CrowdStrike Falcon® Intelligence Premium FAQ

CrowdStrike Falcon® Intelligence Premium is CrowdStrike’s premier threat intelligence subscription that enables organizations to predict and prevent nation-state, eCrime and hacktivist attacks. CrowdStrike Falcon® Intelligence Premium provides security operations center (SOC), incident response (IR) aand cyber threat intelligence (CTI) teams with everything they need to quickly detect, understand and take action against today’s most sophisticated cyber threat actors.

CrowdStrike Falcon® Intelligence Premium includes everything in the standard CrowdStrike Falcon® Intelligence subscription and expands the focus to include daily threat alerts, finished intelligence reports and global threat research.

To differentiate between threat intelligence solutions, begin by looking at the sources of information used to generate the intelligence. Since vendors have access to different information, the way they collect and analyze that data has a profound impact on the intelligence they produce.

CrowdStrike uses an “all source” method of data collection to make threat intelligence assessments, which means data can come from everywhere and across multiple disciplines. A critical data source, the CrowdStrike Falcon® platform, is unique to CrowdStrike Falcon® Intelligence Premium.

The CrowdStrike Security Cloud gathers information from millions of protected endpoints across 176 countries, collecting trillions of events per day. These events provide visibility into how adversaries operate worldwide in real time. CrowdStrike uses this data to assess trends and behaviors and expose adversaries’ motives and intent, capabilities and infrastructure, and tactics, techniques and procedures (TTPs). In addition, CrowdStrike employs a broad data collection strategy that harvests data from the technical processing of millions of malware samples, incident response engagements, forensics analysis, honeypots and honeynets, network telemetry, web forums, human intelligence gathering, open source and much more.

To analyze this data and create intelligence, a world-class team is required. The CrowdStrike Intelligence team is a pioneer in adversary analysis, tracking more than 160 cybercrime, espionage and hacktivist groups, studying their intent and analyzing their tradecraft. This team of threat intelligence analysts, security researchers, cultural experts and linguists uncovers unique threats and provides groundbreaking research that fuels CrowdStrike’s ability to deliver proactive security that dramatically improves security posture.

Threat intelligence benefits organizations of all sizes and across all industries by helping them better understand the cybersecurity risks they face. CrowdStrike Falcon® Intelligence Premium offers unique advantages in the following areas:

• SOC Teams: Accelerates alert triage and simplifies incident analysis
• IR Teams: Eliminates manual threat investigations
• CTI Teams: Delivers threat research and visibility, while improving situational awareness
• Vulnerability Management Teams: Helps prioritize patching activity
• Information Technology: Improves the effectiveness of existing security controls
• Leadership: Informs risk management and security decision-making

No. While CrowdStrike EPP modules are recommended and proven to stop breaches, they are not a requirement. All organizations can benefit from CrowdStrike Falcon® Intelligence Premium’s comprehensive capabilities.

CrowdStrike Falcon® Intelligence Intelligence offers tiered levels of service, enabling organizations to choose the option that best fits their business requirements and resources:

– CROWDSTRIKE FALCON® INTELLIGENCE: Built on the CrowdStrike Falcon® platform, CrowdStrike Falcon® Intelligence brings endpoint protection to the next level by combining malware sandboxing, malware search and threat intelligence into one integrated solution. CrowdStrike Falcon® Intelligence performs automated threat investigations within seconds rather than hours or days — enabling better and faster security decisions.

– CrowdStrike Falcon® Intelligence Premium: This includes all CrowdStrike Falcon® Intelligence capabilities and adds global threat research and reporting from the CrowdStrike Intelligence team. CrowdStrike Falcon® Intelligence Premium includes daily threat alerts, comprehensive intelligence reports and global threat research. CrowdStrike Falcon® Intelligence Premium delivers a combination of world class technology and thousands of intelligence reports each year so you can stay ahead of rapidly evolving adversarial tradecraft.

– CrowdStrike Falcon® Intelligence Elite: This option delivers threat intelligence expertise and expanded capabilities to CrowdStrike Falcon® Intelligence Premium subscribers. As an Elite program customer, you are assigned a CrowdStrike threat intelligence analyst with vast experience battling nation-state and eCrime adversaries. The CrowdStrike Falcon® Intelligence Premium Elite analyst acts as a member of your team, ensuring you have actionable, relevant and timely visibility into threats that matter most, including those to your organization, sector and region.

CrowdStrike Falcon® Intelligence Premium includes a variety of malware analysis options:

• CrowdStrike Falcon® Intelligence Premium processes an unlimited number of PE files (such as .EXEs, .DLLs, etc.) quarantined by Falcon Prevent.
• You can submit an additional 500 files per month for automated malware analysis. If you need more than 500 files, the CrowdStrike Falcon® Intelligence Expansion Pack increases the quota up to 25,000 files per month. Contact sales@crowdstrike.com for more information.
• CrowdStrike Falcon® Intelligence Premium includes the ability for you to escalate malware to a CrowdStrike expert for in-depth research. You can submit up to five files per month for human expert analysis.

YARA and SNORT rules increase the ability to detect sophisticated attacks by identifying malware from a behavioral or infrastructure standpoint, rather than relying on signatures. YARA rules can be ingested into tools such as threat intelligence platforms to identify and classify malware families and find related threats. In a similar fashion, SNORT rules can be used with intrusion detection systems (IDS) to augment alerting.

YARA and SNORT rules are used by automated systems, and therefore they must be crafted by experts to ensure precision and eliminate false positives. CrowdStrike expertly crafts and tests YARA and SNORT rules so you can identify emerging, sophisticated threats with confidence.

Yes. CrowdStrike Falcon® Intelligence Premium includes a comprehensive set of easy-to-use APIs and pre-built integrations to orchestrate SIEMs, threat intelligence platforms, IDS systems, firewalls, proxy servers, network systems and more. The available APIs provide real-time access to IOCs, actor profiles, intelligence reports, tailored intelligence, malware analysis and YARA/SNORT rules.

Yes. Available separately, CrowdStrike Falcon® Intelligence Premium Request for Information (RFI) Packs provide up to five RFIs. An RFI is a request for threat intelligence research on a specific topic of your choosing. For example, if your organization is looking to implement a two-factor authentication solution, you may want to know “What threats or vulnerabilities exist in two-factor authentication?” to help guide your purchasing decision. You can submit this question as an RFI, and CrowdStrike will assign a domain expert, perform research on your behalf and deliver a custom intelligence response.

Each CrowdStrike Falcon® Intelligence Premium RFI Pack includes up to five RFIs that can be used throughout the term of the CrowdStrike Falcon® Intelligence Premium subscription. If you exhaust the allotment of five RFIs, additional packs are available for purchase. Please contact Sales for more information.

CrowdStrike Falcon® Intelligence Premium is licensed on a subscription basis per endpoint or company size . Pricing starts at $25.00 per endpoint, per year (minimums apply). For more information, please contact us.