Threat Intelligence
8/3/2017
10:22 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CrowdStrike Launches Cybersecurity Search Engine

New CrowdStrike Falcon Search Engine empowers next-gen Security Operation Centers to search in real-time on the world's fastest and most comprehensive security platform.

SUNNYVALE, Calif. – CrowdStrike, the leader in cloud-delivered endpoint protection, today announced that it has significantly expanded the capabilities of the CrowdStrike Falcon platform by launching CrowdStrike Falcon Search Engine, the fastest and largest search engine for cybersecurity data. Today, CrowdStrike is introducing CrowdStrike Falcon MalQuery, the malware search and intelligence component of the search engine as part of its Summer product release.

With a vision to change the way security research, threat data collection, and intrusion detections and remediations are conducted, CrowdStrike is building the CrowdStrike Falcon Search Engine to be the industry’s most comprehensive platform for cyber threat intelligence and threat research. CrowdStrike Falcon’s scalable cloud-based architecture makes it the ideal foundation for a cybersecurity search engine.

CrowdStrike has built the largest searchable threat database in the cybersecurity industry, ingesting more than 51 billion security events a day, and indexing more than 700 million files totaling more than 560TB of malware that can be searched in real-time. With this launch, customers can take advantage of the data to significantly speed up and improve their malware research capabilities in the Security Operations Center (SOC).

Key Capabilities of CrowdStrike Falcon MalQuery:

CrowdStrike Falcon MalQuery is available to existing CrowdStrike customers as an additional service and can be purchased as a stand-alone offering by new customers. With this new capability, customers gain the following significant advantages from the CrowdStrike Falcon platform:

Speed – CrowdStrike’s malware search engine is the fastest in the industry, enabling searching of 560TB of data in mere seconds, which currently takes days or weeks with other systems. This speed delivers a 250x performance increase for malware research without compromising the amount of data being searched. These speed gains are realized for all types of search, including string-based or YARA-based searches.

Clarity – CrowdStrike delivers the ability to search across the largest and most comprehensive searchable database of malware in the industry. The technology gives researchers more complete results by indexing both file metadata as well as the binary contents of the file, and overlaying the results with CrowdStrike Falcon Threat Intelligence. This yields high-fidelity results and empowers the researcher to take informed action based on only the most relevant search results and their related threat intelligence.

Protection – CrowdStrike’s faster, more accurate results lead to higher quality protection rules for proactive defense against future threats, which enables greater understanding and protection against an attacker’s next move. Customers of the CrowdStrike Falcon Endpoint Protection platform can also conduct real-time investigations based on search results to immediately understand their exposure to threats.

Fully Integrated – Through a single console, customers can search CrowdStrike Falcon Intelligence data for indicators, actors and reports with results displayed as a readily consumable, schematized snapshots. Additionally, they can conduct YARA searches with cross correlation to all CrowdStrike Intelligence data.

Moving faster than the adversaries and understanding threats in context are key to gaining the tactical advantage needed to defend organizations from modern-day sophisticated attacks. The reality for security professionals today is that their research tools are simply too slow. It can take hours or days to understand an attack and take protective action. They have to contend with slow queries, disjointed, incomplete data set and too many false positives, making it difficult to understand and thwart threats strategically. Search engines have revolutionized the speed at which we do research in all other aspects of our life and the CrowdStrike Falcon Search Engine does the same for cybersecurity.

At the core of the CrowdStrike Falcon Search Engine is patent-pending indexing technology. This index enables the engine to search across file metadata, the binary contents of the file itself, as well as the threat intelligence related to the file. The CrowdStrike Falcon Search Engine binary index is game-changing for security researchers with the scope of the data it indexes and the speed at which it can be searched, delivering only the most relevant search results in real-time.

The CrowdStrike Falcon platform search over all collected content: endpoint data, intelligence indicators and malware corpus. Its Investigate module allows CrowdStrike Falcon platform customers to search real-time and historical data for their enterprise with zero impact to their endpoints. With this announcement, CrowdStrike is also launching Intel indicator search that enable rapid consumption of search results without requiring the review of large contextual sources. As a result, for the first time, cybersecurity professionals have a tool that can keep up with rapid change arising from polymorphic malware and rapidly evolving threat variants.

If you are interested in learning more, read a blog about the announcement here. You can register here for a free trial.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Impact of a Security Breach 2017
The Impact of a Security Breach 2017
Despite the escalation of cybersecurity staffing and technology, enterprises continue to suffer data breaches and compromises at an alarming rate. How do these breaches occur? How are enterprises responding, and what is the impact of these compromises on the business? This report offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.