New Falcon platform features simplify threat hunting and provide comprehensive, unified view of threat activity for security teams
Fal.Con 2020 – CrowdStrike Inc. (Nasdaq: CRWD), a leader in cloud-delivered endpoint and workload protection, today announced the availability of contextual enrichment for threat detections via a unified console experience. This new capability seamlessly integrates third-party threat intelligence data with CrowdStrike Falcon® detections and incidents, delivering a comprehensive picture of an organization’s threat landscape.
As cyberattacks have increased in frequency and severity, organizations have responded by adding cumbersome point products to the security stack in an effort to fortify their defenses. This has resulted in complex security operations environments which has hindered organizations’ speed of response in identifying threat activity and hampered their ability to stop breaches.
To address these challenges and the complex process involved with different solutions having their own management consoles and varied threat intelligence data, CrowdStrike has introduced a unified console experience for security teams, where threat intelligence from various vendors enrich detections from the Falcon platform. This provides security teams with complete visibility and richer context of threat detections required to quickly understand, stop and remediate incidents.
"In today’s fast-moving threat environment, organizations cannot afford to waste time triaging incidents in multiple, disparate solutions, before understanding the best course of action to take against a threat actor," said Andy Horwitz, vice president, CrowdStrike® Store Business. "With advanced contextual enrichment on the Falcon platform, we give CrowdStrike customers the ability to better understand alerts and incidents from external data sources. These capabilities remove the complexity and burden of managing multiple feed views and reduce manual investigation and triage work, bringing simplicity and effectiveness to security operations."
Rich intelligence data delivered from CrowdStrike Store partners can be accessed using the cloud-native Falcon platform without requiring security teams to pivot across multiple management consoles, providing a better user experience. Organizations can simply enable the third-party app within the CrowdStrike Store to leverage threat intelligence feeds, such as indicators of compromise (IOCs), for additional context during an incident investigation, streamlining threat operations and significantly increasing the velocity of triage and remediation.
Features and Capabilities:
● Context enrichment: Utilizes threat intelligence data from CrowdStrike partners to enrich security incidents and to correlate and triage alerts faster, accelerating incident investigation and response.
● Time to value: Seamless built-in integrations bring in rich data from other third-party applications regarding IP addresses, domains and hashes to help with faster alert triaging, response and security incident investigation.
● Simplified layered defense: Simplifies security stack with multiple integrated solutions that streamline threat operations and management to get ahead of sophisticated adversaries.
CrowdStrike Store launch partners that will deliver contextual and actionable insights to proactively block threats and enrich protection include DomainTools, OPSWAT, RiskIQ and Sixgill.
Jackie Abrams, vice president of Product, DomainTools: "When defending your network, you need immediate access to the most accurate information to drive prioritization and response. Our CrowdStrike Falcon integration surfaces our predictive risk assessments and DNS intelligence directly to the analyst, empowering Falcon users to make instantaneous decisions on domain indicators—even if they’ve never before been detected in an attack—creating an early warning system for threats looking to gain a foothold."
Taeil Goh, chief technology officer, OPSWAT: "OPSWAT's partnership with CrowdStrike is evolving to the next level where the CrowdStrike Falcon platform is now seamlessly integrated with the MetaDefender Threat Intelligence platform - enhancing a user’s threat analysis process with an extensive multi-scanning report. A user can now activate the integration with a single click on the CrowdStrike Store."
Brandon Dixon, PassiveTotal founder and vice president of Strategy at RiskIQ: "We have deepened our existing strong partnership with CrowdStrike by integrating our Internet Intelligence Graph with internal endpoint data on the Falcon platform to provide one-of-a-kind security intelligence that helps security teams achieve a 360-degree view of their entire attack surface."
Ron Shamir, vice president of products & technology alliances at Sixgill: "It's a very exciting time in threat intelligence. With cyber threats evolving at breakneck speed, so must threat intelligence. The Sixgill and CrowdStrike integration does just that: an automated IOC enrichment solution that delivers real-time contextual insights that enable security teams to preemptively block threats – straight from the CrowdStrike Falcon dashboard."
New Addition to the CrowdStrike Store:
In addition, CrowdStrike introduces a new app available for free trial from Perception Point, called X-Ray. It leverages Falcon threat detections to provide containment and remediation of malicious incidents, offering interception of content-based attacks across different collaboration channels like email, cloud storage, CRM apps, and messaging platforms.
Yoram Salinger, chief executive officer, Perception Point: "Today, once an attacker reaches the endpoint, it’s an incredibly difficult cat-and-mouse game for SOC teams. Now, with X-Ray, Falcon customers are essentially extending Falcon’s threat detection back to the perimeter across all channels. Customers can be confident that an attack will be stopped as quickly as possible, no matter how advanced it is."
CrowdStrike Inc. (Nasdaq: CRWD), a global cybersecurity leader, is redefining security for the cloud era with an endpoint and workload protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints and workloads on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon correlates over 3 trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security.
With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform.
There’s only one thing to remember about CrowdStrike: We stop breaches.
Qualifying organizations can gain full access to Falcon Prevent™ by starting a free trial.
Learn more: https://www.crowdstrike.com/
© 2020 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries. CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services.
View source version on businesswire.com: https://www.businesswire.com/news/home/20201014005379/en/
Ilina Cashiola, 202-340-0517