Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/10/2017
11:35 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CrowdStrike Launches New Vulnerability Management Module

Expands CrowdStrike Falcon platform capabilities with new vulnerability management module CrowdStrike Falcon Spotlight.

Sunnyvale, CA — CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that it has expanded the capabilities of the CrowdStrike Falcon platform by introducing a new vulnerability management module, CrowdStrike Falcon Spotlight. CrowdStrike is the only next-generation vendor offering the full spectrum of endpoint security capabilities — next-generation AV, endpoint detection and response, managed threat hunting, IT hygiene, threat intelligence and now, vulnerability management — fully delivered via the cloud from a single lightweight agent.

With this Autumn platform release, CrowdStrike fundamentally changes how organizations conduct vulnerability management by delivering continuous, real-time visibility into software vulnerabilities in their environments. For the first time, these vulnerabilities are prioritized based on observed threat activity in the customer environment. Prioritization based on threat activity enables customers to immediately identify the systems that pose the greatest risk and remediate them before the security incident escalates into a breach. Consistent with CrowdStrike’s vision of a single agent for endpoint security, Falcon Spotlight adds a vulnerability management capability without requiring an additional agent on the endpoint and affords customers the opportunity to consolidate security tools and reclaim precious system resources on their endpoints.

Customers today are burdened by vulnerability management tools characterized by slow scans, blind spots, inaccurate reporting and an inability to provide protection against exploits on vulnerable systems. By combining vulnerability management with endpoint protection, CrowdStrike proactively protects against the risks posed by vulnerabilities while simultaneously enabling IT operations teams to patch and remediate systems in prioritized order. This ensures that organizations are protected from exploits and have true visibility into their exposure to new threats.

According to Gartner, “The No. 1 issue in vulnerability management (and, arguably, IT security operations) is that organizations are not prioritizing their patching and mitigating controls, nor are they mitigating the exploitation of commonly targeted vulnerabilities. In short, organizations are struggling to figure out the delta between ‘what can I fix’ and ‘what will make the biggest difference, with the pragmatic reality of the time and resources that I actually have.’ The answer is a risk-based approach.”

Falcon Spotlight also delivers innovation to the vulnerability management space by solving the “failed patch” problem, as many legacy vulnerability management tools say a system is patched when it really isn’t. Since most tools will only report patch information collected from checking the registry for listing of installed patches, any failures in the installation process such as delayed reboots may cause the scan to report incorrect patch status. Falcon Spotlight reports on applications and modules actually loaded in memory in real time and thus, always provides the most up-to-date information on the true vulnerability state of the enterprise.

“We continue to expand the CrowdStrike Falcon platform to provide customers with an end-to-end solution that addresses endpoint security holistically and enables organizations to stop breaches, while bolstering their security posture and operations,” said Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer. “With this new module, we continue to reinforce the CrowdStrike Falcon platform as the market-leading solution that offers security teams control, visibility, and protection, all through one lightweight endpoint sensor, leveraging the power of the CrowdStrike cloud.”

Falcon Spotlight stands out with the following key customer benefits:

  • Easy deployment — As part of the CrowdStrike Falcon Platform, Falcon Spotlight does not require the installation of additional agents or management consoles.
  • Elimination of vulnerability scanning — Falcon Spotlight is an endpoint security solution that continuously monitors the system and streams data to the cloud in real time, eliminating the need for scheduled scans while still providing complete visibility into vulnerabilities.
  • Accurate reporting — Vulnerability data is displayed in real time and is more accurate than legacy solutions because Falcon Spotlight can tell if a patch has merely been deployed or if it has been fully installed and is currently running on the system.
  • Prioritized remediation —  Falcon Spotlight identifies vulnerable systems where exploitation attempts have occurred, enabling security teams to prioritize these systems for remediation and further optimize response efforts.
  • Enhancing existing vulnerability management solutions — Falcon Spotlight adds deeper visibility and provides threat context, enabling security teams to see both the presence of a vulnerability and evidence of exploitation attempts via an API or reporting.
  • Seamless, cloud-based protection — Leveraging CrowdStrike’s cloud-based architecture, CrowdStrike Falcon Spotlight gives security teams the power to protect systems on-premises and across all cloud environments.

“CrowdStrike Falcon is a truly strategic component of our enterprise security suite, and we are excited to see the company continue to build out the capabilities of the platform to cover vulnerability management,” said Anton Bonifacio, chief information security officer at Globe Telecom. “Most vulnerability management tools offer the capability as an isolated scanner, which is ineffective, slow and burdensome to the SOC team. By contrast, CrowdStrike’s scan-free approach to operationalize and prioritize vulnerability management within a complete endpoint protection framework enables a stronger security posture and improves prevention, detection and response without further burdening the team with alerts.”

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12262
PUBLISHED: 2020-11-27
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS.
CVE-2020-29129
PUBLISHED: 2020-11-26
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVE-2020-29130
PUBLISHED: 2020-11-26
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVE-2020-26936
PUBLISHED: 2020-11-26
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
CVE-2020-29042
PUBLISHED: 2020-11-26
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.