In this article we’ll introduce Falcon Discover. Falcon Discover enables IT hygiene by providing organizations with unprecedented visibility over the computers, applications and accounts being used in their environment, improving their overall security posture and resulting in them being better prepared against to repel attacks and stop a breach.
Falcon Discover is a part of the EDR Bundle and the EPP Advanced Bundle.
Discover can return searches within seconds without impacting the user or the network. Because the Falcon Platform is cloud based all the requisite data is in the cloud resulting in no-impact searches. Also the data is available for 90 days. This gives Discover to ability to report both historical and current information in near real-time.
To navigate to the app, click on the Discover icon on the left that looks like an eye.
Discover is organized into three different categories; Applications, Assets, and Accounts. There is also an overview or dashboard, with high level information that you can pivot into.
Real Time Application Inventory
Complete Visibility – Lists all applications in use on an endpoint and across all the endpoints in the environment. This enables security and IT teams to spot potentially malicious apps in the environment.
Application Search – Identify and search applications used on a particular host or by specific users.
Asset Inventory – Falcon Discover identifies which assets have the Falcon agent deployed. It enables security and IT ops to differentiate between managed, unmanaged, and unmanageable assets in your environment and take appropriate steps to improve overall security.
Account Monitoring – Falcon Discover enables security teams to monitor admin privileges and assess domain and local account password update timelines. It provides a view into logon time-trends to identify unusual user behavior.
Falcon Discover continues to find ways to simplify security. Through Discover you’ll get
- Real Time System Inventory
See a real-time view of all managed and unmanaged assets in the environment in a simple dashboard with drill-down options.
- Real Time Application Inventory
See a real-time view of all applications in the environment in a simple dashboard with drill-down options.
- Real Time Account Monitoring
- Identify Admin accounts and account usage trends – i.e. which hosts did the user log on to, average session length, session lengths on each host, identify hours that the user typically logged on to, and type of registration (batch, remote)
- See local and domain accounts in depth – see average PW change time, local users and password changes