CrowdStrike Inc. announced new
features and capabilities expanding the scope of the CrowdStrike Falcon
platform as the most comprehensive endpoint protection solution
available to customers. CrowdStrike released a new device control module
to enable visibility and control into removable media activity, a
critical functionality for organizations looking to replace their legacy
antivirus with next-generation endpoint protection. Additionally,
CrowdStrike has announced a new critical feature to secure Docker
container environments and the adoption of MITRE's Adversarial Tactics,
Techniques, and Common Knowledge (ATT&CK) Framework.
"The
Falcon Platform continues to revolutionize the endpoint security
industry as the most innovative cloud-native solution," said Amol
Kulkarni, chief product officer of CrowdStrike. "Today, we are
announcing multiple critical feature enhancements to offer our customers
increased visibility, control and threat prevention for various
evolving attack vectors, all delivered from a single lightweight agent
and managed through a single console."
Falcon Device Control
USB
devices are widely used but they can cause serious security risks, from
carrying malware and exploits, to leaking data outside of an
environment. Falcon Device Control enables
the safe utilization of USB devices across organizations by uniquely
providing both extensive visibility and granular control over those
devices. It offers security and IT operations teams full understanding
into how devices are being used and the ability to precisely control and
manage that usage. Seamlessly integrated into the Falcon agent, it
provides unparalleled device control efficiency paired with full
endpoint detection and response (EDR) capabilities.
Customers
using Falcon Device Control have unprecedented visibility into detailed
device information and history, increased control on mass storage
devices, and greater context into host activity to see what's happening
in environments. This offers administrators the ability to implement
insightful controls to protect critical data.
Securing Docker Containers
Organizations
are increasingly adopting container technology such as Docker in their
data centers, to help drive efficiency and agility. As they do so, a new
attack surface has emerged that lacks visibility. Existing point
solutions can be cumbersome to deploy and monitor, and require
additional agents and infrastructure for organizations to maintain.
CrowdStrike is extending the protection of Falcon Insight to
introduce compatibility with Docker, ensuring deep visibility and
protection across this emerging critical platform. With this new
capability, the Falcon Agent extends visibility to cover not only
Windows, Mac, and Linux endpoints, but also threats within Docker
containers. By leveraging artificial intelligence (AI) and advanced
analytics to detect and respond to threats within Docker containers,
Falcon Insight closes a critical security gap for enterprises -
requiring no additional infrastructure, maintenance, or cost.
CrowdStrike's cloud-native platform provides the industry's broadest
protection, covering both desktops and data centers, with a single
agent, single console and no on-premise infrastructure.
Adopting the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework
Alerts and detections in the CrowdStrike Falcon platform
now map to MITRE's Adversarial Tactics, Techniques, and Common
Knowledge (ATT&CK) Framework. MITRE ATT&CK is an independent
industry standard that categorizes attackers' behavior into the
objectives, the tactics and the techniques that they employ and is based
on millions of observed real-life attacks.
The
adoption of the MITRE framework in Falcon's detections accelerates
alert triage and shortens incident analysis time. It allows security
analysts and incident responders to immediately grasp the impact and
risks associated with alerts, instantly see which stage of the attack
the adversary is on, and quickly answer key questions.
Previously, CrowdStrike Falcon was validated for its successful completion of an evaluation by MITRE's Leveraging External Transformational Solutions (LETS) program in
its ability to detect attack techniques employed by GOTHIC PANDA (also
known as APT3), a sophisticated adversary with ties to the Chinese
government. CrowdStrike continues to openly submit to third-party tests,
as these validate CrowdStrike's technology capabilities and provide an
opportunity to work with current and prospective customers to ensure
they are receiving the most comprehensive protection possible.
There
is no shortage of third-party validation for the CrowdStrike Falcon
platform. Recently, CrowdStrike was positioned highest for its ability
to execute and furthest to the right for its completeness of vision in
the Visionaries quadrant in Gartner's 2018 Magic Quadrant for Endpoint Protection Platforms. In addition, Forrester Research, Inc. named CrowdStrike as a Leader in The Forrester Wave: Endpoint Security Suites, Q2 2018 report.