Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

8/6/2019
09:30 AM
Dark Reading Staff
Dark Reading Staff
Products and Releases
50%
50%

CrowdStrike Introduces CrowdScore Real-Time Threat-Monitoring Metric

Score helps security leaders understand the real-time state of the threat inside their organizations.

Sunnyvale, CA – August 6, 2019 – CrowdStrike® Inc., a leader in cloud-delivered endpoint protection, today announced the launch of CrowdScore™, a new industry innovation on the CrowdStrike Falcon® platform. CrowdScore is a simple metric that enables CxOs to instantly see the real-time threat level their organizations are facing, allowing them to quickly mobilize resources to respond.

Speed of detection, investigation and response are essential for effective security. CrowdStrike research on breakout time shows that security teams should strive to detect threats on average in 1 minute, understand them in 10 minutes and contain them in 60 minutes to be effective at stopping breaches. Traditionally, organizations have struggled to meet these metrics due to lack of resources and prioritization of an ever-growing number of alerts. CrowdScore changes the game by solving both problems.

CxOs now can ensure that they are instantly made aware of incidents in their environment that demand activation of crisis management plans. In addition, CrowdScore empowers security operations teams to move away from tactical alert resolution to strategic incident management.

“With the introduction of CrowdScore, CrowdStrike is revolutionizing the approach organizations take to understand and respond to threats and transforms the way customers use the CrowdStrike Falcon platform,” said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike. “Because of CrowdStrike’s cloud native platform and AI-based analytics, we are able to offer customers a simple view into their organization’s threat exposure and the ability to rapidly prevent the most critical threats in their environment to meet the 1-10-60 rule metrics.” 

Key features and benefits of CrowdScore include:

  • The CrowdScore offers a real-time organizational threat score that helps security leaders understand the real-time state of the threat inside their organization. CrowdScore supports better executive decisions and more effective strategic planning.
  • The Incident Dashboard, which automatically compiles related security alerts into manageable incidents and uses AI-based prioritization to ensure that the most critical threats are handled first. Incident Dashboard eliminates the burden and delays associated with manually triaging large volumes of security alerts. 
  • The Incident Workbench, which delivers a comprehensive view of cyber threats through sophisticated visualizations and deep context. The Incident Workbench automates the labor-intensive steps in investigating threats, dramatically reducing the time investigators need in order to understand threats and drive the optimal response. 

“The ‘elephant in the room’ that we often fail to publicly acknowledge is security teams do not have the bandwidth to address all incidents and all alerts; today’s reality is that successful security teams are the one that correctly select which alerts and incidents to address and when to address them. With CrowdScore, CrowdStrike looks to provide the tools to make threat analysis and response capabilities better informed, faster, and more effective so security professionals can strategically respond to the most critical threats in their environment at the right time. This feature set is increasingly foundational for not only security professionals but also executives looking to have an intelligent dialogue about their organization’s risk and threat posture,” said Frank Dickson, program vice president of IDC Cybersecurity Research.

To learn more about the introduction of CrowdScore, please visit our website for a blog from Dmitri Alperovitch, chief technology officer. We also invite you to stop by booth #904 during Black Hat 2019 to speak with one of our security experts.

About CrowdStrike

CrowdStrike® Inc., a global cybersecurity leader, is redefining security for the cloud era with an endpoint protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon correlates over two trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security. 

With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform. 

There’s only one thing to remember about CrowdStrike: We stop breaches.

Qualifying organizations can gain full access to Falcon Prevent™ by starting a free trial.

Learn more: https://www.crowdstrike.com/

Follow us: Blog | Twitter

© 2019 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries.  CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services. 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8567
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
CVE-2020-8569
PUBLISHED: 2021-01-21
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, ...
CVE-2020-8570
PUBLISHED: 2021-01-21
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executi...
CVE-2020-8554
PUBLISHED: 2021-01-21
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typicall...