CrowdStrike Falcon® Identity Threat Protection
CrowdStrike Falcon® Identity Threat Protection enables hyper accurate threat detection and real-time prevention of identity-based attacks combining the power of advanced AI, behavioral analytics and a flexible policy engine to enforce risk-based conditional access.
Request a demo
Frictionless Realtime Protection From Identity-based Threats
Gain visibility of workforce identities across multi-directory environments
Falcon Identity Threat Protection enables unified visibility and control of user access to applications, resources and identity stores, with actionable insights into user behavior and risks, eliminating security blindspots across hybrid environments.
GET HYPER-ACCURATE THREAT DETECTION AND REDUCE RESPONSE TIMES DRAMATICALLY
Falcon Identity Threat Protection reduces false positives, brings down the mean time to detect and resolve incidents by eliminating the need for complex, error-prone log analysis, and improves SOC analysts’ efficiencies by cutting down alert fatigue.
ENABLE REAL-TIME PREVENTION OF IDENTITY-BASED ATTACKS WITH CONDITIONAL ACCESS POLICIES
Falcon Identity Threat Protection enforces consistent risk-based policies to automatically block, allow, audit or step up authentication for every identity, at the same time ensuring a frictionless login experience for genuine users.
How Does Falcon Identity Threat Protection Help?
SEGMENT WORKFORCE IDENTITIES
- Provides continuous multi-directory visibility into the scope and the impact of access privileges for identities across Microsoft Active Directory (AD), Azure AD and cloud single sign-on (SSO) solutions.
- Automatically classifies identities into hybrid (identities that are on on-premises and cloud AD) and cloud-only (identities that reside only on Azure AD).
- Segments accounts into human, service, shared accounts and privileged accounts.
- Provides a customizable attack surface overview with insights into user risk and behavior changes over time, like an increase in account lockouts, high-risk endpoints, compromised passwords, etc.
AUTOMATE THREAT DETECTION AND RESPONSE
- Enables hybrid identity store protection with continuous inspection of live authentication traffic, including encrypted protocols such as LDAP/S.
- Provides continuous assessment of security and incidents around identity threats without requiring the ingestion of logs or complex analysis.
- Uncovers reconnaissance (e.g., LDAP, BloodHound, SharpHound, credential compromise attacks), lateral movement (e.g., RDP, Mimikatz tool, unusual endpoint usage, unusual service logins, etc), and persistence (e.g., Golden Ticket attack) with advanced analytics and patented machine learning technology.
- Speeds up security investigations using intuitive threat hunting, with predefined search criteria, like but not limited to authentication events, unencrypted protocols, user roles, IP reputation and risk scores.
VERIFY IDENTITIES WITH ZERO FRICTION
- Defines and enforces policies in real time, based on authentication patterns, behavior baselines and individual risk scores to verify identities using step-up authentication such as multifactor authentication (.e.g MFA).
- Automatically secures access to identity stores and applications, with improved user experience, by triggering identity verification only when the risk increases or if there’s a deviation from normal behavior.
- Reduces the attack surface by extending MFA to any resource or application, including legacy/proprietary systems and tools — for example, desktops that are not covered by cloud-based MFA solutions, and tools like PowerShell and protocols like RDP over NTLM.
- Automatically resolves security incidents that the user approves using identity verification methods such as 2FA/MFA, without involving security analysts and help desk tickets.
CUSTOMERS THAT TRUST CROWDSTRIKE
Trusted and proven leader
CrowdStrike is proud to be recognized a leader by industry analyst and independent testing organizations.
Gartner Peer Insights
“Simple and ready-to-use integrations with existing IAM platforms (Ping & Okta) and overall ease of deployment.” – Manager, $30B Services Company
Gartner Peer Insights
“Provided significant visibility into our authentication environment — specifically, finding cases where service accounts were being used interactively, or where privileged accounts were being shared for convenience. It has enabled us to exert greater control over our privileged account infrastructure and reduce risk” – CISO, $10B Finance Company
Frost & Sullivan
“The overall savings using Falcon Identity Protection could be as much as $5,184,000.” – Frost and Sullivan, December 2020 Zero Trust Report
Visit our third-party evaluations page to see how CrowdStrike performed against the industry’s most rigorous tests and trials.