Maximize customer resources to respond more effectively to breaches
Empower partner solutions for enhanced monitoring, detection and response
CrowdStrike Orchestration and Automation (O&A) empowers participating partners to extend their solutions’ O&A capabilities so customers can add new processes and procedures to their security workflows (or “playbooks”) and respond more quickly and efficiently to security incidents. With Falcon Connect, partners and customers can leverage a powerful set of APIs, applications and tools to:
Reveal new threats by utilizing CrowdStrike data continually: Customers enhance their threat detection capabilities by leveraging the Falcon Platform’s real-time and historical endpoint data collection and Falcon Intelligence’s IOCs. Partner tools can ingest real-time detection and endpoint event data from CrowdStrike Falcon with the Falcon Streaming API. Additionally, the Falcon Intelligence data feed provides the latest threat information, making partner offerings smarter and more effective.
Automate threat response workflows with enhanced endpoint visibility: When a breach occurs, CrowdStrike O&A tools enable security administrators to automate the response and outreach to customers’ key security infrastructure, including firewalls, the EDR or APT system, threat intelligence feeds, etc. This concerted effort retrieves necessary information that provides critical insight into the breach. Additionally, these same tools can kick off the playbooks of actions necessary to respond.
Respond to threats quickly and automatically: When breached, most companies expend resources figuring out how it happened and what data assets were compromised. But leveraging Falcon Connect tools and APIs, customers can create new, more effective processes and procedures to make response efforts faster and smarter, so they can respond quickly and efficiently to a breach.