Threat Intelligence

8/3/2017
10:22 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CrowdStrike Launches Cybersecurity Search Engine

New CrowdStrike Falcon Search Engine empowers next-gen Security Operation Centers to search in real-time on the world's fastest and most comprehensive security platform.

SUNNYVALE, Calif. – CrowdStrike, the leader in cloud-delivered endpoint protection, today announced that it has significantly expanded the capabilities of the CrowdStrike Falcon platform by launching CrowdStrike Falcon Search Engine, the fastest and largest search engine for cybersecurity data. Today, CrowdStrike is introducing CrowdStrike Falcon MalQuery, the malware search and intelligence component of the search engine as part of its Summer product release.

With a vision to change the way security research, threat data collection, and intrusion detections and remediations are conducted, CrowdStrike is building the CrowdStrike Falcon Search Engine to be the industry’s most comprehensive platform for cyber threat intelligence and threat research. CrowdStrike Falcon’s scalable cloud-based architecture makes it the ideal foundation for a cybersecurity search engine.

CrowdStrike has built the largest searchable threat database in the cybersecurity industry, ingesting more than 51 billion security events a day, and indexing more than 700 million files totaling more than 560TB of malware that can be searched in real-time. With this launch, customers can take advantage of the data to significantly speed up and improve their malware research capabilities in the Security Operations Center (SOC).

Key Capabilities of CrowdStrike Falcon MalQuery:

CrowdStrike Falcon MalQuery is available to existing CrowdStrike customers as an additional service and can be purchased as a stand-alone offering by new customers. With this new capability, customers gain the following significant advantages from the CrowdStrike Falcon platform:

Speed – CrowdStrike’s malware search engine is the fastest in the industry, enabling searching of 560TB of data in mere seconds, which currently takes days or weeks with other systems. This speed delivers a 250x performance increase for malware research without compromising the amount of data being searched. These speed gains are realized for all types of search, including string-based or YARA-based searches.

Clarity – CrowdStrike delivers the ability to search across the largest and most comprehensive searchable database of malware in the industry. The technology gives researchers more complete results by indexing both file metadata as well as the binary contents of the file, and overlaying the results with CrowdStrike Falcon Threat Intelligence. This yields high-fidelity results and empowers the researcher to take informed action based on only the most relevant search results and their related threat intelligence.

Protection – CrowdStrike’s faster, more accurate results lead to higher quality protection rules for proactive defense against future threats, which enables greater understanding and protection against an attacker’s next move. Customers of the CrowdStrike Falcon Endpoint Protection platform can also conduct real-time investigations based on search results to immediately understand their exposure to threats.

Fully Integrated – Through a single console, customers can search CrowdStrike Falcon Intelligence data for indicators, actors and reports with results displayed as a readily consumable, schematized snapshots. Additionally, they can conduct YARA searches with cross correlation to all CrowdStrike Intelligence data.

Moving faster than the adversaries and understanding threats in context are key to gaining the tactical advantage needed to defend organizations from modern-day sophisticated attacks. The reality for security professionals today is that their research tools are simply too slow. It can take hours or days to understand an attack and take protective action. They have to contend with slow queries, disjointed, incomplete data set and too many false positives, making it difficult to understand and thwart threats strategically. Search engines have revolutionized the speed at which we do research in all other aspects of our life and the CrowdStrike Falcon Search Engine does the same for cybersecurity.

At the core of the CrowdStrike Falcon Search Engine is patent-pending indexing technology. This index enables the engine to search across file metadata, the binary contents of the file itself, as well as the threat intelligence related to the file. The CrowdStrike Falcon Search Engine binary index is game-changing for security researchers with the scope of the data it indexes and the speed at which it can be searched, delivering only the most relevant search results in real-time.

The CrowdStrike Falcon platform search over all collected content: endpoint data, intelligence indicators and malware corpus. Its Investigate module allows CrowdStrike Falcon platform customers to search real-time and historical data for their enterprise with zero impact to their endpoints. With this announcement, CrowdStrike is also launching Intel indicator search that enable rapid consumption of search results without requiring the review of large contextual sources. As a result, for the first time, cybersecurity professionals have a tool that can keep up with rapid change arising from polymorphic malware and rapidly evolving threat variants.

If you are interested in learning more, read a blog about the announcement here. You can register here for a free trial.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Number of Retailers Impacted by Breaches Doubles
Ericka Chickowski, Contributing Writer, Dark Reading,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14505
PUBLISHED: 2018-07-22
mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.
CVE-2018-14500
PUBLISHED: 2018-07-22
joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.
CVE-2018-14501
PUBLISHED: 2018-07-22
manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.