Press Release | Media on CrowdStrike

CrowdStrike Falcon Platform Achieves Independent Validation for PCI DSS Compliance

CrowdStrike Falcon Host is the Only Next-Generation Endpoint Security Solution to Address Five PCI DSS Requirements

Irvine, CA – Sept. 1, 2016 – CrowdStrike, the leader in cloud-delivered next-generation endpoint protection, today announced that CrowdStrike Falcon™ Platform has been independently validated to assist organizations and businesses with compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements. The validation was provided in a report by Coalfire, a leading assessor for global PCI and other compliance standards across the financial, government, industry, and healthcare industries.

PCI DSS is a framework that defines baseline technical, physical, and operational security controls necessary for protecting payment card account data. PCI DSS applies to any organization that stores, processes, or transmits Cardholder Data. The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment.

Next-generation endpoint security vendors have only previously been found to address the antivirus requirement (Requirement 5) of the PCI certification. In contrast, Coalfire has determined that CrowdStrike Falcon with its powerful unified combination of next-generation antivirus and endpoint detection and response (EDR) capability addresses unprecedented five PCI DSS requirements across three different objectives, namely:

  1. Do not use vendor-supplied defaults for system passwords and other security parameters

Requirement 2. Objective: Build and Maintain a Secure Network and Systems

  1. Protect all systems against malware and regularly update anti-virus software or programs

Requirement 5. Objective: Maintain a Vulnerability Management Program

  1. Develop and Maintain Secure Systems and Applications

Requirement 6. Objective: Maintain a Vulnerability Management Program

  1. Track and Monitor All Access To Network Resources and Cardholder Data

Requirement 10. Objective: Regularly Monitor and Test Networks

  1. Regularly Test Security Systems and Processes

Requirement 11. Objective: Regularly Monitor and Test Networks

In the report, Coalfire states, “CrowdStrike Falcon™ Platform capabilities in detection and responding to threats, and associated collection of activities makes CrowdStrike a suitable solution for addressing system protection and monitoring requirements for PCI DSS v3.2.”

According to Gartner’s report, entitled ‘Ensuring a Successful PCI DSS Assessment,’ “Payment security breaches are common, with many reported in the media. The recovery costs and fines for a breach of payment data can be significant, and affect ongoing business as usual through higher authorization and settlement fees.”[1]

“With this validation, organizations and businesses using CrowdStrike’s solutions for PCI DSS compliance can rest assured that their customers are the beneficiaries of unmatched capabilities for protecting their financial information,” said Colin Black, CrowdStrike’s chief information officer. “This third-party assessment spells out in step-by-step detail how the Falcon platform can help in addressing five different requirements – particularly in the areas of deployment, prevention and visibility – associated with the PCI DSS standards. CrowdStrike’s unique combination of next-generation antivirus, EDR and managed hunting gives our customers and, in turn, their own customers, the best option for stopping breaches.”

As part of its next-generation endpoint protection technology, CrowdStrike uses powerful signatureless machine learning algorithms and Indicators-of-Attack (IoA) based threat prevention to identify and block known and unknown threats. In addition, Falcon Host provides enhanced visibility within its endpoint detection and response (EDR) solution. It records all activities of interest on an endpoint for deeper inspection — on the fly and after the fact — allowing users to quickly detect and investigate attacks that passed through traditional prevention mechanisms. CrowdStrike Falcon’s unique architecture allows for fast deployments and unparalleled efficacy and scalability.

You can learn more about how Falcon Host can help organizations comply with PCI DSS and other regulatory standards at this video.


About CrowdStrike

CrowdStrike is the leader in next-generation endpoint protection, threat intelligence and response services. CrowdStrike’s core technology, the CrowdStrike Falcon™ platform, stops breaches by preventing and responding to all types of attacks – both malware and malware-free. CrowdStrike has revolutionized endpoint protection by being the first and only company to unify three crucial elements: next-generation antivirus, endpoint detection and response (EDR), and a 24/7 managed hunting service — uniquely delivered via the cloud in a single lightweight sensor. Falcon uses the patent-pending CrowdStrike Threat Graph™ to analyze and correlate billions of events in real time, providing complete protection and five-second visibility across all endpoints. The company leads threat prevention with its potent combination of signatureless machine learning and behavioral-based analytics.

Many of the world’s largest organizations already put their trust in CrowdStrike, including three of the 10 largest global companies by revenue, five of the 10 largest financial institutions, three of the top 10 health care providers, and three of the top 10 energy companies. CrowdStrike Falcon is currently deployed in more than 176 countries.

We Stop Breaches. Learn more:

Follow us: Blog | Twitter


Media Contact:
Cris Paden


[1] Gartner, Ensuring a Successful PCI DSS Assessment, by Jonathan Care, published 05 October 2015