Threat Intelligence

11/10/2017
11:35 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CrowdStrike Launches New Vulnerability Management Module

Expands CrowdStrike Falcon platform capabilities with new vulnerability management module CrowdStrike Falcon Spotlight.

Sunnyvale, CA — CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that it has expanded the capabilities of the CrowdStrike Falcon platform by introducing a new vulnerability management module, CrowdStrike Falcon Spotlight. CrowdStrike is the only next-generation vendor offering the full spectrum of endpoint security capabilities — next-generation AV, endpoint detection and response, managed threat hunting, IT hygiene, threat intelligence and now, vulnerability management — fully delivered via the cloud from a single lightweight agent.

With this Autumn platform release, CrowdStrike fundamentally changes how organizations conduct vulnerability management by delivering continuous, real-time visibility into software vulnerabilities in their environments. For the first time, these vulnerabilities are prioritized based on observed threat activity in the customer environment. Prioritization based on threat activity enables customers to immediately identify the systems that pose the greatest risk and remediate them before the security incident escalates into a breach. Consistent with CrowdStrike’s vision of a single agent for endpoint security, Falcon Spotlight adds a vulnerability management capability without requiring an additional agent on the endpoint and affords customers the opportunity to consolidate security tools and reclaim precious system resources on their endpoints.

Customers today are burdened by vulnerability management tools characterized by slow scans, blind spots, inaccurate reporting and an inability to provide protection against exploits on vulnerable systems. By combining vulnerability management with endpoint protection, CrowdStrike proactively protects against the risks posed by vulnerabilities while simultaneously enabling IT operations teams to patch and remediate systems in prioritized order. This ensures that organizations are protected from exploits and have true visibility into their exposure to new threats.

According to Gartner, “The No. 1 issue in vulnerability management (and, arguably, IT security operations) is that organizations are not prioritizing their patching and mitigating controls, nor are they mitigating the exploitation of commonly targeted vulnerabilities. In short, organizations are struggling to figure out the delta between ‘what can I fix’ and ‘what will make the biggest difference, with the pragmatic reality of the time and resources that I actually have.’ The answer is a risk-based approach.”

Falcon Spotlight also delivers innovation to the vulnerability management space by solving the “failed patch” problem, as many legacy vulnerability management tools say a system is patched when it really isn’t. Since most tools will only report patch information collected from checking the registry for listing of installed patches, any failures in the installation process such as delayed reboots may cause the scan to report incorrect patch status. Falcon Spotlight reports on applications and modules actually loaded in memory in real time and thus, always provides the most up-to-date information on the true vulnerability state of the enterprise.

“We continue to expand the CrowdStrike Falcon platform to provide customers with an end-to-end solution that addresses endpoint security holistically and enables organizations to stop breaches, while bolstering their security posture and operations,” said Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer. “With this new module, we continue to reinforce the CrowdStrike Falcon platform as the market-leading solution that offers security teams control, visibility, and protection, all through one lightweight endpoint sensor, leveraging the power of the CrowdStrike cloud.”

Falcon Spotlight stands out with the following key customer benefits:

  • Easy deployment — As part of the CrowdStrike Falcon Platform, Falcon Spotlight does not require the installation of additional agents or management consoles.
  • Elimination of vulnerability scanning — Falcon Spotlight is an endpoint security solution that continuously monitors the system and streams data to the cloud in real time, eliminating the need for scheduled scans while still providing complete visibility into vulnerabilities.
  • Accurate reporting — Vulnerability data is displayed in real time and is more accurate than legacy solutions because Falcon Spotlight can tell if a patch has merely been deployed or if it has been fully installed and is currently running on the system.
  • Prioritized remediation —  Falcon Spotlight identifies vulnerable systems where exploitation attempts have occurred, enabling security teams to prioritize these systems for remediation and further optimize response efforts.
  • Enhancing existing vulnerability management solutions — Falcon Spotlight adds deeper visibility and provides threat context, enabling security teams to see both the presence of a vulnerability and evidence of exploitation attempts via an API or reporting.
  • Seamless, cloud-based protection — Leveraging CrowdStrike’s cloud-based architecture, CrowdStrike Falcon Spotlight gives security teams the power to protect systems on-premises and across all cloud environments.

“CrowdStrike Falcon is a truly strategic component of our enterprise security suite, and we are excited to see the company continue to build out the capabilities of the platform to cover vulnerability management,” said Anton Bonifacio, chief information security officer at Globe Telecom. “Most vulnerability management tools offer the capability as an isolated scanner, which is ineffective, slow and burdensome to the SOC team. By contrast, CrowdStrike’s scan-free approach to operationalize and prioritize vulnerability management within a complete endpoint protection framework enables a stronger security posture and improves prevention, detection and response without further burdening the team with alerts.”

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: White Privelege Day
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6504
PUBLISHED: 2018-09-20
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).
CVE-2018-6505
PUBLISHED: 2018-09-20
A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.
CVE-2018-14796
PUBLISHED: 2018-09-20
Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack.
CVE-2018-14821
PUBLISHED: 2018-09-20
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to r...
CVE-2018-14827
PUBLISHED: 2018-09-20
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.