CrowdStrike Accelerates Proactive Threat Defense through Context-Rich Partner Intelligence Data via Unified Management Console

0
508

New Falcon platform features simplify threat hunting and provide comprehensive, unified view of threat activity for security teams

CrowdStrike Inc. (Nasdaq: CRWD), a leader in cloud-delivered endpoint and workload protection, today announced the availability of contextual enrichment for threat detections via a unified console experience. This new capability seamlessly integrates third-party threat intelligence data with CrowdStrike® Falcon detections and incidents, delivering a comprehensive picture of an organization’s threat landscape.

As cyberattacks have increased in frequency and severity, organizations have responded by adding cumbersome point products to the security stack in an effort to fortify their defenses. This has resulted in complex security operations environments which has hindered organizations’ speed of response in identifying threat activity and hampered their ability to stop breaches.

To address these challenges and the complex process involved with different solutions having their own management consoles and varied threat intelligence data, CrowdStrike has introduced a unified console experience for security teams, where threat intelligence from various vendors enrich detections from the Falcon platform. This provides security teams with complete visibility and richer context of threat detections required to quickly understand, stop, and remediate incidents.

“In today’s fast-moving threat environment, organizations cannot afford to waste time triaging incidents in multiple, disparate solutions, before understanding the best course of action to take against a threat actor,” said Andy Horowitz, vice president, CrowdStrike Store Business. “With advanced contextual enrichment on the Falcon platform, we give CrowdStrike customers the ability to better understand alerts and incidents external data sources. These capabilities remove the complexity and burden of managing multiple feed views and reduce manual investigation and triage work, bringing simplicity and effectiveness to security operations.”

Rich intelligence data delivered from CrowdStrike Store partners can be accessed using the cloud-native Falcon platform without requiring security teams to pivot across multiple management consoles, providing a better user experience. Organizations can simply enable the third-party app within the CrowdStrike Store to leverage threat intelligence feeds, such as indicators of compromise (IOCs), for additional context during an incident investigation, streamlining threat operations and significantly increasing the velocity of triage and remediation.

Features and Capabilities:

  • Context enrichment: Use threat intelligence data from CrowdStrike partners to enrich security incidents, correlate and triage alerts faster, accelerating incident investigation and response. 
  • Time to value: Seamless built-in integrations to bring in rich data from other third-party applications regarding IP addresses, domains and hashes that help with faster alert triaging, response and security incident investigation.
  • Simplified layered defense: Simplified security stack with multiple integrated solutions that helps streamline threat operations and management, getting ahead of sophisticated adversaries.

Partner Quotes:

Brandon Dixon, PassiveTotal founder and vice president of Strategy at RiskIQ: “We have deepened our existing strong partnership with CrowdStrike by integrating our Internet Intelligence Graph with internal endpoint data on the Falcon platform to provide one-of-a-kind security intelligence that helps security teams achieve a 360-degree view of their entire attack surface.”

Ron Shamir, vice president of Products & Technology Alliances at Sixgill: “It’s a very exciting time in threat intelligence, and we are eager to be part of CrowdStrike’s initiative. Together, Sixgill Darkfeed and CrowdStrike Falcon, represent the next phase in the evolution of intelligence: embracing real-time, and generating context like never before.”

Jackie Abrams, vice president of Product, DomainTools: “We’re thrilled to be partnering with CrowdStrike on delivering DomainTools’ data inside the Falcon platform. By surfacing our predictive risk assessments and DNS intelligence directly to the analyst, we empower Falcon users to make immediate decisions on domain indicators and drastically reduce the response time on domain-related threats.”

Taeil Goh, chief technology officer, OPSWAT:“OPSWAT’s partnership with CrowdStrike is evolving to the next level where CrowdStrike Falcon platform is now seamlessly integrated with the MetaDefender Threat Intelligence platform – enhancing a user’s threat analysis process with an extensive multi-scanning report. A user can now activate the integration with a single click on the CrowdStrike Store.”

Newest Addition to the CrowdStrike Store:

In addition, CrowdStrike introduces a new app available for free trial from Perception Point, called X-Ray. It leverages Falcon threat detections to provide containment and remediation of malicious incidents, offering interception of content-based attacks across different collaboration channels like email, cloud storage, CRM apps, and messaging platforms.

Yoram Salinger, chief executive officer, Perception Point: “Today, once an attacker reaches the endpoint, it’s an incredibly difficult cat-and-mouse game for SOC teams. Now, with X-Ray, Falcon customers are essentially extending Falcon’s threat detection back to the perimeter across all channels. Customers can be confident that an attack will be stopped as quickly as possible, no matter how advanced it is.”

To learn more about today’s news and CrowdStrike’s endpoint and workload protection capabilities, register for CrowdStrike’s Cybersecurity Conference Fal.Con 2020, taking place on October 15, 2020!

Bohemia Interactive Celebrates Arma 3 Reaching Update 2.00

LEAVE A REPLY

Please enter your comment!
Please enter your name here