What does Falcon Discover do?
Falcon Discover™ provides the awareness to identify who and what is on your network. From there, you can address potential blind spots in your security architecture and be ready when the next attack comes. This is accomplished with Discover’s three key capabilities:
- Application Inventory: See what applications and which versions are running in your environment, and be able to pinpoint suspicious applications that pose a threat to your organization.
- Asset Inventory: See all the devices on your network, including whether or not they are protected by the CrowdStrike Falcon® platform. Drill down into which assets are managed, unmanaged, or unsupported by the Falcon agent to identify blind spots in your security architecture.
- Account Monitoring: Have visibility into all the users active in your network, their admin privileges, logon history, and password update information.
Is Falcon Discover part of the Falcon Platform?
Yes, Falcon Discover is CrowdStrike’s IT hygiene solution, and as part of the Falcon platform, it’s enabled via the same lightweight agent as the rest of CrowdStrike’s platform. It can be purchased individually with an annual subscription, but is best implemented as part of the CrowdStrike Falcon endpoint protection solution. Falcon Discover provides the awareness your organization needs to identify and address gaps in your security.
Why is IT hygiene important?
With organizations scaling their data systems at an unprecedented rate, managing evolving and heterogeneous environments can be challenging – especially when IT teams lack visibility into who and what is active on the network. Having visibility across your environment is the first step in eliminating the blind spots that can lead to breaches and data loss.
How do I access Falcon Discover?
As part of the CrowdStrike platform, Falcon Discover is accessed as an application via the Falcon management console.
What problems does Falcon Discover help solve for my organization?
CrowdStrike believes that a proactive, hygiene-first approach to security is needed in order to stay ahead of today’s sophisticated adversaries. Understanding the devices, applications, and users on your network is an important first step in managing your organization’s security.
What is IT Hygiene and how is it related to security?
IT hygiene starts with visibility. By seeing everything in your data environment, you can ensure that your security encompasses every endpoint, empowering you to prevent malicious users and applications from operating within your network.
Does Falcon Discover require an additional agent?
No, all Falcon endpoint protection modules, including Falcon Discover, are delivered via the single Falcon agent, and can be enabled without requiring additional components to be deployed. Falcon Discover is accessed in the Falcon management console along with all other CrowdStrike applications.
What makes Falcon Discover Unique?
CrowdStrike is the first company to uniquely combine next-generation antivirus (NGAV), endpoint detection and response (EDR), 24/7 managed threat hunting, threat intelligence, and now, with Falcon Discover, IT hygiene. As part of the CrowdStrike Falcon platform, Falcon Discover provides immediate time-to-value, real-time and historical insight, as well as unprecedented speed and coverage. Moreover, it provides the bridge between IT and security teams looking to understand the “who, what, and where” of their environment. IT administrators can ensure compliance for user applications and account usage, while security teams can address gaps in security and investigate suspicious users and applications.
What key benefits does Falcon Discover enable for organizations?
Falcon Discover provides three key benefits to organizations looking to improve their security posture with IT hygiene.
Immediate Time-to-Value — Falcon Discover is enabled via the same lightweight agent as the Falcon platform, deploying and scaling instantly to meet the needs of your organization. Using this agent, you can enable the entire Falcon endpoint protection solution without having to “bolt on” additional agents or products. Simply deploy the Falcon agent and start cleaning up your environment in minutes.
Continuous Monitoring and Historical Insight — Falcon Discover provides continuous monitoring and reporting, with the ability to gain historical insight without the need for periodic client scanning. Users can instantaneously search for users, assets and applications without scanning systems and affecting their performance.
Speed and Coverage — Searches for assets, application usage, and user logon information is correlated against data in the CrowdStrike cloud in real time. Results are correlated with devices that are online, offline or not connected to the corporate network. This flexible search capability makes it easy to pinpoint vulnerabilities in your environment and deploy CrowdStrike Falcon immediately.
Is Falcon Discover offered as a standalone service?
Yes, Falcon Discover can be purchased as a standalone service and accessed via the Falcon platform management console. Customers can, at any time, add additional solutions from the Falcon platform to upgrade their endpoint protection suite. Adding additional solutions requires no additional agents, reboots or system downtime, and can be accomplished in minutes.
How long does Falcon Discover retain the data it’s gathering?
Retention times for each area are as follows:
- Application Inventory and Usage Tracking — Track what applications have been used, including known suspicious applications with 90 days of historical visibility.
- Account Monitoring and Logon History — See who has logged on to your network, the hosts used and users’ actions over the past 90 days.
- Asset Inventory — Identify new and unmanaged assets on your network with up to 72 hours of historical visibility.
For more details read the Falcon Discover data sheet.
Falcon Discover for AWS:
If I am an existing Falcon Discover customer am I entitled to Falcon Discover for AWS?
Yes – an existing customer is entitled to Falcon Discover for AWS. If you would like this feature enabled, you will need to create a support ticket via our support portal.
What is Amazon EC2?
Amazon Elastic Cloud Compute is a virtual server running either Linux or Windows in AWS
What problem does Falcon Discover for AWS solve for the customer?
Falcon Discover for AWS provides extensive and detailed visibility over EC2 instances. It quickly enumerates existing EC2 deployments across all regions (including instances without the Falcon sensor installed) and subsequently monitors cloud trail logs for any modifications to the environment. The data capture is presented in a dashboard in the Falcon Management Console allowing users to quickly identify all EC2 assets running across all AWS accounts and regions in one centralized view. This dashboard will also highlight instances that do not have Falcon installed, allowing customers to quickly identify security gaps. In addition, rich AWS specific context will be presented to allow for timely triaging and response to security events on EC2 instances.