Falcon for Mobile FAQ

What is Falcon for Mobile?

Falcon for Mobile™ expands CrowdStrike’s mission to stop breaches by extending its capabilities to address mobile endpoints. It provides unprecedented visibility into malicious, unwanted or accidental access to sensitive corporate data, while protecting user privacy without impacting device performance.

Falcon for Mobile is based on CrowdStrike’s proven endpoint detection and response (EDR) technology for enterprise endpoints. Leveraging the cloud-native CrowdStrike Falcon® platform, customers can stop breaches on every platform: workstations, servers, cloud, containers and now, mobile devices.

How does Falcon for Mobile work? What are the key components?

The CrowdStrike® lightweight agent technology is ideal for mobile devices, while the integrated, cloud-native Falcon platform provides the perfect conduit to manage, administer and hunt for threats. Falcon for Mobile is comprised of two key components:

1. CrowdStrike Android/iOS Apps: These apps behave as “sensors,” providing the Falcon Platform with the visibility and telemetry required to identify malicious behavior on the device. The apps are available in Google Play and the Apple App Store.

2. CrowdStrike Falcon Platform: Falcon for Mobile provides telemetry from Android and iOS devices to populate a series of dashboards within the Falcon platform. Telemetry from both traditional endpoints and mobile devices is presented together to enhance endpoint monitoring and investigations. Expert hunters can search for threats across your enterprise — from mobile devices to the data center.

Is Falcon for Mobile a mobile device management (MDM) solution?

No. MDM solutions provide device management capabilities to remotely control, track, encrypt devices and enforce policies (e.g. to wipe or lock the device if lost or stolen). Falcon for Mobile leverages MDM’s capabilities to install and manage apps on Android and iOS devices. On iOS, an MDM is required to configure app policies that enable the CrowdStrike app to monitor network activity.

Which third-party apps can be protected by Falcon for Mobile?

Most third-party enterprise applications can be protected by Falcon for Mobile. On Android, administrators can select from a list of pre-tested, third-party apps or designate apps in Google Play to validate. The validation process ensures that the app works properly when protected by Falcon for Mobile. On iOS, apps must be managed by an MDM, have network connectivity, and must not require a dedicated VPN. Apps developed by Apple are not supported.

How does Falcon for Mobile protect corporate apps?

Falcon for Mobile monitors corporate apps to provide visibility into malicious or unwanted activity in business-critical mobile apps.

On iOS, network traffic generated by the monitored app is made visible, exposing potential phishing attempts, leaky apps, and insider threats. Falcon for Mobile also identifies jailbroken and out of date devices and will reveal potentially high-risk WIFI and Bluetooth connections.

On Android, CrowdStrike’s exclusive dynamic application shielding technology provides enhanced monitoring of enterprise apps, further protecting sensitive corporate data and intellectual property. Each app shielded by CrowdStrike, provides telemetry on network activity, user activity and operating system events. This visibility enables threat hunters to identify phishing attempts, leaky apps, insider threats, risky devices connections and configurations. Falcon for Mobile also provides dedicated data storage (which can be remotely wiped) for each monitored app to protect against malicious access.

How does Falcon for Mobile address privacy concerns?

Falcon for Mobile is built using “privacy-by-design” principles to enable users to confidently adopt the solution, without fear that their personal data will be monitored. The CrowdStrike apps focus on customer-designated, corporate apps with no monitoring of personal applications on the device, such as text messaging, email, photos or browsing history.

What effect is there to device performance or battery life?

The CrowdStrike apps for Android and iOS are extremely high-performance and lightweight with a minimal effect on battery life.

The application battery usage details are available on the system settings screens:

1. On iOS, go to Settings > Battery to find activity and battery usage of the CrowdStrike app.

2. On Android, go to Settings > Device > Battery or Settings > Power > Battery to see a list of all apps and the battery power they're using. On most Android devices, the activity and battery usage of the CrowdStrike app includes total battery usage of all apps monitored by Falcon for Mobile.

How does Falcon for Mobile use data plans?

The CrowdStrike app has been designed to limit cellular data use. It will primarily communicate to the Falcon platform through Wi-Fi (when available). The CrowdStrike app will not use the cellular data plan when the phone is roaming or if there’s low disk space, low battery or low bandwidth.

Will Falcon for Mobile work when disconnected from the internet?

Yes, the CrowdStrike app will buffer data when not connected to the internet and will upload the data to the Falcon platform at the first opportunity.

What information does Falcon for Mobile obtain from the mobile device?

Falcon for Mobile only monitors enterprise apps selected by your organization’s security team. The data collected differs based on device type:

Android Devices

The corporate apps being monitored by Falcon for Mobile are clearly indicated by a small Falcon icon emblazoned over the app icon. Falcon for Mobile will gather network, operating system and access data for each monitored app. In addition to this data, the Falcon for Mobile app will gather basic statistics from the phone such as battery usage, CPU usage, device rooting, names of connected WI FI networks and connected Bluetooth devices. None of the data contains private or personal information, such as text messages, emails, or browsing history.

iOS Devices

On iOS devices, Falcon for Mobile monitors and logs the network activity of selected corporate apps. In addition to this data, basic statistics from the phone such as battery usage, device jailbreaking, names of connected WIFI networks and connected Bluetooth devices. None of the data contains private or personal information, such as text messages, emails, or browsing history.

Which Android/iOS devices are supported?

Falcon for Mobile supports iOS (11 or higher) and Android devices (version 6 or higher).

How much historical data does Falcon for Mobile retain?

All the telemetry data collected from mobile devices can be kept for up to 90 days.

Can I proactively threat hunt with Falcon for Mobile?

Yes, the CrowdStrike Falcon cloud architecture enables proactive threat hunting at an unprecedented scale. Threat hunting increases an organization’s protection against attackers and plays a critical role in early detection of attacks and adversaries. Mobile telemetry is searchable, enabling security teams to hunt across data collected for up to 90 days and returning query results within seconds.

How is Falcon for Mobile priced?

Falcon for Mobile is licensed on a subscription basis per mobile device. Introductory pricing starts at $37.82 per device, per year for 5-299 mobile devices, billed annually. For more information please contact us, schedule a demo, or request a quote.