CrowdStrike Falcon® Device Control enables safe and accountable usage of USB devices across your organization. Using one lightweight agent, it uniquely combines visibility and granular control allowing IT and security administrators to ensure that approved USB devices are used appropriately in their environments. When used with Falcon Insight™, visibility is extended, adding searchable history and logs of USB device usage, including files written to devices.
CrowdStrike Falcon® Device Control FAQ
Want to see the Falcon Device Control in action? Get free access to the Falcon Platform:
Falcon Device Control ensures the safe utilization of USB devices by providing both visibility and granular control over those devices. Its seamless integration with the Falcon agent and platform provides device control functionality paired with full endpoint protection and endpoint detection and response (EDR) capabilities. This gives security and IT operations teams visibility into how devices are being used and the ability to precisely control and manage that usage.
- Effortless Visibility: Falcon Device Control provides automatic visibility across USB device usage and prevents intentional and unintentional insider risk. Files written to USB allows analysts to hunt data exfiltration with granular file meta data and source code ML detections, even with obfuscation attempts. It automatically discovers and captures detailed device information, and delivers real-time usage data that is easily accessed via pre-built dashboards and powerful search.
- Precise and Granular Control: Falcon Device Control offers granular access rights and provides device identification by vendor, product or serial number. It enables easy policy creation workflows and allows you to test policy impacts prior to enforcement.
- Extend Falcon Insight visibility: Gain access to searchable history and logs of USB device utilization. Device information includes usage logs, enforcement events, and file transfer activities.
- Get Your Information In One Place: See how USB devices are being used in your environment and gain additional context about host activity — all via the same console — without having to import additional logs or run separate queries to get visibility on USB device utilization.
- Implementation and Management Without Hassle: Falcon Device Control for Windows and macOS does not require installing or managing additional endpoint software. Falcon users can manage policies and access reports with the same console. Device activity events are integrated with Falcon endpoint protection, providing contextual understanding of endpoint activity.
As part of the Falcon platform and enabled via the Falcon agent, Falcon Device Control requires no additional agent. Activation requires a one-time reboot on Windows systems.
Falcon Device Control enables IT and security administrators to define and manage their device control policies via the Falcon management console.
You can set four different kinds of policies:
- Full Block: Device will be blocked.
- Read Only (Mass Storage Only): Users get read-only access but cannot write to the device.
- No Execute (Mass Storage Only): Users can’t execute programs from USB storage but can still copy the files from removable storage to a local drive.
- Full Access: Users have full access to the USB device. For mass storage, users have read/write/execute access to the USB drive.
You can create rules by class and exceptions by vendor ID, product ID or serial number.
Existing customers can contact sales to add Falcon Device Control to their subscriptions. Falcon Device Control can be used with both Falcon Prevent and Falcon Insight.
If you are not currently a CrowdStrike customer and are interested in this solution, please contact CrowdStrike Sales: firstname.lastname@example.org.
Falcon is licensed on a subscription basis per endpoint. For more information please contact us, request a quote, or buy now from the AWS Marketplace.