CrowdStrike Threat Graph
The industry’s leading cloud-scale AI brains behind CrowdStrike® Security Cloud predicts and prevents modern threats in real time
Start free trial
Benefits
Advantages of Threat Graph
-
![complex icon]()
Comprehensive Data Sets
Continuous high-fidelity telemetry with forensic-level detail across endpoints and workloads distributed across the network edge and hybrid cloud infrastructure — including Windows, macOS, and Linux, together with cloud-native storage for always-on data availability.
-
![resources icon]()
Cloud-Scale Analytics
Contextual relationship derivation with ML algorithms and deep analytics across billions of disjoint and siloed data elements — allows for fast, on-demand search and query across real-time and historical data for speedy investigation and response.
-
![triage icon]()
Real-Time Attack Visibility
Real-time visibility with instant access to enriched data and intuitive dashboards for advanced workflows and visualizations — covers ephemeral, online, offline and even end-of-life hosts to arm your responders with data so they can respond to threads immediately and act decisively
Technical Features
Purpose-built Graph Database for Cybersecurity
Power of Security Cloud
- Fully operational in minutes: Complete turnkey solution with no additional hardware or deployments
- Power of the crowd: Use network effect to protect everyone against a new threat, regardless of where it is encountered
- Zero maintenance overhead: See value from Day One, with no additional custom tuning, costly consulting, re-architecting or maintenance overhead
- Scale and elasticity: Automatically scales and grows with demand and change
Power of data
- Enriched telemetry: Capture trillions of security events across endpoints, workloads and identities and enrich with threat intelligence, context and correlation markers
- Deep analytics: Reveal contextual relationships between data elements to identify and respond to new and unusual threats in real time by applying graph analytics and ML algorithms
- Powerful search: The robust query and search engine provides current and historical forensic details to arm responders for threat investigations
- Data availability: On-demand access to enriched data with powerful visualization dashboards helps investigators understand the full context of the attack on any affected host, regardless of location
Blog: 3 Best Practices for Building a High-Performance Graph Database
Maximum security efficiency
- Actionable insights: The industry’s leading collection of powerful insights gathers more than a trillion events per day spanning across 2 trillion vertices and analyzing over 15 petabytes of data
- Integrated threat intelligence: Telemetry is enriched with real-world threats and identifies new attacks associated with known threat actors
- Accelerated response: Real-time visualization and automated concurrent analysis lead to faster investigation and response times
- Proactive threat hunting: Threat hunters can run ad hoc queries for successful and timely detections of unknown threats
Single source of truth
- Single data source: Gain rapid access to everything required to prevent, detect, investigate, and respond
- Single intelligent agent: The lightweight agent provides smart-filtering capability streams relevant data for enrichment and correlation to the Threat Graph — with no performance impact
- Robust set of APIs: Powerful APIs allow for security orchestration, automation, response and other advanced workflows
- Rich integrations: APIs and bidirectional data flow enable tight integrations with third-party security and IT solutions to share insights from multiple data sources
- Cloud-delivered resources: Threat Graph scales with demand and provides necessary storage, compute and rich analytics required, with up to a year of all detections encountered
- Enriched data archive: Optional offline replica of enriched telemetry is available for archive, compliance requirements and additional analytics
Technical Center
For technical information on the installation, policy configuration and more, please visit the CrowdStrike Tech Center.
Third-Party Validation
Since 2016, CrowdStrike has demonstrated a strong commitment to continuous industry collaboration, scrutiny, and testing. Time and time again, CrowdStrike has been independently certified to replace legacy solutions.
-
![[For Modules Only] 2022 GARTNER MAGIC QUADRANT (MQ) FOR ENDPOINT PROTECTION PLATFORMS (EPP)]()
Named a Leader
Download the report to learn why CrowdStrike was named a “Leader” in the 2022 Gartner Magic Quadrant for Endpoint Protection Platforms.
-
![[For Modules Only] THE FORRESTER WAVE: ENDPOINT SECURITY SUITES, Q2 2022]()
“CROWDSTRIKE DOMINATES IN EDR…”
Read the report to see why CrowdStrike was Named a “Leader” in Forrester Wave for Endpoint Detection and Response Providers, Q2 2022.
-
![[For Modules Only] Gartner Critical Capabilities]()
HIGHEST SCORE FOR TYPE A
Learn why CrowdStrike scores highest overall out of 20 vendors for use case Type A or “forward leaning” organizations.
![[For Modules Only] 2022 GARTNER MAGIC QUADRANT (MQ) FOR ENDPOINT PROTECTION PLATFORMS (EPP)](https://www.crowdstrike.com/wp-content/uploads/2019/10/Gartner_logo.png){kind=logo}
![[For Modules Only] THE FORRESTER WAVE: ENDPOINT SECURITY SUITES, Q2 2022](https://www.crowdstrike.com/wp-content/uploads/2019/10/Forrester-Logo.png){kind=logo}
Visit our third-party evaluations page to see how CrowdStrike performed against the industry’s most rigorous tests and trials.