Intelligence enables action against cyber threats
KNOWLEDGE EMPOWERS ACTION AGAINST THREATS
Implementing threat intelligence profoundly transforms an organization's security posture, enabling a security team to understand and effectively predict the cyber threats that imperil an organization’s key assets. Empowering organizations to anticipate who may attack next, and how, allows security teams to focus on prioritizing resources so they can respond effectively to future cyberattacks.
CrowdStrike® Falcon X™ delivers the critical intelligence you need, while eliminating the resource-draining complexity of incident investigations. It takes antivirus (AV) and endpoint detection and response (EDR) alerts to the next level by not only showing what happened on the endpoint, but also revealing “the who, why and how” behind the attack. Understanding the threat at this level is the key to getting ahead of future attacks and raising the cost to the adversary.
Security teams can now automatically investigate all incidents that reach their endpoints and orchestrate defenses to proactively prevent future attacks. This level of automation, enriched with the expertise of the global CrowdStrike Falcon® Intelligence™ team, enables all security teams, regardless of size or sophistication, to finally make proactive security a reality.
Current State of Threat Intelligence
Legacy, signature-based endpoint detection systems will not stop the most advanced persistent threat (APT) actors. In addition, while a variety of threat intelligence feeds exist, attempts to identify which threats truly require attention takes time away from other important security investigation and incident response tasks that security teams must perform.
Simply put, there’s a lot of noise and firefighting that can be reduced by focusing on the most relevant threats — the ones that reach your endpoints. Gartner states, “By 2021, endpoint protection platforms (EPPs) will provide automated, orchestrated incident investigation and breach response.” CrowdStrike is making this prediction a reality by offering the first fully integrated threat intelligence and endpoint protection platform.
Falcon X delivers custom indicators of compromise (IOCs) that are derived from the automated analysis of threats taken directly from your endpoints. Custom IOCs include protection against the threat you just encountered plus related threats within the same campaign or malware family. This exclusive capability leads to a deeper understanding of the threat and a custom set of countermeasures to defend against future attacks.
Using a variety of collection methods, including human intelligence gathering (HUMINT), the dark web, and other sources, the global CrowdStrike Falcon Intelligence™ team gathers, analyzes and reports on over 110 threat actors that operate around the world. The team identifies:
- Targeted industries and verticals
- Geographic areas of operation
- Key tactics, techniques and procedures (TTPs)
This process delivers key assets and capabilities that:
- Empower your security team with insights that strengthen your organization’s security posture
- Deliver comprehensive adversary and threat analysis combined with threat indicators providing visibility and insight into future threats
Falcon X compliments CrowdStrike Falcon® endpoint protection by providing access to global threat research and reporting from the CrowdStrike Falcon Intelligence team.
CrowdStrike Falcon customers also can correlate attack detection in real time to learn which specific methods threat actors are using, leveraging complete, integrated threat intelligence to better defend against the next intrusion.
BENEFITS OF THE
The more a security team knows, the better it can defend against and stop the next breach. A Falcon X subscription provides the means to see what's around the next corner and enables security teams to:
- Automate investigations
- Predict attacks
- Orchestrate and prioritize responses
- Learn from prior attacks
- Generate informed c-level reporting
As a CrowdStrike Falcon X customer, you receive a seamlessly integrated solution, ensuring that if the product detects a threat associated with an adversary, you automatically have access to more information about that adversary. This information, obtained by enabling searches for other indicators of compromise (IOCs) associated with the adversary, provides a better understanding of your exposure to the threat. This level of integration also speeds threat hunting and shortens investigation cycles.
CUSTOMER SUCCESS STORIES
BY PROVIDING THE INFORMATION YOUR ATTACKERS WOULD PREFER TO KEEP HIDDEN, FALCON INTELLIGENCE GIVES SECURITY TEAMS THE EDGE NECESSARY TO BE MORE EFFECTIVE IN STOPPING CYBERATTACKS.
"I know I’m going to be alerted to trouble on the network — at headquarters or in a field office — immediately. With recommendations that will stop an attack in its tracks and actionable intelligence on the adversary we’re facing, my team is a lot more effective."
Geoff Merck | Director of IT and Telecom
International Republican Institute (IRI)