I often hear from Chief Information Security Officers (CISOs) how hard their job is and how often they are in the ‘line of fire’ when bad things happen. I feel for CISOs, not only because their jobs are incredibly tough, but the hardest challenge is listening to complex and confusing messaging and industry jargon. Every vendor sounds the same! Deciphering fact from fiction is a challenge, especially when vendors take creative liberties with the truth and rely on confusion and magic shows to peddle their products. You hear a lot of talk in the industry about the most important elements of endpoint security, with a focus on either antivirus or endpoint detection and response (EDR). The prevailing view is that both are separate elements and are distinct and unrelated.
At CrowdStrike, we believe looking at endpoint products as two (three, four, or five+) products is a mistake. Visibility and control are as important as prevention. You shouldn’t get just one or the other from a vendor. As an industry leader, the trend CrowdStrike is setting is delivering a unified approach that combines next-generation AV, endpoint detection and response (EDR) and managed hunting, into a single agent seamlessly delivered via the cloud. Customers want less bloat, fewer agents, more prevention, and more visibility to stop not only malware, but more importantly, stop the breach. With our Falcon Platform Summer release, we continue to build on delivering the only truly unified next-gen AV, EDR and managed hunting platform in the industry. This has been my vision since co-founding the company in 2011. Back then we didn’t have all the fancy names the industry created, but we knew what needed to be done and we did it.
Our Summer release makes it official. CrowdStrike by far has the most comprehensive EDR solution on the market. We have added eight new system events to our EDR solutions set: Scheduled Tasks, Firewall Activity and User Account Creation Activity, bringing the total up to 240 events across 27 categories, more than any other vendor in the endpoint security space. This performance is reinforced by the fact that Gartner recently released a report on the EDR space and our EDR solution received perfect scores in all five of their use cases for the review.
While the report didn’t highlight scalability, it is a question I routinely get from customers: “Does your solution scale?” The answer is a resounding YES! Since Falcon is delivered from the cloud, we can handle as much data as you can throw at our platform. No clumsy master slave controllers are necessary. No need to buy hundreds of thousands of dollars of hardware just to try to get the solution to work. No empty promises of retrofitting an on-premise solution in the cloud. And no need to know “what” to ask and “when” to ask the system a question. Even with full retrospective capabilities (think DVR for your endpoint), scalability is not a problem for Falcon. We routinely run in many of the largest Fortune 500 environments without breaking a sweat on 200,000+ endpoints.
For prevention, it’s tough to beat perfection, but that’s exactly how our enhanced machine learning capabilities were rated according to results announced on July 28th by SE Labs, a member of Anti-Malware Testing Standards Organization (AMTSO). CrowdStrike’s machine learning earned a 100% efficacy rating for having a 100% detection rate for both known and unknown samples of malware, all with a false positive rate of zero percent. While no silver bullet solution exists that achieves perfect results like this in every test, we take great pride in this accomplishment and plan to continue to extend our malware prevention capabilities with machine learning and behavior-based analysis that offer customers the most advanced threat protection available.
We have also introduced new behavioral exploit prevention indicators of attack (IOA) that provide further protection against advanced browser-based exploits, and are powered by one of the most sophisticated graph databases in the security industry (CrowdStrike Threat Graph™). Of course, we also provide broad existing capabilities in pre-execution and exploit mitigation techniques. Finally, we added our new machine learning slider functionality to Falcon, providing customers with granular control over how they protect themselves against known and unknown malware.
Prevention and detection features are not the only goodies we have delivered. In our Summer release, CrowdStrike has transformed the Falcon user interface (UI) to provide greater ease of use and more efficiency, allowing customers to manage prevention options, detections and alerts within the Falcon platform. Specifically, we are previewing a new activity app, with added enhancements for users to effortlessly view and triage detections — all from a single screen.
A final and critical piece to our vision for a unified approach to endpoint security resides with intel and threat hunting. There is no threat that demands such an approach more than eCrime. Adam Meyers — our VP of Intelligence — goes into more detail with his blog, but I’m proud to announce that we will soon launch an expanded set of eCrime offerings that are tiered to the specific needs of our customers, allowing them to choose the option that best fits their requirements. Most importantly, these enhanced offerings will be based on a new methodology for tracking malicious eCrime actors, allowing for new capabilities and insights into the entire eCrime adversary ecosystem, and providing customers with more response options which can be carried out in a more effective manner.
Wow that was a lot to get through! I sincerely appreciate all of our customers who provided input for what they wanted in the Summer release. Your support and guidance has been invaluable! Thank you!
We hope to see you in Las Vegas to discuss with you in person and demonstrate all of these capabilities that comprise our vision for endpoint security — a vision that is a reality with our Summer platform release. We will be giving demos and answering questions at the Black Hat conference in Las Vegas on Wednesday, August 3rd and Thursday, August 4th at booth #507 in the Business Hall of the Mandalay Bay Convention Center.
If you can’t make it to Black Hat, I invite you to click here to set up a demo with our team and find out for yourself what “next generation endpoint protection” really is and why so many large and small companies are joining CrowdStrike in our mission to disrupt the security industry with a solution that simply works.