powerful new capability for the Falcon platform: CrowdScore. CrowdScore leverages cloud-based AI analytics to distill the CrowdStrike Falcon® platform’s smart-filtered endpoint detection and response (EDR) data into actionable insights for CxOs, as well as security analysts and investigators.

In addition, CrowdScore fundamentally shifts how customers work with the Falcon platform, delivering enormous efficiency gains across the security operations center (SOC), and helping customers take a significant step toward meeting the 1-10-60 challenge.

Why CrowdScore Is a Critical Capability

I talk to many CxOs in my travels around the world, and I found that one of the big challenges for many of them is the inability to understand the true state of the threat inside of their organization at any given point in time. Too often, they learn about a major problem once it’s already too late and a breach has occurred. Often this is due to their security teams being overwhelmed with alerts and not knowing how to prioritize and rapidly respond to an intrusion before it is too late. And without that knowledge, CxOs are often unable to make accurate and rapid decisions about resourcing, escalation and engaging with legal and crisis communication departments.

The key metric many organizations struggle with today is speed. At the end of the day, it’s the speed with which a security team is able to identify, understand and act against the stealthiest one percent of threats – that’s what keeps your organization’s name out of the headlines.

The Challenge of Speed

Better information about threats is critical in the fight to stop breaches, but an ever-growing sea of information can be overwhelming to security teams, preventing them from making smart decisions and responding to critical alerts before the attacker breaks out. Information overload affects security organizations on many different levels, as teams wrestle with some fundamental questions:

  • Am I under attack? At the strategic level, security executives need an up-to-date understanding of the organizational threat level, so they can make the best decisions. Most executives see only a constant, overflowing river of badness, which hinders their ability to plan and coordinate the most effective actions when it matters most.
  • What’s most critical now? At the tactical level, analysts must triage alerts to identify potential threats. This is a daunting task when analysts are bombarded with a stream of hundreds or even thousands of potential threats every day. All too often, important alerts are missed, with the signal buried in noise.
  • What will I do about it? At the operational level, investigators must quickly understand and act to eliminate threats. This process can be slow and error-prone, relying on cumbersome manual processes to collect and analyze supporting data from a variety of sources. This drives up time-to-respond and gives attackers more time to take malicious action.

It’s time to tackle today’s biggest problem in information security — speed. Security organizations need help with ensuring that their scarce time and attention are always focused on the things that matter most, and that every person on the team is enabled to execute at high velocity.

CrowdScore: Focus Fast on What Matters Most

CrowdScore dramatically reduces the time required to understand and respond to cyber threats by anticipating and delivering the right information for each stakeholder when and where it’s needed. It leverages the power of CrowdStrike’s cloud-native platform and single intelligent agent, continuously streaming smart-filtered, high-fidelity data into a proprietary distributed graph database we call Threat Graph™, to produce actionable insights for executives, analysts and investigators.

See the Big Picture

For CxOs, CrowdScore delivers a simple metric to help them understand their organization’s threat level on a continuous basis. This organizational “DEFCON” score updates in real time, and makes it easy for security leaders to quickly understand if they are under attack and the severity of the threat, so they can immediately mobilize the appropriate response.

Figure 1: CrowdScore delivers “DEFCON” threat level for enterprises of all types

Eliminate Alert Fatigue

For security analysts, CrowdScore eliminates alert fatigue by using sophisticated, cloud-based analytics to combine related security alerts and indicators into incidents. With the full context of an incident, derived from the CrowdStrike Threat Graph™, CrowdScore intelligently prioritizes those incidents by severity and criticality to your business. CrowdScore’s smart prioritization streamlines the triage process and presents the most important incidents to analysts via a central Incident Dashboard, ensuring responders are always directed to the most critical threats first.

Figure 2: CrowdStrike’s Incident Dashboard speeds triage and solves alert fatigue by distilling discrete alerts into actionable, prioritized incidents. In this example, 43 alerts were transformed into 5 displayed incidents.

Speeding Up Investigations

Finally, CrowdScore delivers CrowdStrike’s new Incident Workbench, a powerful portal where prioritized incidents are enriched through the CrowdStrike Threat Graph, automating the cumbersome labor involved in collecting the data needed to understand the scope of an emerging threat. Incident Workbench’s sophisticated visualizations and workflows significantly reduce the time needed to orient and act against modern threats of all types.

Figure 3: CrowdStrike’s Incident Workbench accelerates investigations with sophisticated visualizations and workflows.

CrowdScore Available to Customers at No Cost

Once again, CrowdStrike is leveraging the power of the cloud to shift the cybersecurity balance of power back in favor of defenders. CrowdScore will be available at no cost to all Falcon platform customers and will be demonstrated at CrowdStrike’s Booth #904 at Black Hat USA 2019.

Falcon Summer Platform Release — Enhancing Speed and Performance in the SOC

CrowdScore is an exciting development for CrowdStrike’s customers, but it’s not the only one we’re featuring at Black Hat this year. Our Summer Platform Release is packed with new innovations focused on helping security organizations execute their missions with the highest speed and efficiency. New capabilities include:

  • Tailored Intelligence: Enables real-time identification of emerging DDoS and botnet threats that target an organization. Instant visibility into external threats enables security teams to act and remediate faster than ever before, avoiding significant impact and possible downtime.
  • Custom Indicators of Attack (IOAs): Provides customers with the ability to quickly and easily create and fine-tune custom behavioral threat detection and prevention to meet their own unique needs. Custom IOAs allow CrowdStrike customers to gain real-time visibility on suspicious behaviors, saving precious minutes or hours of manual hunting.
  • Real-Time Response for macOS: Remotely connect to macOS hosts and run predefined commands to immediately respond to and remediate threats as they happen. Actions include file system navigation, viewing and killing processes, extracting files, and more.
  • Real-Time Response API: Collect information, place and retrieve files, run scripts and execute remediation commands across multiple hosts simultaneously, dramatically increasing efficiency and improving response times for emerging threats across your entire enterprise.

Please stop by CrowdStrike’s Booth #904 at Black Hat to see all our new capabilities in action for yourself, and to learn more about how CrowdStrike helps organizations of all types detect, investigate, and respond to threats at maximum velocity.

Additional Resources

CrowdStrike Falcon Free Trial

Dmitri Alperovitch

Co-founder and CTO of Crowdstrike, Dmitri Alperovitch leads the Intelligence, Technology and CrowdStrike Labs teams. Alperovitch has invented 18 patented technologies and has conducted extensive research on reputation systems, spam detection, web security, public-key and identity-based cryptography, malware and intrusion detection/prevention. He is a renowned computer security researcher and thought leader on cybersecurity policies and state tradecraft. Alperovitch’s many honors include being selected as MIT Technology Review’s “Young Innovators under 35” (TR35) in 2013. He also was named Foreign Policy Magazine’s Leading Global Thinker for 2013 and received a Federal 100 Award for his information security contributions.

 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial