Fal.Con 2021: Introducing Falcon XDR and CrowdXDR Alliance
This announcement is part of the Fal.Con 2021 CrowdStrike Cybersecurity Conference, Oct. 12-14. Register now for free to learn all about our other exciting new products and partnerships!
Our mission at CrowdStrike is the same today as it was in 2011: to stop breaches.
To accomplish our mission, we knew it would require a platform that not only stops attacks in the moment but is purpose-built to meet the future needs of cybersecurity and advancing adversary tactics.
Today at Fal.Con 2021, CrowdStrike is once again setting the industry standard for security, helping our customers meet today’s challenges by giving them the most powerful arsenal for stopping today’s sophisticated attacks.
I’m very excited about both of these announcements and what they mean for our customers. Falcon XDR extends our industry-leading endpoint detection and response (EDR) beyond the endpoint to give customers visibility, real-time threat detection and automated response that goes far beyond anything else in the industry.
And to make sure that XDR doesn’t just become another buzzword in the ash heap of security history, CrowdXDR Alliance is a groundbreaking new alliance with industry leaders to provide customers with a best-of-platform approach to enterprise-wide security.
But, before I get into both of these exciting announcements, let’s take a step back and define what exactly XDR is, because like many things in the security industry, XDR is causing more confusion than calm, driven by many misleading vendor claims.
Separating the Hype from Reality: XDR Edition
Security teams and leaders are seeing “XDR” — extended detection and response — everywhere.
SIEM vendors have latched onto the term in an effort to try and stay relevant. Legacy and the so-called next-gen endpoint players? They’ve taken to repackaging their stale platforms as XDR to hide their weaknesses.
Also jumping on the buzzword bandwagon are firewall and network vendors, with many claiming “native” XDR capabilities simply as a way to further lock in their customers. Integrating your own technology should be table stakes, not cause for celebration.
The problem is that despite these claims, what many of these vendors are doing is simply making the security problem worse by flooding security teams with even more data and complexity. Taking the same failed approach of yesterday will not help customers against today’s adversary.
In its simplest terms, XDR as a concept looks to apply order to the chaotic array of a customer’s security stack by deriving actionable insights from across the enterprise to stop threats wherever they exist.
XDR must start with EDR technology and build from there. It should be an extension of EDR, enriching EDR data with the most relevant telemetry from across the security stack. It needs to provide real-time threat detection, alerting and hunting across multiple technologies and domains. And finally, XDR needs to deliver proactive, automated responses to threat activity across the entire security stack.
Falcon XDR: Protection Beyond the Endpoint
This is exactly what Falcon XDR delivers to our customers — a better way to make sense of their security data to find and stop threats wherever they exist. The CrowdStrike Falcon® platform was built for this moment — to harness the power of security data so our customers can stay ahead of shifting adversarial tactics.
This is also why the acquisition of Humio and the integration of its technology with the Falcon platform represents a watershed moment for XDR.
With Humio as a foundational architectural component, Falcon XDR seamlessly ingests data from across the broadest range of third-party data sources — including network security, email security, cloud infrastructure as a service (IaaS) and platform as a service (PaaS), software as a service (SaaS) and cloud access security broker (CASB) — and correlates it with CrowdStrike’s industry leading threat intelligence in the CrowdStrike Security Cloud. Falcon XDR applies CrowdStrike’s world-class machine learning, artificial intelligence (AI) and indicators of attack (IOAs) on this data to extend EDR outcomes and advanced threat detection across the security stack to stop breaches faster.
This solves the big data challenge of XDR and eliminates false positives, alert fatigue, and exorbitant data processing and storage costs.
But we didn’t stop there. To orchestrate and automate response across your security workflows, we also announced that Falcon Fusion — our SOAR framework natively built into the Falcon platform — is now free for all customers.
Fusion puts the R in XDR — enabling customers to build real-time active notification and response capabilities, along with customizable triggers based on detection and incident categorizations. This will improve SOC and IT efficiency and agility, while meeting use case requirements.
This is what sets Falcon XDR apart and what enables CrowdStrike to deliver on the vision of XDR by providing true enterprise-wide threat detection, investigation, response and hunting across the entire security and IT stack.
See Falcon XDR in action in this demo:
The CrowdXDR Alliance: A Groundbreaking Alliance
I’d like to thank the launch partners of the CrowdXDR Alliance — Google Cloud, Okta, ServiceNow, Zscaler, Netskope, Proofpoint, Extrahop, Mimecast, Claroty and Corelight — for joining forces to make sure that XDR delivers the value to customers that it promises.
Organizations don’t need more security alerts — they need the most relevant insights across their security stack to stop complex attacks. However, the traditional lack of standards for data sharing across security platforms creates gaps in investigations and threat hunting.
The CrowdXDR Alliance is changing all of that by establishing a common XDR language for data sharing between security tools and processes to enrich EDR data with the most relevant, vendor-specific security telemetry. This breakthrough will give customers an integrated XDR solution that enables real-time detections and threat hunting across all domains.
We’re very proud to have these partners onboard to improve the overall security experience for our customers by delivering unparalleled security efficiency and efficacy.
Fal.Con 2021: Experience It for Yourself
To learn more about Falcon XDR and the CrowdXDR Alliance, here are a few of the important session that you won’t want to miss:
- Fal.Con 2021 Keynote: The Power of We
- XDR: What It Is, What It Isn’t and What It Should Be: Understanding Cyber’s New Favorite Acronym
These are just a few of the exciting announcements we’ve made at Fal.Con 2021. If you haven’t had the chance to check out the incredibly inspirational sessions on XDR and more, I highly encourage you to do so — we’re making them all available to you now, and for months to come.
Fal.Con is a time for all of us to come together to solve the biggest security challenges that businesses face. Improving security outcomes for our customers requires a united approach. This is what CrowdStrike is building — a powerful community sharing a common goal: stopping breaches.
- Learn more about Falcon XDR and the CrowdXDR Alliance.
- View the Falcon XDR Demo.
- Learn more about Falcon Fusion by visiting the webpage or this blog post.
- Visit the product website to learn how the powerful CrowdStrike Falcon platform provides comprehensive protection across your organization, workers and data, wherever they are located.
- Get a full-featured free trial of CrowdStrike Falcon Prevent™ and see for yourself how true next-gen AV performs against today’s most sophisticated threats.