Built on the CrowdStrike Falcon® platform, CrowdStrike Falcon X™ brings endpoint protection to the next level by combining malware sandboxing, malware search and threat intelligence into an integrated solution that performs comprehensive threat analysis within seconds instead of hours or days. The output of this analysis is a unique combination of customized indicators of compromise (IOCs) and threat intelligence designed to help defend against threats your organization faces both now and in the future. Falcon X is the only solution that produces IOCs for both the threat that was actually encountered in your organization and all of its known variants, immediately sharing them with other security tools such as firewalls, gateways and security orchestration tools via API. CrowdStrike Falcon X provides integrated threat intelligence alongside its security alerts to accelerate incident research, streamline the investigative process and drive better security responses.
CrowdStrike Falcon X™ FAQ
Falcon X elevates your ability to perform better analysis when a threat is detected and quickly correlate it with strategic and tactical intelligence quickly, cutting down investigation time from hours and even days to seconds. Through this automation, Falcon X helps smaller teams achieve a level of protection that would normally be out of reach and helps larger teams make each of their analysts more effective. Falcon X provides security teams with comprehensive threat analysis to inform effective, prioritized response options, making remediation efforts more strategic and efficient.
The most relevant threats to your organization are those detected in your environment. Customized intelligence is threat intelligence generated directly from a real threat you have encountered, not a third-party feed of threats encountered by others. Falcon X automatically produces IOCs tailored to your organization that can immediately be shared with other security tools via API, thereby streamlining and automating the protection workflow. Cyber threat intelligence related to the encountered attack is displayed alongside the alert, making it quick and easy for analysts to understand the threat and take action.
All files quarantined by CrowdStrike Falcon Prevent™ are automatically investigated by Falcon X. Falcon Prevent automatically extracts quarantined files, based on user settings, and securely delivers the PE files (such as .EXEs, .DLL, etc) to the customer account in the Falcon platform. Falcon X then automatically performs analysis on the extracted files and generates customized intelligence. This automation results in breakthrough efficiency gains for security operations teams and ensures no threats are missed.
Yes, at a minimum, Falcon X requires Falcon Prevent, but is best implemented as part of the CrowdStrike Falcon endpoint protection platform (EPP) standard or advanced bundles.
Yes, files submitted to Falcon X remain private. When you license Falcon X, CrowdStrike creates a secure account for your organization. All submitted files and associated reports are stored and maintained in this protected environment.
All files quarantined by CrowdStrike Falcon EPP are automatically investigated by Falcon X. This automation drives breakthrough efficiency gains for security operations teams and ensures no threats are missed. Each is rigorously investigated using the following techniques:
It is easy to integrate into security tools such as firewalls, gateways, security orchestration tools and SIEMs, using Falcon X APIs and pre-built integrations.
Falcon X processes an unlimited number of PE files (such as .EXEs, .DLLs, etc.) quarantined by Falcon Prevent. In addition, Falcon X users can also submit additional files and file types. Depending your Falcon license, you can process up to an 500 additional files per month.