CrowdStrike FalconProduct Overview
- About CrowdStrike Falcon
- Pros of CrowdStrike Falcon
- Cons of CrowdStrike Falcon
- Breakdown of core features
CrowdStrike Falcon product overview
Falcon from CrowdStrike is an endpoint protection platform purpose-built to stop breaches with cloud-delivered technologies that prevent all types of attacks, including malware. It responds to security challenges with a solution that combines next-generation antivirus (NGAV), endpoint detection and response (EDR), cyber threat intelligence, managed threat hunting capabilities, and security hygiene.
Falcon leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft, and enriched telemetry from across the enterprise. It delivers accurate detections, automated protection and remediation, elite threat hunting, and prioritized observability of vulnerabilities.
With a single lightweight-agent architecture, Falcon enables customers to benefit from rapid and scalable deployment, reliable protection and performance, reduced complexity, and immediate time-to-value. The platform is highly modular and extensible, ensuring that customers can solve new security challenges with a single click — without the need to re-architect or re-engineer the solution.
Pros of CrowdStrike Falcon
- Falcon harnesses the power of big data and artificial intelligence to empower teams with instant visibility.
- The platform is cloud-native, eliminating complexity and simplifying deployment to drive down operational costs.
Cons of CrowdStrike Falcon
- It doesn’t support legacy operating systems.
Breakdown of core features
Endpoint detection and response (EDR)
Falcon continuously monitors all endpoint activity and analyzes the data in real-time to automatically identify threat activity. It detects and prevents advanced threats as they happen. Moreover, it streams all endpoint activities to the system so that security teams can rapidly investigate incidents, respond to alerts, and proactively hunt for new threats.
Extended detection and response (XDR)
Falcon XDR extends EDR capabilities and delivers multi-domain detection and orchestrated response. It improves threat visibility across the enterprise, accelerates security operations, and minimizes risk. Additionally, it seamlessly adds third-party telemetry from a wide range of security solutions to threat-centric data fabric, powering the next generation of detection, protection, and elite threat hunting to stop breaches faster.
MITRE ATT&CK® mapping
The software’s alerts to the MITRE ATT&CK® framework allow users to understand even the most complex detections at a glance, decreasing the time required to triage alerts and accelerating prioritization and remediation. In addition, the intuitive UI enables teams to pivot quickly and search across the entire organization within seconds.
The Device Control feature ensures the safe utilization of USB devices across the organization. It merges visibility and granular control, enabling administrators to ensure that employees use only approved devices. When used with Falcon EDR, visibility is enhanced, adding searchable history and logs of USB device usage, including files written to devices. This feature does not require additional endpoint software installation or hardware to manage.
(Last updated on 02/11/2022 by Liz Laurente-Ticong)