Built on the CrowdStrike Falcon® platform, CrowdStrike Falcon X™ brings endpoint protection to the next level by combining malware sandboxing, malware search and threat intelligence into an integrated solution that performs comprehensive threat analysis within seconds instead of hours or days. The output of this analysis is a unique combination of customized indicators of compromise (IOCs) and threat intelligence designed to help defend against threats your organization faces both now and in the future. Falcon X is the only solution that produces IOCs for both the threat that was actually encountered in your organization and all of its known variants, immediately sharing them with other security tools such as firewalls, gateways and security orchestration tools via API. CrowdStrike Falcon X provides integrated threat intelligence alongside its security alerts to accelerate incident research, streamline the investigative process and drive better security responses.
Falcon X elevates your ability to perform better analysis when a threat is detected and quickly correlate it with strategic and tactical intelligence, cutting down investigation time from hours and even days to seconds. Through this automation, Falcon X helps smaller teams achieve a level of protection that would normally be out of reach and helps larger teams make each of their analysts more effective. Falcon X provides security teams with comprehensive threat intelligence to inform effective, prioritized responses, making remediation efforts more strategic and efficient.
The most relevant threats to your organization are those detected in your environment. Customized intelligence is threat intelligence generated directly from a real threat you have encountered, not a third-party feed of threats encountered by others. Falcon X automatically produces IOCs tailored to your organization that can immediately be shared with other security tools via API, thereby streamlining and automating the protection workflow. Cyber threat intelligence related to the encountered attack is displayed alongside the alert, making it quick and easy for analysts to understand the threat and take action.
All files quarantined by CrowdStrike Falcon Prevent™ are automatically investigated by Falcon X. Falcon Prevent automatically extracts quarantined files, based on user settings, and securely delivers the PE files (such as .EXEs, .DLLs, etc) to the customer account in the Falcon platform. Falcon X then automatically performs analysis on the extracted files and generates customized intelligence. This automation results in breakthrough efficiency gains for security operations teams and ensures no threats are missed.
No. While CrowdStrike EPP modules are recommended and proven to stop breaches, they are not a requirement. Falcon X features are available via the CrowdStrike portal and via API.
Yes, files submitted to Falcon X remain private. When you license Falcon X, CrowdStrike creates a secure account for your organization. All submitted files and associated reports are stored and maintained in this protected environment.
All files quarantined by CrowdStrike Falcon EPP are automatically investigated by Falcon X. This automation drives breakthrough efficiency gains for security operations teams and ensures no threats are missed. Each is rigorously investigated using the following techniques:
It is easy to integrate into security tools such as firewalls, gateways, security orchestration tools and SIEMs, using Falcon X APIs and pre-built integrations.
Yes. Falcon X is fully supported on the EU Cloud. This includes ensuring that all Falcon X malware analysis is performed on servers located within the EU. All malware analysis reports and data generated by the analysis process are also stored within the CrowdStrike EU-Cloud.
Falcon X processes an unlimited number of Windows PE files (such as .EXEs, .DLLs, etc.) and Apple Mac Mach-0 files quarantined by Falcon Prevent. In addition, Falcon X users can also submit additional files and file types. Depending your Falcon license, you can process up to an 500 additional files per month.
You can upload archives with or without a password: ace, arj, 7z, bzip2, gzip2, iso, rar, rev, tar, wim, xz and zip. If you use a password, the typical, “infected,” password is required.