CrowdStrike® Falcon® Complete™ is a 100 percent hands-off and worry-free managed detection and response (MDR) solution which uniquely provides the people, process, and technology required to handle all aspects of endpoint, cloud workload and identity security, from onboarding and configuration to maintenance, monitoring, incident handling and remediation.
Falcon Complete FAQ: How the Service Works
Falcon Complete provides the technology platform, actionable intelligence and skilled expertise required to fully handle endpoint, cloud workload and identity security from beginning to end. The Falcon Complete Team works with you to identify your security requirements and operationalizes them using the CrowdStrike Falcon platform. Once your strategic security objectives have been identified, CrowdStrike’s skilled team of experts gets to work implementing the Falcon platform in your environment. The team then manages, monitors, and responds to threats impacting your organization, 24 hours a day, 365 days a year.
- Ensures peace of mind: With a team of experts on your side, you are assured that guidance, expertise and remote remediation is always available when you need it. CrowdStrike experts monitor your environment and take actions on detected threats — triaging, analyzing and executing on the countermeasures required to eradicate the threat.
- Reduces risk: Falcon Complete can remotely remediate incidents as they are detected, without needing to send IT personnel on site. It defends your environment 24/7, providing a team of experts who will take action to ensure that all incidents are handled quickly and effectively, reducing the risk of a serious breach.
- Provides assistance to ensure you are fully operational: The Falcon Complete Team works with your organization from the beginning, assisting your team throughout the deployment process. During this interactive phase, CrowdStrike will help you understand the prevention capabilities of the Falcon platform and tailor a security postures that best fits your business and security needs. After initial implementation, the CrowdStrike Falcon Complete Team will administer the updates and maintenance of the solution on your behalf.
- Manages day to day alerts: The Falcon Complete Team reviews, triages, prioritizes and resolves any alerts generated by the Falcon platform and Falcon OverWatch™. CrowdStrike will triage the alert to identify if it is a false positive or a true incident and respond accordingly.
- Remediate incidents: Incidents are remediated on your behalf in a timely and efficient manner.
Falcon Complete is for all organizations, including:
- Organizations that are struggling with incident handling, either from a security skillset or capacity perspective, such as teams that are overwhelmed with the volume of alerts that they are facing or they may simply not understand what to do with the alerts once they receive them
- Any organization that doesn’t have a dedicated team of incident handlers or a Security Operations Center (SOC)
- Analyst teams that have shared responsibilities across multiple security domains and may lack the operational ability to effectively leverage the Falcon platform
Falcon Complete serves as a force multiplier, allowing you to focus on architecture and strategy and leave day-to-day security management, monitoring, and response to CrowdStrike.
Falcon Complete starts with the CrowdStrike team of experts that work with you to identify the appropriate security posture for your organization. This assessment is then translated into an agreed-upon security strategy that is implemented by the Falcon Complete team. Upon deployment, the team responds to threats in your environment using the Falcon platform with a customized plan: validating, triaging, containing, eradicating and recovering from incidents.
The Falcon Complete platform is completely cloud-delivered, requiring zero on-premises hardware deployment or outside consulting services fees. Simply deploy the Falcon Complete solution and achieve instantaneous security maturity and protection without the cost of having to do it yourself.
Yes, Falcon Cloud Workload Protection (CWP) Complete is an optional add-on to the core Falcon Complete solution, which provides monitoring and response for static cloud workloads as well as ephemeral cloud workloads and containers. Falcon CWP Complete delivers protection for cloud workloads by combining CrowdStrike’s leading Cloud Runtime Protection (CRP) and Falcon OverWatch™ managed threat hunting, together with the expertise and 24/7 engagement of the Falcon Complete team. Falcon CWP Complete solves the challenge of implementing and running an effective and mature cloud security program without the difficulty, burden and costs associated with building one internally.
Yes, Falcon Complete provides monitoring and response for identities. Falcon Identity Threat Protection Complete is an optional add-on to the core Falcon Complete solution, and is the first and only fully-managed identity threat protection solution delivering frictionless, real-time identity threat prevention and IT policy enforcement, with expert management, monitoring, and remediation. Credential theft and abuse are at the core of many of today’s most prolific cyber threats, and these techniques often happen outside the visibility of modern endpoint protection solutions. With managed Falcon Identity Threat Protection, you’ll receive the automated protection and real-time detection, augmented with expert response, allowing sophisticated threats to be contained and eradicated in minutes, before the breach.
Falcon Complete is the only solution that takes care of all aspects of endpoint, cloud workload and identity security, including remotely remediating incidents with confidence, so you don’t have to. Unlike other providers, who must manage several solutions, Falcon Complete provides a team of experts with years of experience deploying, monitoring and responding to incidents using the Falcon platform. This expertise is combined with a solution that unifies the technologies required to successfully stop breaches. By combining the right experience with the only MDR solution that will take action to remediate an incident, no other solution offers the maturity, efficacy and peace of mind that Falcon Complete delivers.
Falcon Complete includes two key components:
- The Falcon platform: It is the first and only endpoint, cloud workload and identity threat protection solution to unify next-generation AV with best-in-class endpoint detection and response (EDR) and Identity Threat Protection backed by 24/7 managed hunting. Its cloud infrastructure and single-agent architecture take away complexity and add scalability, manageability, and speed.
- Falcon Complete Team: CrowdStrike’s team of security experts have years of security domain expertise and experience with using the CrowdStrike Falcon platform. This enables them to safeguard your environment with unrivaled efficiency and effectiveness.
In responding to threats, the Falcon Complete Team follows the predetermined playbook that has been agreed upon with the customer. The approach used is determined by the customer’s security strategy and event scenario, and covers from detection to network containment and identity-based enforcement actions including remote remediation of detected threats. During remediation, the team remotely accesses the affected system using native Falcon capabilities to surgically remove persistence mechanisms, block abuse of compromised accounts, stop active processes and clear other latent artifacts. Falcon Complete restores systems to their pre-intrusion state without the burden and disruption of reimaging systems.
Falcon Cloud Workload Protection Complete is an optional module that provides MDR for cloud workloads. For workloads that are monitored with the kernel-based Falcon agent, Falcon Complete performs the full range of management, monitoring, threat hunting and surgical remediation services that have always been part of the Falcon Complete service.
Remediation of cloud container-based threats often requires deep access into the CI/CD pipeline and the underlying container images, and is handled by the local DevOps organization. In these instances, the Falcon Complete provides 24/7 monitoring and investigation of threats, as well as comprehensive remediation guidance, enabling DevOps teams to take quick and decisive actions.
Falcon Identity Threat Protection Complete is an optional module that provides MDR for identity-based threats. During the course of an investigation, the Falcon Complete Team may need to take certain countermeasures to respond to an identity-based threat. As the modern threat landscape changes, adversaries are increasingly leveraging compromised credentials to achieve their objectives. The Falcon Complete team follows the predetermined playbook that has been agreed upon with the customer. The approach used is determined by the customer’s security strategy, event scenario and pre-approved actions set out during the onboarding process. These countermeasures include forced authentication (with MFA), blocking the authentication and/or forcing a password reset/change. When the Falcon Complete team needs to implement countermeasures that are not pre-approved, an escalation will be sent for approval.
They are different. Falcon OverWatch works as part of the Falcon platform to provide an additional layer of oversight and analysis to ensure threats aren't missed. The Falcon Complete Team brings your organization to the highest level of security maturity without the burden of building it yourself.
Falcon OverWatch, CrowdStrike’s managed threat hunting solution, comprises an elite team that proactively hunts, investigates and advises on threat activity in your environment. The Falcon Complete Team manages the Falcon platform and works with OverWatch to identify stealthy attacks and remediate incidents before they become breaches.
Falcon Complete works as a force multiplier, providing comprehensive incident handling by monitoring your endpoints, cloud workloads and identities every hour of every day. The team's niche skill set provides a uniquely powerful and efficient approach to security operations. This solution frees your team to focus on other components of your security strategy such as architecture, governance or issues.
Most MSSPs operate by receiving either logs or detection information from your security infrastructure and providing validation and triage services before passing alerts to your team. For many organizations, this not sufficient because it still leaves so much work your team must provide. Falcon Complete provides validation, triage, containment, eradication and recovery services, covering the total incident handling lifecycle and ensuring a comprehensive security solution, not just one component of a solution.
The Falcon Complete Team is comprised of cybersecurity experts with years of experience encompassing all phases of security, including incident responders, consultants and service providers who are passionate about continuously honing and improving their threat analysis skills. These skill sets are tailored for solving the endpoint, cloud and identity-based security problems and their effectiveness and dedication create a truly unique services team.
Falcon Complete can be bundled with your current Falcon platform agreement. Please contact your CrowdStrike sales representative to learn more.
Falcon Complete is licensed on a subscription basis per endpoint. Falcon CWP Complete may be licensed on a subscription basis per managed workload, or on a consumption basis based on the number of compute hours consumed by protected workloads. Falcon Identity Threat Protection Complete may be licensed on a subscription basis per managed account in the protected environment.