Cyber Threat & Malware Search Engine: CrowdStrike Falcon MalQuery

A search engine for cybersecurity

CrowdStrike Falcon® MalQuery is an advanced, cloud-native malware research tool that enables security professionals and researchers to quickly search a massive dataset of malware samples, validating potential risks and stay ahead of would-be attackers. At the core of Falcon MalQuery is a multi-petabyte collection of over 3.5 billion files, indexed by patent-pending technology.

Falcon MalQuery makes all of this data available for real-time search. Organizations can now search for all types of malware — both metadata and binary content — and get results from the Falcon platform in seconds. Combining fast and comprehensive malware search with CrowdStrike Falcon® Intelligence gives Security Operations Center (SOC) analysts and threat researchers the advantage they need to stay ahead of the adversary.

Computer screen

Getting ahead of adversaries with a powerful malware search engine


Security professionals are in a constant race against sophisticated threat actors. Standard malware research tools are simply too slow to keep pace with the adversary. Falcon MalQuery dramatically increases the speed of malware research while simultaneously enriching the search results with CrowdStrike's world-class threat intelligence, yielding the necessary insights to take protective action before the adversary can adapt.

is-this-malware


Is this malware?

malquery1


Are there other variants of it?

who-created-it


Who created it?


How do I take action against it?

Malware analysis is critical for staying ahead of the adversary

Unfortunately, the tools and resources needed to conduct this research have not kept pace with the rapidly evolving threat landscape. Research with existing tools is slow and lacks the depth and accuracy needed to be effective. This results in incorrect analysis that can mar protection efforts with false positives. CrowdStrike Falcon® MalQuery changes all of this.

Malware search at the speed of the cloud

Falcon MalQuery streamlines malware research by delivering the following capabilities

  • Delivers results in seconds that include related malware samples and all of their attributes, including insights from CrowdStrike intelligence
  • Indexes file metadata as well as binary content from the largest searchable collection of malware in the world
  • Simplifies search by supporting simple, plain text (ASCII and Unicode) or binary search (HEX) along with YARA-based queries
  • Reduces YARA rule testing and tuning iterations from hours to seconds
  • Expands without compromise, starting with five years of historical data and constantly growing
Laptop

Knowledge is power

Falcon MalQuery is a major step forward in enabling malware research. It empowers security professionals to move faster than the adversary and gain the tactical advantage needed to defend their organizations against today’s sophisticated threats.

Speed

Falcon MalQuery is one of the fastest malware search engine in the security industry — over 250 times faster than other search tools. This is made possible by its exclusive, patent pending indexing technology. Search results are instant and can be quickly refined for even more precise results. By returning only the most relevant results, Falcon MalQuery also eliminates time wasted on investigating irrelevant samples.

Stopwatch icon

Clarity

Search results come from the largest and most complete collection of malware available in the industry. Falcon MalQuery indexes both a file’s metadata and the actual content within the file to ensure all data is searchable by the user. Those results are then augmented with CrowdStrike intelligence so the severity and context of the threat is clear.

Magnifying glass icon

Protection

The ultimate goal of malware research is enhanced protection. Faster and more accurate search results streamline security operations, enabling the creation of more effective protection rules. Real-time search then speeds the process of YARA rule tuning and testing, empowering researchers to craft powerful protection rules in minutes instead of hours or days. These rules can then be shared with other security solutions in your arsenal, ensuring proactive defense against tomorrow’s threats.

Protection icon