Falcon for Public Sector FAQ

Falcon is the CrowdStrike platform purpose-built to stop breaches via a unified set of cloud-delivered technologies that prevent all types of attacks — including malware and much more. Today’s sophisticated attackers are going “beyond malware” to breach organizations, increasingly relying on exploits, zero-days and hard-to-detect methods such as credential theft and tools such as PowerShell that are already part of the victim’s environment or operating system. CrowdStrike Falcon responds to those challenges with a powerful yet lightweight solution that unifies next-generation antivirus (NGAV), endpoint detection and response (EDR), cyber threat intelligence, managed threat hunting capabilities and security hygiene — all contained in a tiny, single, lightweight sensor that is cloud-managed and delivered.

The extensive capabilities and modular approach of the CrowdStrike platform allow customers to seamlessly replace many existing products and capabilities to reduce cost, risk and complexity. While not an exhaustive list, the following capabilities are frequently consolidated and replaced by CrowdStrike customers:

• Traditional antivirus
• Host intrusion prevention system (HIPS) and/or exploit mitigation solutions
• Forensic tools
• User behavioral tools
• Endpoint detection and response (EDR) tools
• Indicator of compromise (IOC) search tools
• Traditional sandboxes/dynamic analysis tools
• Log analysis tools
• Managed detection and response services
• Threat intelligence offerings
• Vulnerability management tools
• IT hygiene tools
• Remote remediation tools

Yes. CrowdStrike’s unique, lightweight kernel-based sensor is optimized for VDI and other forms of virtualized and cloud workloads including containers. CrowdStrike’s resource-friendly sensor requires ~1% CPU utilization with negligible IOPS consumption and zero scanning. CrowdStrike offers a publicly available, no-cost utility to compare resource consumption with existing legacy security sensors, available here: https://www.crowdstrike.com/replaceav/

The CrowdStrike platform aligns very well with Center for Internet Security (CIS) top 20 controls, covering most of the control areas holistically through both technology and expertise, with CrowdStrike uniquely enabled to provide customer compliance outcomes through unparalleled visibility. Please contact your CrowdStrike representative for further consultation on how CrowdStrike can meet your specific organizational needs.

CrowdStrike is the pioneer in cloud-delivered endpoint protection. CrowdStrike Falcon has revolutionized endpoint security by being the first and only solution to unify next-generation antivirus, endpoint detection and response (EDR), and a 24/7 threat hunting service — all delivered via a single lightweight agent. Using its purpose-built, cloud-native architecture, CrowdStrike collects and analyzes more than 30 billion endpoint events per day from millions of sensors deployed across 176 countries. The unique benefits of this unified, lightweight approach include immediate time-to-value, better performance, reduced cost and complexity, and better protection that goes beyond detecting malware — to stop breaches before they occur. These capabilities are based on a unique combination of prevention technologies such as machine learning, indicators of attack (IOA), exploit blocking, unparalleled real-time visibility and 24/7 managed hunting to discover and track even the stealthiest attackers before they do damage.

Yes. Falcon is a proven cloud-based platform enabling customers to scale seamlessly with no performance impact across large and disparate environments. The platform’s “frictionless” deployment has been successfully verified across enterprise environments containing significantly more than 100,000 endpoints, and it is not uncommon for customers to deploy to 100,000+ environments over a day or two.

Yes, the lightweight Falcon sensor that runs on each endpoint includes all of the prevention technologies required to protect the endpoint, whether it is online or offline. These technologies include machine learning to protect against known and zero-day malware; exploit blocking; hash blocking; and CrowdStrike’s behavioral artificial intelligence heuristic algorithms, known as indicators of attack (IOAs). Eliminating signatures allows the Falcon sensor to protect endpoints and cloud workloads without a persistent connection.

Yes. CrowdStrike Falcon allows organizations to confidently replace their existing legacy AV solutions and is fully certified to do so. Falcon incorporates identification and prevention of known malware with machine learning, exploit prevention and advanced behavioral techniques, protecting you from not only malware but from the full spectrum of attacks, including malware-less threats.

Falcon Prevent uses a wide array of complementary prevention and detection methods to protect against ransomware, including:

• Detection and blocking of known ransomware
• Exploit blocking that stops the execution and spread of ransomware via unpatched vulnerabilities
• Machine learning for detection of previously unknown “zero-day” ransomware attacks
• Indicators of attack (IOAs) to identify and block additional unknown ransomware, while protecting against new categories of ransomware that do not use files to encrypt victim systems
• Threat intelligence garnered from CrowdStrike’s massively scalable platform, incident investigations and active tracking and hunting of 140+ nation-state and e-crime adversaries

Yes. CrowdStrike Falcon is equally effective against attacks occurring on disk or in memory. The platform continuously watches for suspicious processes, events and activities, wherever they may occur.

Yes. CrowdStrike Falcon is designed for and used extensively for incident response (IR) missions. Falcon disrupts the traditional manual and resource-intensive way that IR has been carried out in the past. Falcon ultimately reduces the need for IR, while providing near real-time visibility of endpoints and their associated activity to gain instant access to the “who, what, when, where and how” of an attack without having to perform additional resource-intensive tasks or try to recover data cleaned up by the adversary. The cloud-based architecture of the Falcon platform enables significantly faster incident response and remediation times, especially when it comes to rolling out the capability and realizing immediate value to organizations of any size.

Yes. CrowdStrike Falcon can either replace or complement your existing security toolset(s). The Falcon platform has an extensive and secure application programming interface (API) to facilitate frictionless integration with existing toolsets, allowing for the most flexible and efficient approach to meet your organization's needs.

Yes. CrowdStrike Falcon’s capabilities support real-time and retrospective visibility across every endpoint in your organization, no matter where they are located, with threat detection and prevention at every stage in the attack lifecycle.

Yes. In addition to industry-leading endpoint security capabilities and built-in workflows and automation, CrowdStrike’s real-time data-centric approach is an excellent complement for just about any modern IT workflow or initiative. CrowdStrike has numerous partnerships with industry leaders and solution providers, and the Falcon platform helps organizations realize maximum efficiency and value from their own telemetry.