“It has been an unparalleled year of customer-focused innovation at CrowdStrike. We are innovating relentlessly across the entire platform to make it easier for customers and partners to build on this foundation – efforts that are yielding the amazing cloud, observability, XDR and threat hunting capabilities we’re sharing this week at Fal.Con,” said Amol Kulkarni, chief product officer at CrowdStrike. “We are now initiating over 500 deployments every week and 100 new releases per year, and we’re just getting started.”
During Fal.Con 2021, CrowdStrike unveiled the following:
Humio’s Community Edition
Humio Community Edition is the only free offering of its size in the industry designed to bring the power of Humio’s streaming observability to everyone. Available immediately, the new offering enables users to ingest 16 GB of data per day and retain the data up to seven days – all while giving users ongoing access with no limited trial period. Additionally, customers can ingest and use their Falcon Data Replicator (FDR) data within Humio Community Edition showing the power of CrowdStrike Falcon and Humio together. This allows customers to stream data at scale and in real-time, helping teams to prevent, recover from, and quickly understand the root cause of incidents.
Falcon XDR
CrowdStrike’s new Falcon XDR module extends CrowdStrike’s industry leading endpoint detection and response (EDR) capabilities to deliver real-time detection and automated response across the entire security stack. Falcon XDR provides security teams with a faster way to respond, contain and remediate sophisticated attacks and enables defense in depth with shared telemetry, improves security efficacy and accelerates response by automating complex workflows.
CrowdXDR Alliance
The CrowdXDR Alliance is a groundbreaking partnership with industry leaders to establish a common XDR language for data sharing between security tools and processes. The CrowdXDR Alliance launch partners include Google Cloud, Okta, ServiceNow, Zscaler, Netskope, Proofpoint, Extrahop, Mimecast, Claroty and Corelight. The Alliance, with security and IT leaders from industries spanning cloud, web, email, identity, network, OT and IT operations, overcomes the traditional lack of standards for data sharing across security platforms that can create gaps in investigations and threat hunting. The goal of the alliance is to ensure that EDR data is enriched with the most relevant, vendor-specific security telemetry to extend detection and response across an integrated security stack.
Falcon Fusion
CrowdStrike Falcon Fusion will be available for free for all Falcon Prevent™ and Falcon Insight™customers, extending support to under-pressure SOC teams. Falcon Fusion provides rich contextual insights and valuable customization to modernize security teams, enabling them to deploy repeatable workflows at scale. Falcon Fusion helps customers stop breaches by staying ahead before lateral movement takes place. It enables customers to automate processes that shouldn’t require human involvement. This increases the efficiency and efficacy of the SOC team so they can focus their time on tasks that can’t be automated. It helps streamline security analyst workflows by automating actions around specific and complex scenarios with an intuitive, no-code easy to use interface.
Falcon FileVantage
Falcon FileVantage is a new solution that streamlines the security stack and offers full visibility on critical file, folder and registry changes. Falcon FileVantage offers central visibility for malicious changes in databases in real-time and comprehensively monitors all critical files and systems through modernized workflow policies, adding valuable detection context. Central visibility combined with insights from threat intelligence empowers security teams with the ability to move fast, pinpointing potential adversary activity within IT environments, allowing for quick prioritization of remediation efforts around affected files. FileVantage uses the customer’s existing Falcon sensor so there are no additional agents to deploy, while the Falcon Platform’s collect once, use multiple times approach ensures low overhead on the system. This enables SOC teams to track changes, at a granular level and run operations more efficiently.
ExPRT.AI for Falcon Spotlight
ExPRT.AI or Exploit Prediction Rating for Falcon Spotlight uses artificial intelligence (AI) to offer a dynamic-based threat context score to improve the prioritization of vulnerabilities. ExPRT.AI allows customers to more effectively prioritize vulnerabilities to improve their overall security posture and reduce risk. This new capability additionally diminishes the time needed to prioritize network vulnerabilities by predicting which pose the most risk for an organization, while also providing improved remediation.
The new rating system relies on an AI model, which uses a sophisticated algorithm to identify and prioritize cyber threats. It produces this algorithm by collecting data from various sources, including CrowdStrike’s threat intelligence database. The AI then identifies which vulnerabilities pose the greatest risk for an organization by redistributing the most time-sensitive vulnerabilities for an organization’s IT staff to patch first. This rating system also relies on the ExPRT.AI model for greater remediation prioritization beyond what the standard Common Vulnerability Scoring System (CVSS) currently supports.
Falcon CWP Complete
Powered by the CrowdStrike Falcon® platform, Falcon Cloud Workload Protection (CWP) Complete is the first and only fully-managed Cloud Workload Protection solution, delivering 24/7 expert security management, threat hunting, monitoring, and response for cloud workloads. Backed by CrowdStrike’s industry-leading Breach Prevention Warranty, this solution provides managed detection and response (MDR) for cloud workloads and containers, enabling teams to build, run and secure applications with speed and confidence. Falcon CWP Complete delivers unparalleled security for cloud workloads by combining CrowdStrike’s leading Cloud Runtime Protection (CRP) and Falcon OverWatch™ managed threat hunting, together with the expertise and 24/7/365 engagement of the Falcon Complete team. Falcon CWP Complete solves the major pain point of implementing and running an effective and mature cloud security program without the challenges, burden and costs associated with building one internally.
UIPath Partnership
CrowdStrike and UiPath (NYSE: PATH), a leading enterprise automation software company, have partnered to deliver a new level of security protection and visibility with the UiPath Robotic Process Automation (RPA) platform and the CrowdStrike Falcon® platform. UiPath and CrowdStrike, leaders in their respective fields, are the first RPA and Endpoint Security vendors to come together to extend endpoint security to RPA, enabling full visibility to enhance protection and speed of response. Together, CrowdStrike and UiPath automatically detect threat activity, whether initiated by humans or robots, to grant security teams real-time visibility across environments and enable proactive responses. The ability to quickly and easily distinguish between an RPA-initiated process and a human-initiated process will provide security teams with real-time visibility across the environment for proactive threat hunting, incident investigation and remediation.