CrowdStrike Falcon® Identity Protection
Stop identity-based attacks in real time
Stop identity-based attacks in real time
The industry’s only adversary-focused platform that unifies endpoint and identity protection.
Products and services
CrowdStrike Falcon® Identity Threat Detection
Provides deep visibility into identity based incidents and anomalies across a complex hybrid identity landscape, comparing live traffic against behavior baselines and policies to detect attacks and lateral movement in real time.
CrowdStrike Falcon® Identity Threat Protection
Detects and stops identity-driven breaches in real-time across a complex hybrid identity landscape - with a single sensor and a unified threat interface with attack correlation across endpoints, workloads, and identity.
Modern attacks require unified
identity protection
Existing endpoint-only solutions are not able to keep up with modern, sophisticated attacks where the adversary can leverage valid credentials to move laterally undetected.
80%
Of attacks involve stolen or misused credentials
112%
Increase in access broker ads on the dark web
25%
Of attacks are from unmanaged hosts
Why choose Falcon Identity Protection?
One platform, one agent
One platform, one agent
Unlike point solutions with multiple agents, CrowdStrike Falcon delivers this capability with a single sensor that can be deployed anywhere in the customer environment, vastly simplifying the collection of telemetry across endpoint and identity.
Unified view of threats with tight correlation
Unified view of threats with tight correlation
CrowdStrike’s unique approach provides a unified view of threats and real-time correlation with threat intelligence and adversary tradecraft, the only effective method to get full visibility into attack paths covering all aspects of the adversary toolkit.
Real-time protection to stop attacks
Real-time protection to stop attacks
With hyper-accurate detection of identity-based threats, extend MITRE ATT&CK® coverage and stop modern attacks like ransomware in real time by leveraging the industry’s leading threat intelligence and enriched telemetry.
Falcon Identity Protection by the numbers
Falcon Identity Protection by the numbers
Faster and more accurate detections with lower cost and complexity.
85%
Faster detection of identity anomalies, offsetting roughly 5,000 total investigation hours
57%
Improvement in security posture, reducing risk of stolen/misused credentials
5+
Tools and agents eliminated by consolidating into the Falcon platform
Active Directory (AD) Risk Review

Falcon Identity Protection key capabilities
Deep visibility across hybrid identity landscape
Get deep visibility into identity-based incidents and anomalies across a complex hybrid identity landscape, comparing live traffic against behavior baselines.
Hyper-accurate detections of identity attacks
Automatically classify identities into human, service, and privileged accounts across hybrid identity stores. Detect lateral movement and anomalous traffic in real time by any user or service account.
Risk-based conditional access
Leverage platform approach and tight correlation to orchestrate rapid, automatic response to block threats in real time via a flexible policy engine.
Frictionless multi-factor authentication (MFA) into legacy apps
Extend risk-based MFA to any resource or application, including legacy systems like desktops that are not covered by cloud-based MFA solutions, tools like PowerShell and protocols like RDP over NTLM.
Customer case studies

-Ryan Melle, SVP, CISO, Berkshire Bank

-Steven Townsley, Head of Information Security, Mercedes-AMG Petronas F1 Team

-John Baldwin, Senior IT Manager, Cybersecurity, Pella Corporation
Tested and proven leader
In this analyst paper, John Tolbert from KuppingerCole makes the case as to why a unified security and identity approach is necessary to deter malicious actors.

In this technical validation paper, ESG analyzes and validates CrowdStrike Falcon® Identity Protection’s features and functions that can solve real customer use cases with unified Active Directory visibility, intuitive threat hunting, advanced behavior analysis, and risk scoring, policy enforcement, and automated threat prevention.