AUTOMATED THREAT ANALYSIS
Falcon X enables customers of all sizes to better understand the threats they face and empowers them to use that knowledge to defend against future attacks — making proactive security a reality.
Imagine you could automate each step of a cyberthreat investigation and reduce the time it takes to complete investigations from days to minutes: Your security team would be faster, better informed and able to protect the organization better — regardless of the team's size or expertise. Falcon X elevates everyone on the team, making them more proactive and more productive.
Falcon X combines the tools used by cyberthreat investigators into a seamless solution and performs the investigation automatically. The integrated toolset includes malware analysis, malware search and threat intelligence.
FALCON X: FEATURES
Automated Threat Analysis
All files quarantined by CrowdStrike Falcon endpoint protection are automatically investigated by Falcon X. This automation drives breakthrough efficiency gains for security operations teams, elevates the capabilities of all security analysts and unlocks critical security functionality for organizations without a security operations center.
Falcon X automatically produces intelligence specifically tailored for the threats you encounter in your environment. Customized indicators of compromise (IOCs) are immediately shared with other security tools via API, streamlining and automating the protection workflow. Cyberthreat intelligence related to the encountered attack is displayed alongside the alert, making it quick and easy for analysts to understand the threat and take action.
Falcon X enables in-depth analysis of unknown and zero-day threats that goes far beyond traditional approaches. Powered by the Falcon Sandbox, it employs a unique combination of static, dynamic and fine-grained memory analysis to quickly identify the evasive threats other solutions miss.
Connect the dots between the malware found on your endpoints and related campaigns, malware families or threat actors. Falcon X searches CrowdStrike Falcon Search Engine, the industry's largest malware search engine for related samples and within seconds expands the analysis to include all files and variants, leading to a deeper understanding of the attack and an expanded set of IOCs to defend against future attacks.
Actor attribution exposes the motivation and the tools, techniques and procedures (TTPs) of the attacker. Practical guidance is provided to prescribe proactive steps against future attacks and stop actors in their tracks.
Empower your team to do more with Falcon X
GLOBAL THREAT INTELLIGENCE
Access to CrowdStrike's industry-leading cyberthreat intelligence through these features:
Subscription to a weekly summary of worldwide
Access to 100+ actor profiles that expose
cybercriminals and hacktivists
Threat hunting with the ability to search a global
set of IOCs maintained and curated by the
CrowdStrike Falcon Intelligence™ team
Provides protection against future attacks with enriched IOCs that are easily shared with your security infrastructure via the Falcon X API
Offers access to CrowdStrike Falcon MalQuery™ — enabling researchers to search billions of malware samples and quickly determine the origin, behavior and potential threat of a malicious file
YARA AND SURICATA RULES
Expands your defenses with YARA and Suricata rules generated by threats found in your environment
Allows you to easily integrate malware analysis reports, actor profiles and IOCs into leading SIEM, TIP or Orchestration solutions via the Falcon X API
As part of the CrowdStrike Falcon platform, Falcon X is cloud-delivered, eliminating the need for on-premises infrastructure and ensuring one-day deployments.