CrowdStrike Expands Threat Intelligence Integration with Falcon X Premium
At Black Hat this week, CrowdStrike is announcing Falcon X Premium, which builds on the Falcon X offering by expanding its scope with new features.
CrowdStrike announced that the company has expanded the capabilities of the Falcon X module by launching a Premium version. Falcon X Premium broadens the scope of the Falcon X offering to add intelligence reports with global Indicators of Compromise (IoCs), intelligence support, custom malware analysis, and all Falcon Intelligence APIs. With this release, CrowdStrike further advances the effective application of threat intelligence research and reporting to equip security teams with automated and contextualized intelligence as part of the CrowdStrike Falcon platform.
- Intelligence Reports — Falcon X Premium delivers trusted, in-depth threat intelligence reports from the CrowdStrike Falcon Intelligence team that include real-time threat alerts, technical reports with expert analysis, and strategic reports outlining threats to specific industries, regions and infrastructure.
- Threat Monitoring — This feature provides tailored, automated monitoring that looks for adversary activity against an organization, enabling teams to prioritize resources and effectively respond to impending cyberattacks.
- Expert Malware Analysis — This allows customers to escalate interesting malware samples to a CrowdStrike expert for deeper research or to get a second opinion.
- Intelligence Support — The Falcon Intelligence team ensures it has a clear understanding of customers’ intelligence requirements and that they are successfully onboarded; the team also delivers customized, quarterly reviews.
- YARA/SNORT Rules — Integrating these rules into your security infrastructure keeps you ahead of the latest adversary threats. YARA and SNORT rules created and validated by CrowdStrike experts enable faster responses with fewer false positives.
“CrowdStrike’s integration of contextualized threat intelligence helps us secure our most valuable data and has enabled our security team with the ability to speed up response and incident investigations, enabling us to move from a reactive state to a proactive one.” - Nathan Hunstad, director of security operations, Code42
Cyber Security teams can now automatically analyze the malware found on endpoints, find related samples from the industry’s largest malware search engine, and enrich the results with CrowdStrike’s cyber threat intelligence. This closed-loop system provides customers with global IoCs along with intelligence reporting to give a richer, more complete picture of an attack. With a full understanding of potential and incoming threats, security teams are empowered to respond faster and orchestrate proactive countermeasures across their organization.
As Gartner states, “by 2021, endpoint protection platforms (EPPs) will provide automated, orchestrated incident investigation and breach response.” Falcon X Premium makes this prediction a reality by combining automated intelligence and human analysis to provide unprecedented tailored intelligence, threat alerts, technical reports, customized malware analysis, intelligence orchestration, and an expert team of intelligence advisors.
With this offering, CrowdStrike equips customers with the required intelligence, processes, and technology to empower security teams, regardless of their size or sophistication, to learn from the attacks in their environment and apply that knowledge to proactively prevent future attacks.
“CrowdStrike’s vision has always been to marry the strategic benefits of threat intelligence with the usability and simplicity of our endpoint protection platform to deliver the most effective breach prevention solution on the market." - George Kurtz, CEO, CrowdStrike
CrowdStrike continues to set the new standard in endpoint protection through its innovative AI-enabled, cloud-native platform. It both delivers and unifies IT Hygiene, next-generation antivirus, endpoint detection and response (EDR), managed threat hunting, vulnerability management and threat intelligence — all delivered via a single lightweight agent. Through leveraging the power of the cloud, CrowdStrike offers a free trial of its antivirus replacement solution, CrowdStrike Falcon Prevent, enabling immediate deployments at any time, anywhere.
Additional new features
Additional elements of our summer release include the introduction of Falcon Device Control™; and expanding our Linux capabilities to secure Docker container environments. Also, CrowdStrike is adopting MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
Falcon Device Control
USB devices are widely used but they can cause serious security risks, from carrying malware and exploits to leaking data outside of an environment. Falcon Device Control™ enables the safe utilization of USB devices across organizations by uniquely providing both extensive visibility and granular control over those devices. It offers security and IT operations teams a full understanding of how devices are being used and the ability to precisely control and manages that usage. Seamlessly integrated into the Falcon agent, it provides unparalleled device control efficiency paired with full endpoint detection and response (EDR) capabilities.
Customers using Falcon Device Control have unprecedented visibility into detailed device information and history, increased control on mass storage devices, and greater context into host activity to see what’s happening in environments. This offers administrators the ability to implement insightful controls to protect critical data.