Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

4/16/2018
11:30 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CrowdStrike Introduces New Automated Threat Analysis Solution to Deliver Predictive Security

CrowdStrike Falcon X automates threat analysis, delivering customized IOCs, intelligence and Next-Gen Security Operations Center (SOC) automation to large and small organizations alike.

Sunnyvale, CA – April 16, 2018 – CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that it has expanded the capabilities of the CrowdStrike Falcon® platform by introducing a new threat analysis subscription module, CrowdStrike Falcon X™.

In today's threat environment, it is critical to add predictive security controls by learning from your encounters with cyber threat actors. However, most security teams lack the resources or the expertise to effectively adopt this emerging approach. As a result, they are stuck in a reactive state and can’t get ahead of future threats. CrowdStrike Falcon X solves this problem by automating threat analysis and delivering customized and actionable intelligence so that organizations can implement proactive defenses.

Built on the CrowdStrike Falcon platform, CrowdStrike Falcon X brings endpoint protection to the next level by combining malware sandboxing, malware search and threat intelligence into an integrated solution that can perform comprehensive threat analysis in seconds instead of hours or days. The output of this analysis is a unique combination of customized indicators of compromise (IOCs) and threat intelligence designed to help prevent against threats your organization faces now and in the future. Falcon X is the only solution that produces IOCs for both the threat that was actually encountered in your organization and all of its known variants, and immediately shares them with other security tools like firewalls, gateways and security orchestration tools via API. CrowdStrike Falcon X also provides integrated threat intelligence alongside its security alerts to accelerate incident research, streamline the investigative process and drive better security responses.

With this Spring Platform release, CrowdStrike empowers customers of all sizes to better understand the threats they face and improve the efficacy of their other security investments with actionable and customized intelligence. With this new capability, customers can finally pivot from a reactive security posture to a proactive one, mitigating their risk exposure and enhancing their ability to stop breaches.

“Most incident response teams have to manually analyze the threats they face with limited visibility into the targeted threat intelligence behind them. With CrowdStrike Falcon X, we elevate customers’ abilities to perform better analysis when a threat is detected and correlate it with strategic and tactical intelligence quickly, cutting down investigation time from hours and even days to seconds. Through this automation, we help smaller teams achieve a level of protection that would normally be out of reach, and we help larger teams make each of their analysts more effective. Falcon X provides all security teams with more comprehensive threat analysis to inform effective, prioritized response options, making remediation efforts more strategic and efficient,” said Dmitri Alperovitch, CrowdStrike’s co-founder and chief technology officer. 

CrowdStrike Falcon X stands out with the following capabilities:

●       Automatic Threat Analysis — All files quarantined by CrowdStrike Falcon endpoint protection are automatically investigated by Falcon X. This automation drives breakthrough efficiency gains for security operations teams, elevates the capabilities of all security analysts and unlocks critical security functionality for organizations without a security operations center. 

●       Malware Analysis — Falcon X enables in-depth analysis of unknown and zero-day threats that goes far beyond traditional approaches. Powered by the Falcon Sandbox, it employs a unique combination of static,dynamic and fine-grained memory analysis to quickly identify the evasive threats other solutions miss.

●       Malware Search — Connects the dots between the malware found on your endpoints and related campaigns, malware families or threat actors. Falcon X searches CrowdStrike Falcon Search Engine, the industry's largest malware search engine for related samples and within seconds expands the analysis to include all files and variants, leading to a deeper understanding of the attack and an expanded set of IOCs to defend against future attacks.

●       Threat Intelligence —Actor attribution exposes the motivation and the tools, techniques and procedures (TTPs) of the attacker. Practical guidance is provided to prescribe proactive steps against future attacks and stop actors in their tracks.

●       Customized Intelligence — Falcon X automatically produces intelligence specifically tailored for the threats you encounter in your environment. Customized IOCs are immediately shared with other security tools via API, streamlining and automating the protection workflow. Cyber threat intelligence relating to the encountered attack is displayed alongside the alert, making it quick and easy for analysts to understand the threat and take action.

“CrowdStrike technology has proven to be a key security resource to help our team analyze cyberthreats and prioritize the most critical malicious behavior for faster remediation,” said Edward Ganom, chief information security officer at the Commercial Bank in Qatar. “CrowdStrike Falcon has proven time and time again its ability to accelerate the threat detection and response process and integrate actionable intelligence to better protect our environment against cyberattacks.”

According to a Gartner Strategic Planning Assumption, by 2021, at least one company will publicly acknowledge a $1 billion revenue impact from a business outage resulting from a malware/ransomware attack. Gartner states, “To counteract this growth, companies will need not only to increase their proactive defenses, but also to speed up their time to react, repair damaged data and return systems to operational states. Holistic attack detection platforms that analyze data from endpoints, internal infrastructure and external resources become vital to decrease the time to detect and recover.”*

The CrowdStrike Falcon platform leverages machine learning and behavioral analytics, trained on processing over 100 billion security events a day, to enable reliable prevention, detection, mitigation and response to all threats, including malware-free intrusions. With the launch of Falcon X, customers can now prevent, detect, respond to and predict cyberthreats, all through one cloud-native platform.

1.Gartner, “Predicts 2018: Security and Risk Management Programs,” Rob McMillan, Jeffrey Wheatman, et al., 16 November 2017.

For more information about the CrowdStrike Spring Platform launch, read a blog by George Kurtz, CrowdStrike’s CEO, here.

Visit CrowdStrike during the RSA Conference 2018 at booth #941 Moscone South to see presentations and demos and meet with CrowdStrike security experts.

About CrowdStrike®

CrowdStrike is the leader in cloud-delivered endpoint protection. Leveraging artificial intelligence (AI), the CrowdStrike Falcon® platform offers instant visibility and protection across the enterprise and prevents attacks on endpoints on or off the network. CrowdStrike Falcon deploys in minutes to deliver actionable intelligence and real-time protection from Day One. It seamlessly unifies next-generation AV with best-in-class endpoint detection and response, backed by 24/7 managed hunting. Its cloud infrastructure and single-agent architecture take away complexity and add scalability, manageability, and speed.

CrowdStrike Falcon protects customers against all cyberattack types, using sophisticated signatureless AI and Indicator-of-Attack (IOA) based threat prevention to stop known and unknown threats in real time. Powered by the CrowdStrike Threat Graph™, Falcon instantly correlates over 100 billion security events a day from across the globe to immediately prevent and detect threats.

There’s much more to the story of how Falcon has redefined endpoint protection but there’s only one thing to remember about CrowdStrike: We stop breaches.

You can gain full access to CrowdStrike Falcon Prevent™ by starting your free trial here.

Learn more: https://www.crowdstrike.com/

Follow us: Blog | Twitter

 

© 2018 CrowdStrike, Inc. All rights reserved. CrowdStrike®, CrowdStrike Falcon®, CrowdStrike Threat Graph™, CrowdStrike Falcon Prevent™, Falcon Prevent™, CrowdStrike Falcon Insight™, Falcon Insight™, CrowdStrike Falcon Discover™, Falcon Discover™, CrowdStrike Falcon Intelligence™, Falcon Intelligence™, CrowdStrike Falcon DNS™, Falcon DNS™, CrowdStrike Falcon OverWatch™, Falcon OverWatch™, CrowdStrike Falcon Spotlight™ and Falcon Spotlight™ are among the trademarks of CrowdStrike, Inc. Other brands may be third-party trademarks.

Contacts

CrowdStrike, Inc.

Ilina Cashiola, 202-340-0517

[email protected]

 

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...