Falcon Host Deployment
MORE THAN 100,000 ENDPOINTS
- Increased security at the endpoint and throughout the organization
- Instant access to forensics information
- Improved visibility across the entire environment
- Improved efficacy with respect to detection and prevention
- The ability to quickly deploy across a large environment without disruption of operations, and zero impact on endpoint performance and user productivity
- A holistic offering that includes complete endpoint protection, 24/7 managed hunting, integrated threat intelligence and professional services to help them prepare for and respond to future security incidents
This Fortune 1000 company is a leading diversified insurance benefits provider. The organization was concerned about the increasing number of high-profile breaches involving insurance industry targets. The customer first turned to CrowdStrike to get intelligence on adversaries actively targeting their sector. This led them to retain CrowdStrike to conduct penetration testing of their environment. The tests provided insight into deficiencies with their current endpoint protection tools. As a result, the company turned to Falcon Host endpoint protection to provide the extensive prevention, detection and visibility they needed.
Insurance was and is very much in the cross-hairs for adversary activity, as evidenced by a number of recent high-profile breaches. The customer wanted to gain more insight and visibility into potential attackers and their tools, techniques and procedures (TTPs). The customer’s Board of Directors and CISO asked for a penetration test to be conducted, and requested that it be completed within two weeks. Mimicking the TTPs of known actors targeting insurance companies, the CrowdStrike Services team uncovered gaps in the security posture and ineffective endpoint protection, and suggested ways to correct those deficiencies. As a result, it became clear that the company’s current vendor could not provide the prevention capabilities they required. Furthermore, detection and visibility were incomplete, and it took far too long (circa 45 days) for their current tool to gather data and make it available to the customer’s Security Operation Center.
The customer began an evaluation of CrowdStrike and quickly decided to deploy Falcon Host for visibility, detection, prevention, protection and forensics on its endpoints and servers. On servers that were running the previously deployed solution, replacement with Falcon Host has allowed them to reclaim 5 to 8 percent of CPU utilization. The customer also implemented Falcon Intelligence to give them ongoing visibility into the threat landscape, which they are using it drive risk management and mitigation efforts. The customer continues to use CrowdStrike proactive services and has an incident response (IR) retainer in place with CrowdStrike.
The decision to deploy Falcon Host allows the company to be better protected against the escalating number of targeted threats and malware. Continuous monitoring and recording of all activity on endpoints and servers means that this Fortune 1000 company, like CrowdStrike customers of all sizes, can focus on its primary business and the customers it serves, while still providing the highest level of security available today.
Products and Services in Use
Falcon Host, Falcon Overwatch, Falcon Intelligence – Premium, CrowdStrike Next Generation Penetration Testing and IR Services
www.crowdstrike.com | 15440 Laguna Canyon Road, Suite 250, Irvine, CA 92618