X

Our website uses cookies to enhance your browsing experience.

Please note that by continuing to use this website you consent to the terms of our Privacy Policy.

CONTINUE TO SITE >
Products & Services
Falcon Pro
Falcon Enterprise
Falcon Premium
Falcon Complete
Small Business Solutions
Switching From Symantec?
Incident Response Services
Proactive Services
Experienced a Breach?
Endpoint Protection Platform Overview
Falcon For AWS
CrowdStrike Falcon FAQ
Platform Demos
Visit the CrowdStrike Store
CrowdStrike University
Why Crowdstrike
Industry Validation
Our Customers
Third-Party Tests
Compliance & Certifications
Finance
Public Sector
Retail
Health Care
Company
Executive Team
Board of Directors
Investors
Corporate Brochure
News
CrowdStrike & F1 Racing
Code of Ethics/Compliance
Falcon Fund
Sales & Marketing
Engineering & Technology
Professional Services
HR, Finance, & Legal
Intel & R&D
Internships
View Open Positions
Cybersecurity
Threat Hunting
Fal.Con Unite 2020
Partners
Technology Partners
Systems Integrators
Managed Service Providers
Solution Providers
Partners Login
Cloud Platforms
Amazon Web Services
Google Cloud Platform
Resources
Case Studies
CrowdCasts On Demand
Data Sheets
Free Tools
Reports
Videos
Getting Started with Falcon
How to Install the Falcon Agent
How to Quarantine an Endpoint
How to Hunt for Threat Activity
Access to CrowdStrike APIs
How to Integrate with your SIEM

Case Studies | RESOURCES

Click here to download as PDF

SERVICES | INCIDENT RESPONSE | PROACTIVE SERVICES

Industry

OIL AND GAS

Falcon Host Deployment

MORE THAN 100,000 ENDPOINTS

Key Benefits

  • Ability to detect and prevent “unknown unknowns” spanning the complete attack timeline
  • Real-time, in-depth visibility into endpoints operating on or off the network
  • Reduction in alert fatigue by filtering out “noise” and allowing the security team to focus on what is truly important and worthy of attention

Services Used

  • Falcon Host
  • Falcon Overwatch
  • Falcon DNS
  • Falcon Intelligence – Premium

Why CrowdStrike

  • Better efficacy with respect to detection and prevention of unknown threats
  • Development of specific functionality to address unknown hash propagation
  • Ability to quickly deploy without disruption and, regardless of the organization’s size, provide real-time visibility and results

Summary

The customer is a leading global oil and gas company. They operate a full stack of security products, but they wanted to have more robust endpoint protection. They also needed much better visibility into and prevention against sophisticated attacks across the full spectrum of the kill chain. Specifically, they wanted alerting on new unknown hashes propagating throughout their environment. As a result, the company turned to Falcon Host to provide the extensive prevention, detection and visibility they needed, especially for sophisticated unknown attacks.

The Challenge

The customer lacked unhindered visibility into attacker activity on their endpoints. They needed the ability to see both signature- and non-signature-based attacks in real time, and the ability to contain those attacks. The customer also needed real-time alerting whenever new “unknown unknowns” were executing or propagating across their environment. Furthermore, they wanted the ability to prevent these events in real time. They had a well defined and resourced security operation that wanted to alleviate “alert fatigue” and focus on the most urgent threats targeting their environment. In addition, they wanted to augment those resources with proactive threat hunting to detect possible threats at an earlier stage and prevent attacks from succeeding. Given the size and complexity of their global operations, the customer needed the ability to fine-tune and completely control prevention settings and capabilities on their endpoints.

The Solution

The customer looked at a variety of endpoint solutions, but only Falcon Host was able to provide real-time answers to the question, “What is running in my environment that is unknown?” Falcon Host was able to provide the customer with real-time alerts indicating when unknown threats were executing in or propagating across the enterprise, allowing the customer to prevent these unidentified threats from executing and compromising the environment. The ability to deploy quickly with no endpoint impact, no on-premise infrastructure and with full visibility across on- and off-network machines were all major factors in the customer’s decision. Detecting adversary behaviors across the attack timeline also set Falcon apart from competing endpoint solutions. Finally, to further augment the their own internal security resources, they took advantage of the 24/7 proactive threat “hunting” capabilities provided by the Falcon Overwatch team.

The Results

CrowdStrike worked with the customer to ensure that they were alerted whenever new unknown hashes began to propagate in their environment. This was taken a step further with the ability to escalate alerts based on the rate of propagation.

CrowdStrike

www.crowdstrike.com | 15440 Laguna Canyon Road, Suite 250, Irvine, CA 92618