CrowdStrike Advances Next-Generation Endpoint Protection with Powerful Real-Time Query Capabilities and Indicator of Attack-Based Prevention

• CrowdStrike enhances its Falcon platform by integrating historical and real-time data with advanced threat intelligence
• The new real-time query capability is specifically built to make it faster and easier for Security Operations Centers (SOCs) to get answers and take action
• Powerful new Indicator of Attack-based (IoA) prevention brings granular behavioral-based containment and blocking capabilities to Falcon Host customers

Irvine, CA – April 16, 2015 – CrowdStrike Inc., a leading provider of next-generation endpoint protection, threat intelligence, and services, today announced the addition of advanced features to its Falcon product portfolio including real-time query and IoA-based prevention.

The new real-time query capability of Falcon Host is a direct response to the request of SOCs to help them better answer basic, yet powerful, questions: “Has this threat been seen in my environment, is it still active, and who is the adversary that I am dealing with? How worried should I be?” Using the real-time query, security operators can now leverage a simple search engine-like query interface to pose targeted questions to their environment and receive immediate responses, enabling them to detect and stop the adversaries in their tracks. Additionally, the function offers exceptional time-to-value, being able to search 100,000 endpoints in a matter of seconds.

According to Gartner Inc., “In an era of continuous compromise, enterprises need to shift from a mindset of ‘incident response’ — wherein incidents are thought of as occasional, one-off events — to a mindset of continuous response — wherein attacks are relentless, hackers’ ability to penetrate systems and information is never fully blocked, and systems must be assumed to be continuously compromised, and, thus, they must be continuously monitored.” [1]

All too often when it comes to prevention, SOCs are limited to taking a blunt approach: removing an endpoint from the environment. CrowdStrike’s new IoA-based prevention employs granular, behavioral-based detection capability to prevent and contain damage from credential theft, privilege escalation, and web shell attacks. Now, customers can contain and prevent adversary activity without having to immediately remove an endpoint from the environment.

“The enhancements and additions we are announcing today make a real difference to the day-to-day protection of our Falcon Host customers,” said Dave Cole, CrowdStrike’s Chief Product Officer. “As our customers face a rising tide of sophisticated attacks, a key goal for us is to deliver new features such as real-time query and IoA-based prevention that offer them better defenses with greater efficiency. We continue to be focused on delivering the most comprehensive and effective next-generation endpoint protection to our customers.”

About CrowdStrike
CrowdStrike™ is a leading provider of next-generation endpoint protection, threat intelligence, and services. CrowdStrike Falcon® enables customers to prevent damage from targeted attacks, detect and attribute advanced malware and adversary activity in real time, and effortlessly search all endpoints, reducing overall incident response time.

CrowdStrike customers include some of the largest blue chip companies in the financial services, energy, oil & gas, telecommunications, retail, and technology sectors, along with some of the largest and most sophisticated government agencies worldwide.

To learn more, please visit http://www.crowdstrike.com.
Follow us: The Adversary Manifesto | Twitter
You Don’t Have a Malware Problem. You Have an Adversary Problem.™

Media Contact
Ilina Dimitrova
CrowdStrike Inc.
202.340.0517
ilina.dimitrova@crowdstrike.com

[1] Gartner, Designing an Adaptive Security Architecture for Protection From Advanced Attacks, by Neil MacDonald and Peter Firstbrook, published on February 12, 2014