Why Choose Falcon for Azure
Automatically discover Azure workload footprints
Gain insight into the scope and nature of your Azure resources, so you can secure all virtual machines, uncover and mitigate risks, and reduce the attack surface
Comprehensive visibility into Azure workload events and virtual machine metadata enables detection, response, proactive threat hunting and investigation, to ensure that nothing goes unseen in your cloud environments
Key integrations support continuous integration/continuous delivery (CI/CD) workflows, allowing you to secure Azure workloads at the speed of DevOps without sacrificing performance
How Falcon Protects Azure Workloads
AZURE VIRTUAL MACHINE DISCOVERY
- Provides insight into your Azure virtual machine footprint, so you can secure all workloads, uncover and mitigate risks, and reduce the attack surface
- Automatically discovers existing virtual machine deployments — without installing an agent — by enumerating Azure virtual machines
- Provides real-time information about workloads, including context-rich metadata about virtual machines by state, type, region and resource group, as well as public-facing virtual machines, total storage, virtual networks and security group information for Azure
- Identifies virtual machine resources that are not protected by the CrowdStrike Falcon® platform
COMPREHENSIVE VISIBILITY INTO AZURE WORKLOADS
- Gathers metadata at the Azure virtual machine level to easily identify owners of resources involved in an alert
- Continuously monitors events to provide visibility into workload activities, including activities running inside containers; a full set of enriched data and event details enables investigations against ephemeral and decommissioned workloads
- Offers proactive threat hunting across virtual machines and endpoints from the same console
- Detects and investigates attacks that span multiple environments and different types of workloads, pivoting from endpoint to virtual machine to containers
- Secures the Azure host and container via a single Falcon agent running on the host, and runtime protection defends containers against active attacks
- Investigate container incidents easily when detections are associated with the specific container and not bundled with the host events
- Captures container start, stop, image and runtime information, and all events generated inside the container, even if it only runs for a few seconds
- Container support includes Open Container Initiative (OCI)-based containers such as Docker, orchestration platforms such as self-managed Kubernetes, and hosted orchestration platforms such as AKS (Azure Kubernetes Service) and OpenShift
- Provides visibility into container footprint including on-premises and Azure deployments, so you can easily view container usage — including trends, uptime, images used and configuration — to identify risky and misconfigured containers
- Combines the best and latest technologies to protect against active attacks and threats when Azure workloads are the most vulnerable — at runtime
- Includes custom indicators of attack (IOAs), whitelisting and blacklisting to tailor detection and prevention
- Offers integrated threat intelligence to block known malicious activities and delivers the complete context of an attack, including attribution
- Provides 24/7 managed threat hunting to ensure that stealthy attacks don’t go undetected
SIMPLICITY AND PERFORMANCE
Built in the cloud for the cloud, Falcon eliminates friction to boost cloud security efficiency.
- Powerful APIs allow automation of CrowdStrike Falcon® functionality, including detection, management, response and intelligence
- Chef and Puppet integrations support CI/CD workflows
- It operates with only a tiny footprint on the Azure host and has almost zero impact on runtime performance, even when analyzing, searching and investigating
- Flexible consumption-based and annual-based subscription models support agile business planning
Customers That Trust CrowdStrike
Since 2016, CrowdStrike has demonstrated a strong commitment to continuous industry collaboration, scrutiny, and testing. Time and time again, CrowdStrike has been independently certified to replace legacy solutions.
Positioned as a Leader
Download this complimentary report to learn the analysis behind CrowdStrike’s positioning as a Leader and what we believe it could mean for your organization’s cybersecurity posture.
Named a Leader
Read this critical report to learn why CrowdStrike was named a “Leader” in the 2019 Forrester Wave with the top ranking in strategy and high scores in 17 criteria.
HIGHEST SCORE FOR TYPE A
Learn why CrowdStrike scores highest overall out of 20 vendors for use case Type A or “forward leaning” organizations.
Visit our third-party evaluations page to see how CrowdStrike performed against the industry’s most rigorous tests and trials.