A search engine
The CrowdStrike Falcon® platform has revolutionized security through the innovative use of the cloud to deliver protection to customers across the globe. This platform has grown to be the largest and most active repository of threat events and artifacts in the industry, indexing over 150 billion events per day and amassing a 300TB collection of 400 million files. CrowdStrike's patent pending indexing technology makes all of this data available for real-time search. Organizations can now search for malware — both metadata and binary content — and get results from the Falcon platform in seconds. Combining fast and comprehensive malware search with CrowdStrike Falcon Intelligence™ gives Security Operations Center (SOC) analysts and threat researchers the advantage they need to stay ahead of the adversary.
Getting ahead of adversaries with a powerful malware search engine
Security professionals are in a constant race against sophisticated adversaries. Standard malware research tools are simply too slow to keep pace with the adversary. Falcon Search Engine dramatically increases the speed of malware research while simultaneously enriching the search results with CrowdStrike's world-class threat intelligence, yielding the necessary insights to take protective action before the adversary can adapt.
ARE THERE OTHER
VARIANTS OF IT?
HOW DO I TAKE
ACTION AGAINST IT?
Malware analysis is a critical tool for staying ahead of the adversary. Unfortunately, the tools and resources needed to conduct this research have not kept pace with the rapidly evolving threat landscape. Research with existing tools is slow and lacks the depth and accuracy needed to be effective. This results in incorrect analysis that can mar protection efforts with false positives. CrowdStrike Falcon MalQuery changes all of this.
The power of the
cloud & crowd
Falcon Search Engine brings game-changing speed to your Security Operations Center by leveraging the Falcon platform. CrowdStrike sees over 150 billion unique security events per day from its install base that spans 170 countries, and has amassed the industry's largest collection of searchable malware. Patent pending indexing technology puts all of this at your fingertips and delivers real-time search results with Falcon MalQuery.
Malware search at the speed of the cloud
Falcon MalQuery establishes a new benchmark for how quickly, easily and comprehensively malware search is performed.
Falcon MalQuery streamlines malware research by delivering the following capabilities:
Delivers results in seconds that include related malware samples and all of their attributes, including insights from CrowdStrike intelligence
Indexes file metadata as well as binary content from the largest searchable collection of malware in the world
Simplifies search by supporting simple, plain text (ASCII and Unicode) or binary search (HEX) along with YARA-based queries
Reduces YARA rule testing and tuning iterations from hours to seconds
Expands without compromise, starting with five years of historical data and constantly growing
KNOWLEDGE IS POWER
Falcon MalQuery is a major step forward in enabling malware research. It empowers security professionals to move faster than the adversary and gain the tactical advantage needed to defend their organizations against today’s sophisticated threats.
Falcon MalQuery is the fastest malware search engine in the security industry — over 250 times faster than other search tools. This is made possible by its exclusive, patent pending indexing technology. Search results are instant and can be quickly refined for even more precise results. By returning only the most relevant results, Falcon MalQuery also eliminates time wasted on investigating irrelevant samples.
Search results come from the largest and most complete collection of malware available in the industry. Falcon MalQuery indexes both a file’s metadata and the actual content within the file to ensure all data is searchable by the user. Those results are then augmented with CrowdStrike intelligence so the severity and context of the threat is clear.
The ultimate goal of malware research is enhanced protection. Faster and more accurate search results streamline security operations, enabling the creation of more effective protection rules. Real-time search then speeds the process of YARA rule tuning and testing, empowering researchers to craft powerful protection rules in minutes instead of hours or days. These rules can then be shared with other security solutions in your arsenal, ensuring proactive defense against tomorrow’s threats.