CrowdStrike Inc., a leader in cloud-delivered next-generation endpoint protection, threat intelligence and response services, today announced new, advanced features to the CrowdStrike Falcon™ Platform. The winter updates represent a leap forward for endpoint, detection and response functions along with advanced Antivirus capabilities. The enhancements will provide customers next-generation endpoint protection to stop breaches faster across the enterprise.
CrowdStrike’s cloud-delivered Threat Graph offers customers an automatic, full-scale retrospective of cyber attacks, breaking the cycle of silent failure.
CrowdStrike Falcon™ Host now allows customers to remediate attacks by using a new network containment feature.
Next-generation Antivirus (AV) CryptoWall prevention offers CrowdStrike customers detection and protection capabilities to thwart these types of ransomware attacks.
CrowdStrike Falcon™ Host expands cloud-based machine learning capability to enable blocking of known and unknown malware and adware.
Two additional prevention methods are added to stop zero-day and known exploit based attacks.
Customers can get the most out of Falcon Host by harnessing third-party intelligence with a new API to achieve tighter integration with their security information event management (SIEM) or related system.
New cloud Antivirus and behavioral threat detection for Linux
CrowdStrike Threat Graph™ Powers Comprehensive Threat Detection, Prevention, and Managed Hunting
CrowdStrike’s fully cloud-based Threat Graph model is the brain behind a revolutionary approach to endpoint protection that analyzes and correlates billions of events in real-time, spots anomalies, and detects behavioral patterns to track and thwart known and unknown threats.
This model also allows Falcon Host to act like a ‘DVR,’ providing unparalleled levels of retrospective visibility and unlimited cloud-recall capabilities. This forensic capacity dramatically reduces the time and cost of incident response, while increasing the chances of containing and mitigating damage by allowing customers to search and query all endpoints in seconds.
Further Expansion of Falcon Platform APIs
With the expanded use of Falcon Platform’s APIs, customers can seamlessly integrate existing third-party intelligence and IOCs to maximize their current security investments, detecting and blocking attacks using all sources of Intelligence.
Second, the new Falcon Connector makes it easier than ever for customers to leverage Falcon Host data in any SIEM or related system. Falcon Connector seamlessly connects to the Threat Graph and safely transmits the Falcon Host API to the customer’s choice of systems in a variety of formats, making integration effortless.
Third, CrowdStrike now offers a new, API-focused service level of the Falcon Intelligence service. The new service, named Falcon Intelligence Standard, offers a broader range of customers the flexibility to use CrowdStrike intelligence as part of their protection strategy.
Augmenting Existing Antivirus Defenses to Combat Ransomware
Ransomware represents one of the most prevalent and damaging threats today to all sizes of organizations. CryptoWall is the most widespread ransomware malware family today and often defeats existing protection with seemingly ceaseless variations that evade defenses. By focusing on the behaviors of the CryptoWall malware family as opposed to specific threat signatures, Falcon Host’s new ransomware blocking feature neutralizes the attack despite its polymorphic nature.
CrowdStrike has witnessed a significant increase in the targeting of Linux systems by adversaries who realize that Linux is not monitored as closely as Windows-based infrastructure. The winter product release adds three new protection features to Falcon Host for Linux: 1) Linux-specific behavioral defenses based on indicators of attack; 2) Cloud Antivirus detections; 3) Custom threat detection through CrowdStrike’s managed hunt team, called Falcon Overwatch.