CrowdStrike Falcon® Identity Protection
A full 80% of all breaches use compromised identities. Stop breaches faster by protecting workforce identities everywhere leveraging advanced AI in the world’s largest unified, threat-centric data fabric.
Start free trial
Benefits
REDUCE COSTS AND RISK ACROSS THE ENTERPRISE
-
![REAL-TIME DETECTION </br>AND PREVENTION]()
REAL-TIME DETECTION AND PREVENTION
Get hyper-accurate detection of identity-based threats, extend MITRE ATT&CK® coverage and stop modern attacks like ransomware in real-time by leveraging the industry’s leading threat intelligence and enriched telemetry.
-
![triage icon]()
INSTANT ROI
Reduce risk and costs by eliminating security products or processes, immediately reducing engineering headcount requirements and increasing ROI from existing tools.
-
![resources icon]()
UNIFIED CONTROL OF EVERY IDENTITY
Accelerate key identity projects like Conditional Access and Adaptive Authentication, and ensure better Multifactor authentication (MFA) coverage and user experience everywhere — even for legacy systems, single sign-on (SSO) and remote users.
Capabilities
Make Stopping Breaches Personal: Choose the Right Strategy
-
![Falcon Identity Threat Protection]()
Falcon Identity Threat Protection
Enable hyper accurate threat detection and real time prevention of identity-based attacks combining the power of advanced AI, behavioral analytics and a flexible policy engine to enforce risk-based conditional access.
-
![Falcon Identity Threat Detection]()
Falcon Identity Threat Detection
Realize deeper visibility for identity-based attacks and anomalies in real time without requiring ingestion of log files. Ideal for organizations that want only identity-based threat incident alerts and threat hunting, but not automated prevention of threats.
Use Cases
How Falcon Identity Protection Works
Secure Active Directory (AD)
- Gain instant visibility into AD (on-premises and cloud) and identify shadow administrators, stale accounts, shared credentials and other AD attack paths. Learn more
- Harden AD security and reduce risks by monitoring authentication traffic and user behavior, using policies to proactively detect anomalies. Download AD hardening guide
- Improve AD security hygiene with continuous monitoring for credential weakness, access deviations and password compromises with dynamic risk scores for every user and service account. Learn more
Secure, Frictionless Remote Access
- Gain complete visibility into the authentication activity of all accounts and endpoints (managed and unmanaged), including location information, login type (human or service accounts), source and destination, including via SSL-VPN and RDP, across on-premises and cloud deployments
- Reduce the attack surface by identifying stealthy admins, misused service accounts and anomalous user behavior in virtual desktop infrastructure (VDI) environments making unauthorized RDP attempts
- Protect against insider threats, privileged user threats and credential compromise from lateral movement attacks. Learn more
Extend MFA Security Everywhere
- Protect unmanaged endpoints with risk-based conditional access by leveraging existing Ping and Okta deployments. Learn how a Fortune 500 company accomplished secure remote access for thousands of users in weeks
- Extend MFA protection to legacy applications and tools using proprietary analytics on user behavior and authentication traffic
- Block access or trigger MFA only when risk increases, securing critical applications and data and making remote access frictionless for users. Read best practices. Download the ESG Technical Validation White Paper for Your Hybrid Infrastructure for Conditional Access
INTEGRATIONS
The Falcon Identity Protection solution ensures frictionless deployment by integrating with existing security architecture, and working with existing IAM solutions and IT tools.
- SOAR: With pre-integrations with products like Splunk Phantom and Palo Alto Network’s Cortex XSOAR, the solution works around existing infrastructure and SOC run books
- SIEM: While the solution does not require log ingestion, the taking in of logs from SIEM, VPN and other sources can provide additional context. And, of course, the system can output logs to SIEM for compliance needs
- SSO: Pre-integrations with Okta and Ping ensure leverage of existing SSO infrastructure to stop identity-based threats faster
- MFA: Leverage an existing MFA solution like Duo and challenge users only when required, avoiding MFA fatigue
- Falcon Identity Protection integrates with CyberArk, Axonius and other critical IT security tools
- With state-of-the-art, high-performance APIs, enterprises can leverage risk scoring and other data for other systems
Product Validation
Customers Trust CrowdStrike
Trusted and proven leader
CrowdStrike is proud to be recognized a leader by industry analyst and independent testing organizations.
-
![[For Modules Only] Preempt CSO Peer Review from $500M Company]()
Gartner Peer Insights
“Easy to deploy” – CSO, $500M company, Services Industry
-
![[For Modules Only] Preempt CISO Peer Review from $3B Company]()
Gartner Peer Insights
“The best line of defense for privileged access.” – CISO, $3B company, Finance Industry
-
![[For Modules Only] Preempt Frost & Sullivan Zero Trust Report]()
Frost & Sullivan
“The overall savings using Falcon Identity Protection could be as much as $5,184,000.” – Frost and Sullivan, December 2020 Zero Trust Report
![[For Modules Only] Preempt CSO Peer Review from $500M Company](https://www.crowdstrike.com/wp-content/uploads/2021/12/gartner-peer-insights-logo.png){kind=logo}
![[For Modules Only] Preempt Frost & Sullivan Zero Trust Report](https://www.crowdstrike.com/wp-content/uploads/2020/12/frost-and-sullivan-blue-logo.png){kind=logo}
Visit our third-party evaluations page to see how CrowdStrike performed against the industry’s most rigorous tests and trials.