How to Leverage CrowdStrike Integration with TrueFort

Introduction

In this video and article, we will look at the integration available between CrowdStrike and TrueFort – a CrowdStrike Store partner. TrueFort can leverage the existing CrowdStrike agent and event data to provide application visibility and security..

Video

Overview

TrueFort’s real time application mapping gives security, application, and operations teams unparalleled visibility to understand the environment in the context of applications and identify unusual behaviors. The value of TrueFort’s solution can be immediately realized given the CrowdStrike agent is installed and collecting the necessary event data.

 

Integration in the TrueFort UI

Based on the CrowdStrike event data, TrueFort’s UI can provide a real time visual representation of how applications are communicating in your environment. In this example, we see three applications communicating.

 

From this view, you can drill down on a specific application to see the details behind both external and internal communications.

 

In this application view, the middle section illustrates a three tier application. There are web servers, application servers, and database servers. The lines indicate expected communication between the backup servers and the database server. In addition, the web server primarily communications with the app server while the app server connects to the database server.

 

There is also the option to drill down to look at a specific server to understand what processes are actively running and how they are communicating.

 

TrueFort provides an illustration of the exact processes responsible for each network connection along with information about the destination. TrueFort’s machine learning and profiling capabilities help establish baselines so that unusual and potentially suspect activity can be identified.

 

CrowdStrike UI

In this example, we saw rogue communication of a workstation connecting directly to a database server which may indicate data exfiltration. Having the visibility to identify this is kind of unusual behavior is critical to helping us identify process and security gaps. We can use the hostname from the TrueFort alert and search for that managed system in the CrowdStrike UI. Even without a CrowdStrike detection event, we can take action to network contain the system and use real time response to investigate further.

Conclusion

Combining the power of CrowdStrike’s event data with TrueFort’s application visibility tools yields immediate value to your organization. TrueFort’s machine learning can use the existing telemetry data to determine baseline behaviors, offer visibility into how applications are communicating, and highlight unusual activity. 

You can begin your trial of TrueFort today directly in the CrowdStrike store.

More resources

• CrowdStrike 15-Day Free Trial
• CrowdStrike Tech Center
• Sign up for a weekly Falcon demo
• Request a 1:1 Demo
• Guide to AV Replacement
• CrowdStrike Products
• White Paper on Falcon OverWatch