The unprecedented transformation that all organizations have undergone this year is reflected in the very nature of Fal.Con 2020, our 4th annual CrowdStrike® Cybersecurity Conference. This year, Fal.Con 2020 is an all-digital event for the first time, illustrating the rapid transition that organizations all over the world have had to make. “Work from anywhere” is no longer just a choice — it is a necessity. As this year’s conference reflects, CrowdStrike has been with you all the way, committed to helping you make this important transition as secure and worry-free as possible.
This doesn’t mean our challenges are small ones. The new complexities exposed by rapidly enabling remote workforces on a global scale are not lost on our adversaries. They’ve been working overtime to take advantage of new attack surfaces, exploiting people’s pandemic fears and trying as hard as they can to evade your strongest security measures. That’s why CrowdStrike works even harder to stay ahead of them. Our commitment to your organization’s cybersecurity is stronger than ever and is best demonstrated by the new and innovative developments highlighted during Fal.Con 2020.
Transitioning to the Cloud Is Not Optional
The new work-from-anywhere environment and digital transformation mean the perimeter we once knew has disappeared. As our Chief Product Officer, Amol Kulkarni, points out, “It’s time to transform how we think about security, and for us, innovation is our brand of security.”
This digital transformation means cloud security becomes a key risk area, and although compliance and hygiene for the cloud have been checkbox features, they can’t give you true security, especially in the world of DevOps where speed-to-market is essential. With this velocity, however, comes the risk of misconfigurations and an expanded attack surface. That’s why we are thrilled to announce Falcon Horizon, CrowdStrike’s cloud security posture management solution (CSPM).
Securing the Cloud With Falcon Horizon
CrowdStrike Falcon HorizonTM streamlines CSPM across the application development lifecycle for any cloud, enabling you to securely deploy applications in the cloud with greater speed and efficiency. Because the CrowdStrike Falcon® cloud-native platform provides visibility into your entire cloud infrastructure, continuous monitoring for misconfigurations, and proactive threat detection, DevSecOps teams are able to fix issues faster and be more productive.
Here are the key benefits:
- Falcon Horizon unifies visibility and control across multi-cloud environments, delivering continuous discovery and visibility of cloud-native assets to provide valuable context and insight into overall security posture and the actions needed to prevent an incident.
- It provides intelligent monitoring of cloud resources to proactively detect misconfigurations, vulnerabilities and security threats, along with guided remediation to resolve security risks and enable developers with guardrails to avoid costly mistakes.
- Falcon Horizon reduces alert fatigue by monitoring for anomalies and suspicious activity, and integrating seamlessly with SIEM solutions, enabling security teams to gain visibility, prioritize threats, reduce alert fatigue by eliminating noise, and respond to and fix issues faster.
CrowdStrike has taken what we learned securing our own infrastructure and made it available to our customers. At its core, Falcon Horizon mends the gaps in your cloud security posture, providing you with actionable alerts and specific remediations to enable you to use the cloud safely.
CrowdStrike Meets the Zero Trust Challenge
Zero Trust is one of the most frequently discussed topics in cybersecurity today, and the rapid move to a work-from-anywhere environment combined with the daunting number of breaches so far this year has brought Zero Trust to the forefront. Zero Trust is essentially the principle that nothing attempting to interact with your network environment should be trusted — no user, no device and no application.
When Zero Trust was put forth as a concept in 2010, it was considered the right approach for organizations that need the highest level of protection for sensitive data and have the resources to support a Zero Trust environment. Zero Trust requires that organizations control access to applications and data and verify that any device or user is what it claims to be.
Today, the real challenge lies in how organizations are able to implement Zero Trust into their existing infrastructure without additional complexity or cost, or in a way that might affect user productivity. At the heart of being able to provide a good, frictionless experience for IT, security and end users is the ability to analyze and take action on information and attacks in real time without disrupting the business. Organizations should be able to extend their Zero Trust strategy to encompass their newly remote workforce with the scale and dynamism that is necessary to keep enterprises secure and functional.
CrowdStrike Falcon Zero Trust Assessment
This week we are launching CrowdStrike Falcon Zero Trust Assessment (ZTA), which delivers real-time security posture assessments for all endpoints regardless of location, network and user. Falcon ZTA enforces dynamic conditional access based on device health and compliance — checks that mitigate the risk to users and the organization. This means that every endpoint is granted least privileged access and is assessed before gaining access to sensitive data and corporate assets — ensuring Zero Trust enforcement across all endpoints.
For this launch, we are partnering with identity providers such as Okta and cloud security vendors including Google Cloud, Cloudflare, Zscaler, Akamai and Netskope, to deliver robust conditional application access and authentication policies based on endpoint posture assessment. Customers can harden their security stance by unifying user authentication with the risk posture and compliance of all devices accessing sensitive applications and data. Organizations can now seamlessly implement a multi-layered access strategy leveraging identity and device posture as core pillars to protect organizations and their critical apps.
Intel Extensibility: Context Enrichment
As organizations struggle to defend against an increasing barrage of sophisticated threats, one of the most common approaches we’ve seen is to layer disparate cybersecurity products that don’t integrate seamlessly — resulting in a complex security stack that can take an army of security professionals to manage and maintain.
CrowdStrike’s new context enrichment feature in the Falcon platform solves these challenges by providing a unified console that allows other threat intelligence vendors to make their data available alongside Falcon detections and incidents and also provide contextual enrichment. For advanced and deeper analysis into security artifacts, users can pivot to a third-party console — via Falcon’s management console — to gain additional threat insights. Context-rich threat intelligence data from partners such as Sixgill, OPSWAT, DomainTools and RiskIQ will help you correlate and triage alerts faster, accelerating incident investigation and response.
This new feature provides the following benefits:
- Context enrichment: Context-rich threat intel data from other third-party sources helps you correlate and triage alerts faster and accelerates incident investigation and response.
- Time-to-value: The seamless, built-in integrations bring in rich data from other vendors including IP addresses, domains, hashes and more — cutting the time required to triage and remediate.
- Simplified layered defense: Simply your security stack while staying ahead of sophisticated adversaries with the addition of multiple threat feeds and easy access to contextualized threat intelligence.
CrowdStrike Falcon Forensics is a new service designed to empower incident response (IR) with increased visibility and automation so that they can handle critical security incidents and conduct forensic analysis of cyber breach events. Falcon Forensics leverages the cloud and is deployed remotely and at scale to minimize business interruptions.
Falcon Forensics provides investigators with detailed in-depth analysis via convenient pre-packaged dashboards that detail adversaries’ past activity in the environment. With automation empowered by leveraging the cloud, Falcon Forensics provides tailored intelligence and deep analysis to deliver a complete picture that helps accelerate IR investigations so that security professionals can respond to incidents faster.
Falcon Platform Updates
We also showcased updates to the powerful CrowdStrike Falcon platform at Fal.Con 2020, including the following new capabilities.
- Detection enhancements: CrowdStrike has enhanced Falcon’s ability to detect lateral movement in cross-operating system attacks, expanded Linux detections based on the MITRE ATT&CK® framework and enhanced local protection when macOS devices are offline. For Windows systems, enhancements include detecting and preventing attacks that leverage known vulnerable drivers and ensuring protection against kernel exploits.
- Enhanced visibility: Linux visibility has been widened to capture more network events for enhanced investigations. The Falcon SpotlightTM module now extends across Linux to offer real-time vulnerability management with zero impact on hosts. For macOS, firmware analysis lets customers know if the BIOS is vulnerable or potentially compromised.
- Real Time Response: CrowdStrike’s Real Time Response feature has been expanded to include both macOS and Linux. Learn more about CrowdStrike Real Time Response.
- Enhanced OS support: CrowdStrike will fully support Apple’s kernel extension software model on macOS Catalina and Big Sur, and on Linux — minor kernel version updates will be instantly supported without requiring a Falcon sensor update.
- Customizable dashboards: A new set of tools, filters and visualizations allows customers to use new pre-configured dashboards to create custom views that will track, measure and prioritize relevant insights based on the needs of their businesses. These tailored dashboards let customers customize the data they see so that it supports their unique business priorities.
If you didn’t get a chance to attend Fal.Con 2020, you can see the keynotes and many of the sessions on demand by visiting the Fal.Con 2020 website.
- Learn more about CrowdStrike Falcon Horizon cloud security posture management.
- Read an FAQ on Zero Trust and a blog about CrowdStrike’s acquisition of Preempt Security.
- Visit the CrowdStrike Falcon product page to learn more about the powerful Falcon platform.
- Get a full-featured free trial of CrowdStrike Falcon Prevent™ and learn how true next-gen AV performs against today’s most sophisticated threats.