CrowdStrike Falcon® Identity Protection
The world’s leading AI-native platform for identity threat detection and response (ITDR)

Stop identity-based attacks in real time with the industry’s only unified platform for endpoint security and identity protection.

See Falcon Identity Protection in action

For adversaries, stolen credentials grant swift access and control—an instant gateway to breach. In fact, 80% of all breaches involve stolen credentials. That’s why leading industry analyst firms are recommending Identity Threat Detection and Response (ITDR). See how Falcon Identity Protection uses unparalleled visibility, detection, and cross-domain correlation capabilities to protect your business from all types of identity-based attacks in real time.

Identity Threat Detection and Response

CrowdStrike offers two modules that address identity threat detection and response (ITDR) requirements:

CrowdStrike Falcon® Identity Threat Detection

Provides deep visibility into identity based incidents and anomalies across a complex hybrid identity landscape, comparing live traffic against behavior baselines and policies to detect attacks and lateral movement in real time.

CrowdStrike Falcon® Identity Threat Protection

Using a single sensor and unified threat interface with attack correlation across endpoints, workloads, and identity, Falcon Identity Threat Protection stops identity-driven breaches in real time.

Compare ITDR modules with our solution brief.

Stopping modern attacks requires unified
identity protection

Endpoint-only solutions aren’t able to keep up with modern, sophisticated attacks where the adversary can leverage valid credentials to move laterally undetected.


of attacks involve stolen or misused credentials


increase in access broker ads on the dark web


of attacks are from unmanaged hosts

Why choose Falcon Identity Protection?

One platform. One agent.

Unlike point solutions with multiple agents, Falcon Identity Protection uses a single sensor that can be deployed anywhere in the customer environment, vastly simplifying the collection of telemetry across endpoint and identity.

Unified view of threats with tight correlation

Our unique approach provides a unified view of threats and real-time correlation with threat intelligence and adversary tradecraft — the only effective method to get full visibility into attack paths covering all aspects of the adversary toolkit.

Real-time protection to stop attacks

With hyper-accurate detection of identity-based threats, extend MITRE ATT&CK® coverage and stop modern attacks like ransomware in real time by leveraging the industry’s leading threat intelligence and enriched telemetry.

Falcon Identity Protection by the numbers

Reduce complexity and experience the enhanced speed, accuracy, and cost-effectiveness of Falcon Identity Protection.


faster detection of identity anomalies, offsetting roughly 5,000 total investigation hours


improvement in security posture, reducing risk of stolen/misused credentials


tools and agents eliminated by consolidating into the Falcon platform

Download the Identity Protection Business Value white paper to learn more.

Active Directory (AD) Risk Review

Eight out of 10 attacks use stolen credentials. Understand how to protect your organization from identity-based threats with instant visibility into your Microsoft AD hygiene.

Request a free review

Falcon Identity Protection key capabilities

Extended MFA

Deep visibility across hybrid identity landscape

Get deep visibility into identity-based incidents and anomalies across a complex hybrid identity landscape, comparing live traffic against behavior baselines.

Hyper-accurate detections of identity attacks

Automatically classify identities into human, service, and privileged accounts across hybrid identity stores. Detect lateral movement and anomalous traffic in real time by any user or service account.

Risk-based conditional access

Leverage platform approach and tight correlation to orchestrate rapid, automatic response to block threats in real time via a flexible policy engine.

Frictionless multi-factor authentication (MFA) into legacy apps

Extend risk-based MFA to any resource or application, including legacy systems like desktops that are not covered by cloud-based MFA solutions, tools like PowerShell and protocols like RDP over NTLM.

Tested and proven leader

In his analyst paper, John Tolbert from KuppingerCole explains why a unified security and identity approach is needed to deter malicious actors.

In this technical validation paper, ESG analyzes and validates Falcon Identity Protection’s features and functions that can solve real customer use cases with unified Active Directory visibility, intuitive threat hunting, advanced behavior analysis, and risk scoring, policy enforcement, and automated threat prevention.