Threat Intelligence
11/10/2017
11:35 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CrowdStrike Launches New Vulnerability Management Module

Expands CrowdStrike Falcon platform capabilities with new vulnerability management module CrowdStrike Falcon Spotlight.

Sunnyvale, CA — CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that it has expanded the capabilities of the CrowdStrike Falcon platform by introducing a new vulnerability management module, CrowdStrike Falcon Spotlight. CrowdStrike is the only next-generation vendor offering the full spectrum of endpoint security capabilities — next-generation AV, endpoint detection and response, managed threat hunting, IT hygiene, threat intelligence and now, vulnerability management — fully delivered via the cloud from a single lightweight agent.

With this Autumn platform release, CrowdStrike fundamentally changes how organizations conduct vulnerability management by delivering continuous, real-time visibility into software vulnerabilities in their environments. For the first time, these vulnerabilities are prioritized based on observed threat activity in the customer environment. Prioritization based on threat activity enables customers to immediately identify the systems that pose the greatest risk and remediate them before the security incident escalates into a breach. Consistent with CrowdStrike’s vision of a single agent for endpoint security, Falcon Spotlight adds a vulnerability management capability without requiring an additional agent on the endpoint and affords customers the opportunity to consolidate security tools and reclaim precious system resources on their endpoints.

Customers today are burdened by vulnerability management tools characterized by slow scans, blind spots, inaccurate reporting and an inability to provide protection against exploits on vulnerable systems. By combining vulnerability management with endpoint protection, CrowdStrike proactively protects against the risks posed by vulnerabilities while simultaneously enabling IT operations teams to patch and remediate systems in prioritized order. This ensures that organizations are protected from exploits and have true visibility into their exposure to new threats.

According to Gartner, “The No. 1 issue in vulnerability management (and, arguably, IT security operations) is that organizations are not prioritizing their patching and mitigating controls, nor are they mitigating the exploitation of commonly targeted vulnerabilities. In short, organizations are struggling to figure out the delta between ‘what can I fix’ and ‘what will make the biggest difference, with the pragmatic reality of the time and resources that I actually have.’ The answer is a risk-based approach.”

Falcon Spotlight also delivers innovation to the vulnerability management space by solving the “failed patch” problem, as many legacy vulnerability management tools say a system is patched when it really isn’t. Since most tools will only report patch information collected from checking the registry for listing of installed patches, any failures in the installation process such as delayed reboots may cause the scan to report incorrect patch status. Falcon Spotlight reports on applications and modules actually loaded in memory in real time and thus, always provides the most up-to-date information on the true vulnerability state of the enterprise.

“We continue to expand the CrowdStrike Falcon platform to provide customers with an end-to-end solution that addresses endpoint security holistically and enables organizations to stop breaches, while bolstering their security posture and operations,” said Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer. “With this new module, we continue to reinforce the CrowdStrike Falcon platform as the market-leading solution that offers security teams control, visibility, and protection, all through one lightweight endpoint sensor, leveraging the power of the CrowdStrike cloud.”

Falcon Spotlight stands out with the following key customer benefits:

  • Easy deployment — As part of the CrowdStrike Falcon Platform, Falcon Spotlight does not require the installation of additional agents or management consoles.
  • Elimination of vulnerability scanning — Falcon Spotlight is an endpoint security solution that continuously monitors the system and streams data to the cloud in real time, eliminating the need for scheduled scans while still providing complete visibility into vulnerabilities.
  • Accurate reporting — Vulnerability data is displayed in real time and is more accurate than legacy solutions because Falcon Spotlight can tell if a patch has merely been deployed or if it has been fully installed and is currently running on the system.
  • Prioritized remediation —  Falcon Spotlight identifies vulnerable systems where exploitation attempts have occurred, enabling security teams to prioritize these systems for remediation and further optimize response efforts.
  • Enhancing existing vulnerability management solutions — Falcon Spotlight adds deeper visibility and provides threat context, enabling security teams to see both the presence of a vulnerability and evidence of exploitation attempts via an API or reporting.
  • Seamless, cloud-based protection — Leveraging CrowdStrike’s cloud-based architecture, CrowdStrike Falcon Spotlight gives security teams the power to protect systems on-premises and across all cloud environments.

“CrowdStrike Falcon is a truly strategic component of our enterprise security suite, and we are excited to see the company continue to build out the capabilities of the platform to cover vulnerability management,” said Anton Bonifacio, chief information security officer at Globe Telecom. “Most vulnerability management tools offer the capability as an isolated scanner, which is ineffective, slow and burdensome to the SOC team. By contrast, CrowdStrike’s scan-free approach to operationalize and prioritize vulnerability management within a complete endpoint protection framework enables a stronger security posture and improves prevention, detection and response without further burdening the team with alerts.”

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
Kelly Sheridan, Associate Editor, Dark Reading,  11/14/2017
Companies Blindly Believe They've Locked Down Users' Mobile Use
Dawn Kawamoto, Associate Editor, Dark Reading,  11/14/2017
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.