CrowdStrike Falcon® Identity Protection
Stop identity-based attacks in real time

The industry’s only adversary-focused platform that unifies endpoint and identity protection.

Get a free AD Risk Review Start free trial

Products and services

CrowdStrike Falcon® Identity Threat Detection

Provides deep visibility into identity based incidents and anomalies across a complex hybrid identity landscape, comparing live traffic against behavior baselines and policies to detect attacks and lateral movement in real time.

Download data sheet

CrowdStrike Falcon® Identity Threat Protection

Detects and stops identity-driven breaches in real-time across a complex hybrid identity landscape - with a single sensor and a unified threat interface with attack correlation across endpoints, workloads, and identity.

Download data sheet

Modern attacks require unified
identity protection

Existing endpoint-only solutions are not able to keep up with modern, sophisticated attacks where the adversary can leverage valid credentials to move laterally undetected.

80%

Of attacks involve stolen or misused credentials

112%

Increase in access broker ads on the dark web

25%

Of attacks are from unmanaged hosts

Why choose Falcon Identity Protection?

One platform, one agent

Unlike point solutions with multiple agents, CrowdStrike Falcon delivers this capability with a single sensor that can be deployed anywhere in the customer environment, vastly simplifying the collection of telemetry across endpoint and identity.

Unified view of threats with tight correlation

CrowdStrike’s unique approach provides a unified view of threats and real-time correlation with threat intelligence and adversary tradecraft, the only effective method to get full visibility into attack paths covering all aspects of the adversary toolkit.

Real-time protection to stop attacks

With hyper-accurate detection of identity-based threats, extend MITRE ATT&CK® coverage and stop modern attacks like ransomware in real time by leveraging the industry’s leading threat intelligence and enriched telemetry.

Falcon Identity Protection by the numbers

Faster and more accurate detections with lower cost and complexity.

85%

Faster detection of identity anomalies, offsetting roughly 5,000 total investigation hours

57%

Improvement in security posture, reducing risk of stolen/misused credentials

5+

Tools and agents eliminated by consolidating into the Falcon platform

Active Directory (AD) Risk Review

Eight out of 10 attacks use stolen credentials. Understand how to protect your organization from identity-based threats with instant visibility into your Microsoft AD hygiene.

Request a free review

Falcon Identity Protection key capabilities

Visibility
Detection
Protection
Extended MFA

Deep visibility across hybrid identity landscape

Get deep visibility into identity-based incidents and anomalies across a complex hybrid identity landscape, comparing live traffic against behavior baselines.

Hyper-accurate detections of identity attacks

Automatically classify identities into human, service, and privileged accounts across hybrid identity stores. Detect lateral movement and anomalous traffic in real time by any user or service account.

Risk-based conditional access

Leverage platform approach and tight correlation to orchestrate rapid, automatic response to block threats in real time via a flexible policy engine.

Frictionless multi-factor authentication (MFA) into legacy apps

Extend risk-based MFA to any resource or application, including legacy systems like desktops that are not covered by cloud-based MFA solutions, tools like PowerShell and protocols like RDP over NTLM.

Customer case studies

Berkshire Bank thumbnail
Berkshire Bank
“After deploying Falcon Identity Threat Protection, we did another penetration test and immediately saw the benefits of the enhanced visibility.”
-Ryan Melle, SVP, CISO, Berkshire Bank
Featured Report
Mercedes-AMG Petronas F1 team
“Since deploying Falcon Identity Protection, we’ve had a massive uplift in what we can see with regard to credentials, privileged identities, different attack paths and how we can mitigate them.”
-Steven Townsley, Head of Information Security, Mercedes-AMG Petronas F1 Team
Pella corporation thumbnail
Pella Corporation
"We are very happy with the way it provides visibility and helps with baseline anomaly detection. Given that a lot of threats are identity-driven, you need to watch what your credentials are doing.”
-John Baldwin, Senior IT Manager, Cybersecurity, Pella Corporation

Tested and proven leader

In this analyst paper, John Tolbert from KuppingerCole makes the case as to why a unified security and identity approach is necessary to deter malicious actors.

In this technical validation paper, ESG analyzes and validates CrowdStrike Falcon® Identity Protection’s features and functions that can solve real customer use cases with unified Active Directory visibility, intuitive threat hunting, advanced behavior analysis, and risk scoring, policy enforcement, and automated threat prevention.

Related resources