SUNNYVALE, Calif.--(BUSINESS WIRE)--CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced new features and capabilities expanding the scope of the CrowdStrike Falcon platform as the most comprehensive endpoint protection solution available to customers. CrowdStrike released a new device control module to enable visibility and control into removable media activity, a critical functionality for organizations looking to replace their legacy antivirus with next-generation endpoint protection. Additionally, CrowdStrike has announced a new critical feature to secure Docker container environments and the adoption of MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
“The Falcon Platform continues to revolutionize the endpoint security industry as the most innovative cloud-native solution,” said Amol Kulkarni, chief product officer of CrowdStrike. “Today, we are announcing multiple critical feature enhancements to offer our customers increased visibility, control and threat prevention for various evolving attack vectors, all delivered from a single lightweight agent and managed through a single console.”
Falcon Device Control
USB devices are widely used but they can cause serious security risks, from carrying malware and exploits, to leaking data outside of an environment. Falcon Device Control™ enables the safe utilization of USB devices across organizations by uniquely providing both extensive visibility and granular control over those devices. It offers security and IT operations teams full understanding into how devices are being used and the ability to precisely control and manage that usage. Seamlessly integrated into the Falcon agent, it provides unparalleled device control efficiency paired with full endpoint detection and response (EDR) capabilities.
Customers using Falcon Device Control have unprecedented visibility into detailed device information and history, increased control on mass storage devices, and greater context into host activity to see what’s happening in environments. This offers administrators the ability to implement insightful controls to protect critical data.
Securing Docker Containers
Organizations are increasingly adopting container technology such as Docker in their data centers, to help drive efficiency and agility. As they do so, a new attack surface has emerged that lacks visibility. Existing point solutions can be cumbersome to deploy and monitor, and require additional agents and infrastructure for organizations to maintain.
CrowdStrike is extending the protection of Falcon Insight™ to introduce compatibility with Docker, ensuring deep visibility and protection across this emerging critical platform. With this new capability, the Falcon Agent extends visibility to cover not only Windows, Mac, and Linux endpoints, but also threats within Docker containers. By leveraging artificial intelligence (AI) and advanced analytics to detect and respond to threats within Docker containers, Falcon Insight closes a critical security gap for enterprises — requiring no additional infrastructure, maintenance, or cost. CrowdStrike’s cloud-native platform provides the industry’s broadest protection, covering both desktops and data centers, with a single agent, single console and no on-premise infrastructure.
Adopting the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework
Alerts and detections in the CrowdStrike Falcon™ platform now map to MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework. MITRE ATT&CK is an independent industry standard that categorizes attackers’ behavior into the objectives, the tactics and the techniques that they employ and is based on millions of observed real-life attacks.
The adoption of the MITRE framework in Falcon’s detections accelerates alert triage and shortens incident analysis time. It allows security analysts and incident responders to immediately grasp the impact and risks associated with alerts, instantly see which stage of the attack the adversary is on, and quickly answer key questions.
Previously, CrowdStrike Falcon was validated for its successful completion of an evaluation by MITRE’s Leveraging External Transformational Solutions (LETS) program in its ability to detect attack techniques employed by GOTHIC PANDA (also known as APT3), a sophisticated adversary with ties to the Chinese government. CrowdStrike continues to openly submit to third-party tests, as these validate CrowdStrike’s technology capabilities and provide an opportunity to work with current and prospective customers to ensure they are receiving the most comprehensive protection possible.
There is no shortage of third-party validation for the CrowdStrike Falcon platform. Recently, CrowdStrike was positioned highest for its ability to execute and furthest to the right for its completeness of vision in the Visionaries quadrant in Gartner’s 2018 Magic Quadrant for Endpoint Protection Platforms.1 In addition, Forrester Research, Inc. named CrowdStrike as a Leader in The Forrester Wave™: Endpoint Security Suites, Q2 2018 report.2
For more, read a blog discussing the importance of these new modules and the adoption of MITRE framework.
CrowdStrike is the leader in cloud-delivered endpoint protection. Leveraging artificial intelligence (AI), the CrowdStrike Falcon® platform offers instant visibility and protection across the enterprise and prevents attacks on endpoints on or off the network. CrowdStrike Falcon deploys in minutes to deliver actionable intelligence and real-time protection from Day One. It seamlessly unifies next-generation AV with best-in-class endpoint detection and response, backed by 24/7 managed hunting. Its cloud infrastructure and single-agent architecture take away complexity and add scalability, manageability, and speed.
CrowdStrike Falcon protects customers against all cyber attack types, using sophisticated signatureless AI and Indicator-of-Attack (IOA) based threat prevention to stop known and unknown threats in real time. Powered by the CrowdStrike Threat Graph™, Falcon instantly correlates over 150 billion security events a day from across the globe to immediately prevent and detect threats.
There’s much more to the story of how Falcon has redefined endpoint protection but there’s only one thing to remember about CrowdStrike: We stop breaches.
You can gain full access to Falcon Prevent™ by starting your free trial.
© 2018 CrowdStrike, Inc. All rights reserved. CrowdStrike®, CrowdStrike Falcon®, CrowdStrike Threat Graph™, CrowdStrike Falcon Prevent™, Falcon Prevent™, CrowdStrike Falcon Insight™, Falcon Insight™, CrowdStrike Falcon Discover™, Falcon Discover™, CrowdStrike Falcon Intelligence™, Falcon Intelligence™, CrowdStrike Falcon DNS™, Falcon DNS™, CrowdStrike Falcon OverWatch™, Falcon OverWatch™, CrowdStrike Falcon Spotlight™ and Falcon Spotlight™ are among the trademarks of CrowdStrike, Inc. Other brands may be third-party trademarks.
1 Gartner “Magic Quadrant for Endpoint Protection Platforms”
Ian McShane, Avivah Litan, Eric Ouellet, Prateek Bhajanka, 24 January
2 The Forrester Wave™: Endpoint Security Suites, Q2 2018 by Chris Sherman, Salvatore Schiano with Christopher McClean, Madeline Cyr, Peggy Dostie