Cloud

4/16/2018
11:30 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CrowdStrike Introduces New Automated Threat Analysis Solution to Deliver Predictive Security

CrowdStrike Falcon X automates threat analysis, delivering customized IOCs, intelligence and Next-Gen Security Operations Center (SOC) automation to large and small organizations alike.

Sunnyvale, CA – April 16, 2018 – CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that it has expanded the capabilities of the CrowdStrike Falcon® platform by introducing a new threat analysis subscription module, CrowdStrike Falcon X™.

In today's threat environment, it is critical to add predictive security controls by learning from your encounters with cyber threat actors. However, most security teams lack the resources or the expertise to effectively adopt this emerging approach. As a result, they are stuck in a reactive state and can’t get ahead of future threats. CrowdStrike Falcon X solves this problem by automating threat analysis and delivering customized and actionable intelligence so that organizations can implement proactive defenses.

Built on the CrowdStrike Falcon platform, CrowdStrike Falcon X brings endpoint protection to the next level by combining malware sandboxing, malware search and threat intelligence into an integrated solution that can perform comprehensive threat analysis in seconds instead of hours or days. The output of this analysis is a unique combination of customized indicators of compromise (IOCs) and threat intelligence designed to help prevent against threats your organization faces now and in the future. Falcon X is the only solution that produces IOCs for both the threat that was actually encountered in your organization and all of its known variants, and immediately shares them with other security tools like firewalls, gateways and security orchestration tools via API. CrowdStrike Falcon X also provides integrated threat intelligence alongside its security alerts to accelerate incident research, streamline the investigative process and drive better security responses.

With this Spring Platform release, CrowdStrike empowers customers of all sizes to better understand the threats they face and improve the efficacy of their other security investments with actionable and customized intelligence. With this new capability, customers can finally pivot from a reactive security posture to a proactive one, mitigating their risk exposure and enhancing their ability to stop breaches.

“Most incident response teams have to manually analyze the threats they face with limited visibility into the targeted threat intelligence behind them. With CrowdStrike Falcon X, we elevate customers’ abilities to perform better analysis when a threat is detected and correlate it with strategic and tactical intelligence quickly, cutting down investigation time from hours and even days to seconds. Through this automation, we help smaller teams achieve a level of protection that would normally be out of reach, and we help larger teams make each of their analysts more effective. Falcon X provides all security teams with more comprehensive threat analysis to inform effective, prioritized response options, making remediation efforts more strategic and efficient,” said Dmitri Alperovitch, CrowdStrike’s co-founder and chief technology officer. 

CrowdStrike Falcon X stands out with the following capabilities:

●       Automatic Threat Analysis — All files quarantined by CrowdStrike Falcon endpoint protection are automatically investigated by Falcon X. This automation drives breakthrough efficiency gains for security operations teams, elevates the capabilities of all security analysts and unlocks critical security functionality for organizations without a security operations center. 

●       Malware Analysis — Falcon X enables in-depth analysis of unknown and zero-day threats that goes far beyond traditional approaches. Powered by the Falcon Sandbox, it employs a unique combination of static,dynamic and fine-grained memory analysis to quickly identify the evasive threats other solutions miss.

●       Malware Search — Connects the dots between the malware found on your endpoints and related campaigns, malware families or threat actors. Falcon X searches CrowdStrike Falcon Search Engine, the industry's largest malware search engine for related samples and within seconds expands the analysis to include all files and variants, leading to a deeper understanding of the attack and an expanded set of IOCs to defend against future attacks.

●       Threat Intelligence —Actor attribution exposes the motivation and the tools, techniques and procedures (TTPs) of the attacker. Practical guidance is provided to prescribe proactive steps against future attacks and stop actors in their tracks.

●       Customized Intelligence — Falcon X automatically produces intelligence specifically tailored for the threats you encounter in your environment. Customized IOCs are immediately shared with other security tools via API, streamlining and automating the protection workflow. Cyber threat intelligence relating to the encountered attack is displayed alongside the alert, making it quick and easy for analysts to understand the threat and take action.

“CrowdStrike technology has proven to be a key security resource to help our team analyze cyberthreats and prioritize the most critical malicious behavior for faster remediation,” said Edward Ganom, chief information security officer at the Commercial Bank in Qatar. “CrowdStrike Falcon has proven time and time again its ability to accelerate the threat detection and response process and integrate actionable intelligence to better protect our environment against cyberattacks.”

According to a Gartner Strategic Planning Assumption, by 2021, at least one company will publicly acknowledge a $1 billion revenue impact from a business outage resulting from a malware/ransomware attack. Gartner states, “To counteract this growth, companies will need not only to increase their proactive defenses, but also to speed up their time to react, repair damaged data and return systems to operational states. Holistic attack detection platforms that analyze data from endpoints, internal infrastructure and external resources become vital to decrease the time to detect and recover.”*

The CrowdStrike Falcon platform leverages machine learning and behavioral analytics, trained on processing over 100 billion security events a day, to enable reliable prevention, detection, mitigation and response to all threats, including malware-free intrusions. With the launch of Falcon X, customers can now prevent, detect, respond to and predict cyberthreats, all through one cloud-native platform.

1.Gartner, “Predicts 2018: Security and Risk Management Programs,” Rob McMillan, Jeffrey Wheatman, et al., 16 November 2017.

For more information about the CrowdStrike Spring Platform launch, read a blog by George Kurtz, CrowdStrike’s CEO, here.

Visit CrowdStrike during the RSA Conference 2018 at booth #941 Moscone South to see presentations and demos and meet with CrowdStrike security experts.

About CrowdStrike®

CrowdStrike is the leader in cloud-delivered endpoint protection. Leveraging artificial intelligence (AI), the CrowdStrike Falcon® platform offers instant visibility and protection across the enterprise and prevents attacks on endpoints on or off the network. CrowdStrike Falcon deploys in minutes to deliver actionable intelligence and real-time protection from Day One. It seamlessly unifies next-generation AV with best-in-class endpoint detection and response, backed by 24/7 managed hunting. Its cloud infrastructure and single-agent architecture take away complexity and add scalability, manageability, and speed.

CrowdStrike Falcon protects customers against all cyberattack types, using sophisticated signatureless AI and Indicator-of-Attack (IOA) based threat prevention to stop known and unknown threats in real time. Powered by the CrowdStrike Threat Graph™, Falcon instantly correlates over 100 billion security events a day from across the globe to immediately prevent and detect threats.

There’s much more to the story of how Falcon has redefined endpoint protection but there’s only one thing to remember about CrowdStrike: We stop breaches.

You can gain full access to CrowdStrike Falcon Prevent™ by starting your free trial here.

Learn more: https://www.crowdstrike.com/

Follow us: Blog | Twitter

 

© 2018 CrowdStrike, Inc. All rights reserved. CrowdStrike®, CrowdStrike Falcon®, CrowdStrike Threat Graph™, CrowdStrike Falcon Prevent™, Falcon Prevent™, CrowdStrike Falcon Insight™, Falcon Insight™, CrowdStrike Falcon Discover™, Falcon Discover™, CrowdStrike Falcon Intelligence™, Falcon Intelligence™, CrowdStrike Falcon DNS™, Falcon DNS™, CrowdStrike Falcon OverWatch™, Falcon OverWatch™, CrowdStrike Falcon Spotlight™ and Falcon Spotlight™ are among the trademarks of CrowdStrike, Inc. Other brands may be third-party trademarks.

Contacts

CrowdStrike, Inc.

Ilina Cashiola, 202-340-0517

[email protected]

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Number of Retailers Impacted by Breaches Doubles
Ericka Chickowski, Contributing Writer, Dark Reading,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.