CrowdStrike Inc., the leader in cloud-delivered endpoint protection, today announced that it has expanded the capabilities of the CrowdStrike Falcon platform by introducing a new vulnerability management module, CrowdStrike Falcon Spotlight. CrowdStrike is the only next-generation vendor offering the full spectrum of endpoint security capabilities — next-generation AV, endpoint detection and response, managed threat hunting, IT hygiene, threat intelligence and now, vulnerability management — fully delivered via the cloud from a single lightweight agent.
With this Autumn platform release, CrowdStrike fundamentally changes how organizations conduct vulnerability management by delivering continuous, real-time visibility into software vulnerabilities in their environments. For the first time, these vulnerabilities are prioritized based on observed threat activity in the customer environment. Prioritization based on threat activity enables customers to immediately identify the systems that pose the greatest risk and remediate them before the security incident escalates into a breach. Consistent with CrowdStrike’s vision of a single agent for endpoint security, Falcon Spotlight adds a vulnerability management capability without requiring an additional agent on the endpoint and affords customers the opportunity to consolidate security tools and reclaim precious system resources on their endpoints.
Customers today are burdened by vulnerability management tools characterized by slow scans, blind spots, inaccurate reporting and an inability to provide protection against exploits on vulnerable systems. By combining vulnerability management with endpoint protection, CrowdStrike proactively protects against the risks posed by vulnerabilities while simultaneously enabling IT operations teams to patch and remediate systems in prioritized order. This ensures that organizations are protected from exploits and have true visibility into their exposure to new threats.
According to Gartner Inc., “The No. 1 issue in vulnerability management (and, arguably, IT security operations) is that organizations are not prioritizing their patching and mitigating controls, nor are they mitigating the exploitation of commonly targeted vulnerabilities. In short, organizations are struggling to figure out the delta between ‘what can I fix’ and ‘what will make the biggest difference, with the pragmatic reality of the time and resources that I actually have.’ The answer is a risk-based approach.”
Falcon Spotlight also delivers innovation to the vulnerability management space by solving the “failed patch” problem, as many legacy vulnerability management tools say a system is patched when it really isn’t. Since most tools will only report patch information collected from checking the registry for listing of installed patches, any failures in the installation process such as delayed reboots may cause the scan to report incorrect patch status. Falcon Spotlight reports on applications and modules actually loaded in memory in real time and thus, always provides the most up-to-date information on the true vulnerability state of the enterprise.
“We continue to expand the CrowdStrike Falcon platform to provide customers with an end-to-end solution that addresses endpoint security holistically and enables organizations to stop breaches, while bolstering their security posture and operations,” said Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer. “With this new module, we continue to reinforce the CrowdStrike Falcon platform as the market-leading solution that offers security teams control, visibility, and protection, all through one lightweight endpoint sensor, leveraging the power of the CrowdStrike cloud.”
Falcon Spotlight stands out with the following key customer benefits:
• Easy deployment — As part of the CrowdStrike Falcon Platform, Falcon Spotlight does not require the installation of additional agents or management consoles.
• Elimination of vulnerability scanning — Falcon Spotlight is an endpoint security solution that continuously monitors the system and streams data to the cloud in real time, eliminating the need for scheduled scans while still providing complete visibility into vulnerabilities.
• Accurate reporting — Vulnerability data is displayed in real time and is more accurate than legacy solutions because Falcon Spotlight can tell if a patch has merely been deployed or if it has been fully installed and is currently running on the system.
• Prioritized remediation — Falcon Spotlight identifies vulnerable systems where exploitation attempts have occurred, enabling security teams to prioritize these systems for remediation and further optimize response efforts.
• Enhancing existing vulnerability management solutions — Falcon Spotlight adds deeper visibility and provides threat context, enabling security teams to see both the presence of a vulnerability and evidence of exploitation attempts via an API or reporting.
• Seamless, cloud-based protection — Leveraging CrowdStrike’s cloud-based architecture, CrowdStrike Falcon Spotlight gives security teams the power to protect systems on-premises and across all cloud environments.
“CrowdStrike Falcon is a truly strategic component of our enterprise security suite, and we are excited to see the company continue to build out the capabilities of the platform to cover vulnerability management,” said Anton Bonifacio, chief information security officer at Globe Telecom. “Most vulnerability management tools offer the capability as an isolated scanner, which is ineffective, slow and burdensome to the SOC team. By contrast, CrowdStrike’s scan-free approach to operationalize and prioritize vulnerability management within a complete endpoint protection framework enables a stronger security posture and improves prevention, detection and response without further burdening the team with alerts.”