CrowdStrike Falcon® Identity Protection
Stop identity-based attacks in real time

The industry’s only adversary-focused platform that unifies endpoint and identity protection.

Products and services

CrowdStrike Falcon® Identity Threat Detection

Provides deep visibility into identity based incidents and anomalies across a complex hybrid identity landscape, comparing live traffic against behavior baselines and policies to detect attacks and lateral movement in real time.

CrowdStrike Falcon® Identity Threat Protection

Detects and stops identity-driven breaches in real-time across a complex hybrid identity landscape - with a single sensor and a unified threat interface with attack correlation across endpoints, workloads, and identity.

Modern attacks require unified
identity protection

Existing endpoint-only solutions are not able to keep up with modern, sophisticated attacks where the adversary can leverage valid credentials to move laterally undetected.


Of attacks involve stolen or misused credentials


Increase in access broker ads on the dark web


Of attacks are from unmanaged hosts

Why choose Falcon Identity Protection?

One platform, one agent

Unlike point solutions with multiple agents, CrowdStrike Falcon delivers this capability with a single sensor that can be deployed anywhere in the customer environment, vastly simplifying the collection of telemetry across endpoint and identity.

Unified view of threats with tight correlation

CrowdStrike’s unique approach provides a unified view of threats and real-time correlation with threat intelligence and adversary tradecraft, the only effective method to get full visibility into attack paths covering all aspects of the adversary toolkit.

Real-time protection to stop attacks

With hyper-accurate detection of identity-based threats, extend MITRE ATT&CK® coverage and stop modern attacks like ransomware in real time by leveraging the industry’s leading threat intelligence and enriched telemetry.

Falcon Identity Protection by the numbers

Faster and more accurate detections with lower cost and complexity.


Faster detection of identity anomalies, offsetting roughly 5,000 total investigation hours


Improvement in security posture, reducing risk of stolen/misused credentials


Tools and agents eliminated by consolidating into the Falcon platform

Active Directory (AD) Risk Review

Eight out of 10 attacks use stolen credentials. Understand how to protect your organization from identity-based threats with instant visibility into your Microsoft AD hygiene.

Request a free review

Falcon Identity Protection key capabilities

Extended MFA

Deep visibility across hybrid identity landscape

Get deep visibility into identity-based incidents and anomalies across a complex hybrid identity landscape, comparing live traffic against behavior baselines.

Hyper-accurate detections of identity attacks

Automatically classify identities into human, service, and privileged accounts across hybrid identity stores. Detect lateral movement and anomalous traffic in real time by any user or service account.

Risk-based conditional access

Leverage platform approach and tight correlation to orchestrate rapid, automatic response to block threats in real time via a flexible policy engine.

Frictionless multi-factor authentication (MFA) into legacy apps

Extend risk-based MFA to any resource or application, including legacy systems like desktops that are not covered by cloud-based MFA solutions, tools like PowerShell and protocols like RDP over NTLM.

Tested and proven leader

In this analyst paper, John Tolbert from KuppingerCole makes the case as to why a unified security and identity approach is necessary to deter malicious actors.

In this technical validation paper, ESG analyzes and validates CrowdStrike Falcon® Identity Protection’s features and functions that can solve real customer use cases with unified Active Directory visibility, intuitive threat hunting, advanced behavior analysis, and risk scoring, policy enforcement, and automated threat prevention.