Managed Detection and Response (MDR)
Falcon Complete stops breaches every hour of every day, through expert management, threat hunting, monitoring and remediation, and is backed by CrowdStrike’s Breach Prevention Warranty.
CrowdStrike named a Leader
IDC MarketScape: US MDR Services 2021 Vendor Assessment Recognized by Industry Experts as a Leader In Managed Detection and Response Forrester Wave™: Managed Detection and Response, Q1 2021 Read the report to learn the key capabilities Forrester recommends that organizations demand when looking for an MDR provider.Learn More
Why Choose Falcon Complete for Managed Detection and Response?
Augment your Team with the Deepest Expertise
Cybersecurity is not just a technology problem, it also requires around-the-clock expertise.
Falcon Complete brings you focused expertise to stop threats through continuous vigilance.
Eradicate Threats in Minutes
Adversaries often inflict damage in hours, but it can take days for organizations to respond.
Falcon Complete surgically eliminates threats in minutes.
DETECT: <1 min
INVESTIGATE: <10 min
RESPOND: <60 min
Eliminate Risks and Unleash Enormous Savings
Defending against today’s threats is a continuous challenge. Security teams must always wonder, “Am I doing enough?”
Falcon Complete delivers predictable results at a fraction of the cost.
Forrester Study Finds Falcon Complete Delivers
Learn more in the Total Economic Impact™ (TEI) of CrowdStrike Falcon Complete, a commissioned study conducted by Forrester Consulting on behalf of CrowdStrike.Read Forrester's TEI Study
Falcon Complete Features
People, Process and Technology Are All Key to Stopping Breaches
Layers of Expertise
The Falcon Complete team is composed of seasoned security professionals who have experience in incident handling, incident response, forensics, SOC analysis and IT administration. The team has a global footprint, allowing true 24/7 “follow the sun” coverage.
- Experts in the CrowdStrike Falcon platform. The Falcon Complete team holds CrowdStrike Certified Falcon Responder (CCFR) and CrowdStrike Certified Falcon Administrator (CCFA) certifications.
- Experts in incident response. The Falcon Complete team has multiple years of experience in digital forensics and incident response (DFIR).
- Experts in threat hunting. 24/7 human threat hunting uncovers the faintest trace of malicious activity, in near real time.
- Experts in threat intelligence. Falcon Complete is powered by the CrowdStrike global threat intelligence team, bringing critical context to the response process.
Powered by the Falcon Platform
CrowdStrike pioneered a new approach to endpoint and cloud workload protection, designed and built to overcome the limitations of legacy security solutions. The Falcon platform delivers the foundation for true next-generation protection.
- 100% cloud-native. Immediate time-to-value — no hardware, additional software or configuration is required, which drives down cost and complexity.
- Proprietary Threat Graph. Threat Graph is the brains behind the CrowdStrike platform. It provides complete real-time visibility and insight into everything happening throughout your environment.
- Single lightweight agent. An intelligent, lightweight agent, unlike any other, blocks attacks while capturing and recording activity as it happens to detect threats fast on endpoints and cloud workloads.
- Frictionless collaboration. The CrowdStrike Message Center enables frictionless, transparent, and secure communication with your experts from the Falcon Complete team.
Proactive Management and Optimization
CrowdStrike experts ensure your environment is continuously optimized to combat the latest threats, achieving the best levels of performance and protection from your Falcon investment and ensuring confidence that your endpoint protection is always under complete control.
- Comprehensive control of unmanaged systems. Falcon Complete helps customers ensure all assets are properly grouped, sorted and protected, whether they exist on-prem, off-prem, or in the cloud.
- Tight control over the Falcon agent. Falcon Complete ensures that the current Falcon agent is installed, delivering the best level of protection available.
- Rigorous configuration management. Proven, best-practice policies are systematically applied to all systems.
Continuous Human Threat Hunting
Falcon Complete includes 24/7 monitoring by the Falcon OverWatch team, CrowdStrike’s human threat detection engine that hunts relentlessly to see and stop the most sophisticated hidden threats.
- The SEARCH Methodology. OverWatch analysts leverage their proprietary SEARCH methodology to shine a light into the darkest corners — leaving adversaries with nowhere to hide.
- Cloud-scale data. Scalable and effective threat hunting requires access to vast amounts of data and the ability to mine that data in real time for signs of intrusions. CrowdStrike’s rich telemetry creates the foundation for OverWatch threat hunting.
- 200+ years of combined diverse expertise. OverWatch employs elite experts from a wide range of backgrounds, including government, law enforcement, commercial enterprise, the intelligence community and defense.
24/7 Monitoring and Response
The Falcon Complete team monitors your Falcon platform 24 hours a day, seven days a week, investigating every security alert with the goal of identifying potential intrusions at their very earliest stages.
- 24 hour/day active monitoring. Falcon Complete is always watching, ensuring that emerging threats are addressed as they happen.
- Human eyes on every detection. Falcon Complete investigates all critical, high-, medium- and low-severity detections in a timely manner, ensuring that intrusions are identified at the earliest possible stage.
- <10 minutes: Average time to begin response. Falcon Complete builds and continuously tunes a repeatable playbook to ensure all threats are investigated quickly and efficiently.
When an intrusion is identified, the team acts quickly and decisively. The team remotely accesses the affected system using native Falcon capabilities to surgically remove persistence mechanisms, stop active processes and clear other latent artifacts. Falcon Complete restores systems to their pre-intrusion state without the burden and disruption of reimaging systems.
- <60 minutes: Time to perform surgical remediation. Falcon Complete executes surgical remediation remotely, eliminating the cost and burden of reimaging.
- Zero impact for the end user. Falcon Complete can often perform remediation without the user being aware that it has happened.
Transparent and Secure Collaboration
Falcon Complete delivers simple, transparent visibility and collaboration with CrowdStrike’s analysts ensuring you always have the information you need to make fast and effective decisions.
- Message Center: Provides secure bi-directional communication about emerging incidents as well as ad-hoc questions directly within the Falcon console. Keeping communications close to the Falcon data provides maximum efficiency, ensuring that the full context associated with emerging threats is never more than a click away.
- Executive Dashboards: Gain at-a-glance visibility into the day-to-day activity that Falcon Complete performs, including trends and actionable insights.
- Message Analyst: Fast access to CrowdStrike experts is embedded throughout the Falcon console. This helps analysts to more quickly understand threats, and get fast answers to their cybersecurity questions.
Breach Prevention Warranty
CrowdStrike stands strongly behind its breach protection capabilities. Falcon Complete comes with a Breach Prevention Warranty* to cover costs should a breach occur within the protected environment.
Components of Falcon Complete
- Falcon Complete Expertise CrowdStrike security experts manage, monitor and respond to threats.
- Falcon Discover IT Hygiene Provides visibility across assets, because you cannot protect systems you cannot see.
- Falcon Insight Endpoint Detection and Response (EDR) Provides continuous, comprehensive visibility to endpoint activity to ensure nothing is missed.
- Falcon Prevent Next-generation Antivirus (NGAV) Protects against both malware and malware-free threats.
- Falcon OverWatch Managed Threat Hunting 24/7 hunting team sees and stops hidden, advanced attacks.
Struggling to protect cloud workloads?
Falcon Cloud Workload Protection (CWP) Complete provides managed protection for workloads and containers, enabling you to build, run, and secure applications with speed and confidence.
Falcon Complete vs. Other MDR
The Falcon Complete Difference
Falcon Complete MDR
Falcon Complete stops breaches with our balanced combination of technology, expertise, and discipline, backed with our industry-leading Breach Prevention Warranty.
Competing solutions monitor and provide guidance as a “best effort”, but the responsibility and work to manage and respond to threats remains with your team.
|Falcon Complete MDR||Other MDR |
|Proactive platform management|
|Operated by experts|
|Investigates all detections: Critical, High, Med, Low|
|24/7 continuous threat hunting|
|Global threat intelligence team|
|Proactive, surgical remediation|
|Backed by Breach Prevention Warranty|
“Security Footprint Of A Fortune 500 With The Security Staff Of A Startup”
“What I like most is having peace of mind when it comes to our company’s security. We have the security staff of a small startup with the security footprint of a Fortune 500.” – Tech Ops Manager, Industry: Services
“Falcon Is Peerless In The NGAV/EDR/MDR Space”
“CrowdStrike exemplifies their values and puts in the extra effort to ensure they are exceeding our needs. Deployment is stupid easy, management is seamless, and opting for the Complete service is like a warm blanket on a cold night.” – Information Security Manager, Industry: Manufacturing
“Gartner Peer Insights: Best In Class Service”
“We wanted to adopt best-in-class cybersecurity protection without incurring the expense of building out an internal cybersecurity team.” – Systems Engineer, Industry: Finance
The GARTNER PEER INSIGHTS Logo is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.